[webkit-changes] [WebKit/WebKit] 5e0182: Cherry-pick 1cc30ed20c25. rdar://problem/107756651
youennf
noreply at github.com
Wed Jul 26 19:03:47 PDT 2023
Branch: refs/heads/safari-7615-branch
Home: https://github.com/WebKit/WebKit
Commit: 5e018210a5ca21e19bb738ef20bf2ff4fef293c3
https://github.com/WebKit/WebKit/commit/5e018210a5ca21e19bb738ef20bf2ff4fef293c3
Author: Brent Fulgham <bfulgham at apple.com>
Date: 2023-04-20 (Thu, 20 Apr 2023)
Changed paths:
A LayoutTests/dom/html/navigator-plugins-expected.txt
A LayoutTests/dom/html/navigator-plugins.html
M Source/WebCore/page/Navigator.cpp
Log Message:
-----------
Cherry-pick 1cc30ed20c25. rdar://problem/107756651
Correct PDF Plugin descriptions returned by navigator.plugins[x].description
https://bugs.webkit.org/show_bug.cgi?id=255155
<rdar://problem/107756651>
Reviewed by Geoffrey Garen.
In Bug 254189 we corrected a bug where the name of the WebKit Built-in PDF plugin was localized
for the user's settings, which confused some anti-fraud software because the specification requires
the name to be in plain English text.
While that issue was fixed, the specification also requires a consistent English label, "Portable
Document Format" be returned by the 'description' property of the plugin. This is currently localized
in Safari, leading to some anti-fraud software failing.
This patch modifies only the return value from Navigator.plugins[].description, so that other
elements of the Browser UI can correctly localize the description.
* Source/WebCore/page/Navigator.cpp:
(WebCore::Navigator::initializePluginAndMimeTypeArrays):
Canonical link: https://commits.webkit.org/262779@main
Identifier: 259548.661 at safari-7615-branch
Commit: 8d29e8d0af691428160545544d857a0c1570092c
https://github.com/WebKit/WebKit/commit/8d29e8d0af691428160545544d857a0c1570092c
Author: Simon Fraser <simon.fraser at apple.com>
Date: 2023-04-20 (Thu, 20 Apr 2023)
Changed paths:
A LayoutTests/svg/masking/masking-with-event-region-expected.html
A LayoutTests/svg/masking/masking-with-event-region.html
M Source/WebCore/rendering/svg/RenderSVGResourceClipper.cpp
M Source/WebCore/rendering/svg/RenderSVGResourceClipper.h
Log Message:
-----------
Cherry-pick e4d2a7474950. rdar://problem/107885344
SVG clip-path is sometimes broken on stevejobsarchive.com
https://bugs.webkit.org/show_bug.cgi?id=255577
rdar://107885344
Reviewed by Said Abou-Hallawa.
http://book.stevejobsarchive.com/ uses CSS clip-path with a reference to an SVG <clipPath> element
which contains text.
In this configuration, RenderSVGResourceClipper::applyClippingToContext() falls back to a code path
that uses an ImageBuffer as a mask, and it caches the ImageBuffer between calls. This caused a
problem when DOM Rendering in the GPU Process was enabled; this code is first hit for a "fake" paint
with a NullGraphicsContext which is updating EventRegions, called out of
`RenderLayerBacking::updateEventRegion()`. The NullGraphicsContext will make a local ImageBuffer.
If we then hit this same code for actual painting with a painting GraphicsContext, we'll use that
cached ImageBuffer, rather than creating a new one with appropriate GPU Process backing.
Fix this by adding `isPaintingDisabled` to the criteria used to decide if the cached buffer can be
re-used.
* LayoutTests/svg/masking/masking-with-event-region-expected.html: Added.
* LayoutTests/svg/masking/masking-with-event-region.html: Added.
* Source/WebCore/rendering/svg/RenderSVGResourceClipper.cpp:
(WebCore::RenderSVGResourceClipper::computeInputs):
(WebCore::RenderSVGResourceClipper::applyClippingToContext):
* Source/WebCore/rendering/svg/RenderSVGResourceClipper.h:
(WebCore::ClipperData::Inputs::operator== const):
Canonical link: https://commits.webkit.org/263087@main
Identifier: 259548.662 at safari-7615-branch
Commit: 54bbd87350b3e4a4aa261e4f7cc91a7700a9299e
https://github.com/WebKit/WebKit/commit/54bbd87350b3e4a4aa261e4f7cc91a7700a9299e
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-04-20 (Thu, 20 Apr 2023)
Changed paths:
A LayoutTests/fast/events/message-event-data-isolated-world-expected.txt
A LayoutTests/fast/events/message-event-data-isolated-world.html
M Source/WebCore/dom/MessageEvent.cpp
Log Message:
-----------
Cherry-pick ca6ca7d1895d. rdar://problem/107538083
REGRESSION (Safari 16.4): PostMessage with transfer object is broken between contexts
https://bugs.webkit.org/show_bug.cgi?id=254777
rdar://107538083
Reviewed by Geoffrey Garen.
Before 256896 at main, we would construct MessageEvents and give them a
SerializedScriptValue to store internally. Then, the deserialization of this
SerializedScriptValue would happen lazily when the JS accesses
MessageEvent.data. We would then cache the result of the deserialization
inside MessageEvent::m_cachedData to avoid repeated deserializations.
Also note that we would make sure that the cachedData's world matches the
current world before using it. We would deserialize again if the worlds
don't match.
After 256896 at main, we now deserialize the SerializedScriptValue eagerly, so
that we know whether to fire a `message` event or a `messageerror` one.
This deserialization would happen in the main JS world and we would pass
the resulting JSValue to the MessageEvent to store instead of the
SerializedScriptValue. This would work fine for main worlds and regressed
isolated worlds since JSMessageEvent::data() would not have a
SerializedScriptValue to re-deserialize for isolated worlds.
To address the issue, we now construct MessageEvents with a
SerializedScriptValue, like we did before 256896 at main. For performance reasons
we also store the deserialized JSValue in MessageEvent::cachedData so that
later calls to JSMessageEvent::data() don't end up deserializing the
SerializedScriptValue again if called from the main world. However, if the
call for JSMessageEvent::data() comes from an isolated world, the
implementation will properly deserialize the SerializedScriptValue again,
like it did before 256896 at main.
This was tested manually on strava.com.
Test: fast/events/message-event-data-isolated-world.html
* Source/WebCore/dom/MessageEvent.cpp:
(WebCore::MessageEvent::create):
Canonical link: https://commits.webkit.org/263155@main
Identifier: 259548.663 at safari-7615-branch
Commit: 250c4928b0b6beec9ece71877ec99c71bd40b798
https://github.com/WebKit/WebKit/commit/250c4928b0b6beec9ece71877ec99c71bd40b798
Author: Matthieu Dubet <m_dubet at apple.com>
Date: 2023-04-20 (Thu, 20 Apr 2023)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/cssom-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/cssom.html
M Source/WebCore/css/CSSStyleRule.cpp
M Source/WebCore/css/StyleRule.h
Log Message:
-----------
Cherry-pick 262961 at main (fdf42acd549d). rdar://108041191
Fix setSelectorText() to overwrite both selector and original selector
https://bugs.webkit.org/show_bug.cgi?id=255446
rdar://108041191
Reviewed by Antti Koivisto.
Before this patch, only the StyleRule selector was overwritten:
selector matching was correct but CSSOM cssText() displayed the wrong selector.
* LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/cssom-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/cssom.html:
* Source/WebCore/css/CSSStyleRule.cpp:
(WebCore::CSSStyleRule::setSelectorText):
* Source/WebCore/css/StyleRule.h:
(WebCore::StyleRuleWithNesting::wrapperAdoptOriginalSelectorList):
Canonical link: https://commits.webkit.org/262961@main
Canonical link: https://commits.webkit.org/259548.664@safari-7615-branch
Commit: f001b0bc6b6a9712bfa630614d67459b2495302d
https://github.com/WebKit/WebKit/commit/f001b0bc6b6a9712bfa630614d67459b2495302d
Author: Wenson Hsieh <wenson_hsieh at apple.com>
Date: 2023-04-20 (Thu, 20 Apr 2023)
Changed paths:
A LayoutTests/css3/scroll-snap/scroll-snap-discrete-wheel-event-in-mainframe-expected.txt
A LayoutTests/css3/scroll-snap/scroll-snap-discrete-wheel-event-in-mainframe.html
M LayoutTests/css3/scroll-snap/scroll-snap-wheel-event.html
M LayoutTests/platform/glib/TestExpectations
M LayoutTests/platform/ios-wk2/TestExpectations
M LayoutTests/platform/mac-wk1/TestExpectations
M Source/WebCore/platform/ScrollingEffectsController.h
M Source/WebCore/platform/mac/ScrollingEffectsController.mm
Log Message:
-----------
Cherry-pick 939e8d49f5a5. rdar://problem/107885426
[macOS] Scrolling with a physical mouse wheel should not always animate to the closest snap point
https://bugs.webkit.org/show_bug.cgi?id=255493
rdar://107885426
Reviewed by Simon Fraser.
When scrolling using a physical mouse wheel in a scroll snap container, WebKit's current scroll snap
implementation handles each wheel event in a stateless manner, kicking off a scroll snap animation
to the closest snap point if no other wheel event is observed after 750 ms. This can lead to some
unintuitive behaviors when distances between scroll snap points are large, since the user may scroll
for a single wheel tick expecting to advance to the next page, only for the scroll position to
animate back to where they started.
This patch improves this by treating a stream of discrete wheel events similarly to trackpad-based
momentum scrolling, and animates to the appropriate snap point in the direction of scrolling; this
also aligns our implementation more closely with both Gecko and Blink.
See below for more details.
Test: css3/scroll-snap/scroll-snap-discrete-wheel-event-in-mainframe.html
* LayoutTests/css3/scroll-snap/scroll-snap-discrete-wheel-event-in-mainframe-expected.txt: Added.
* LayoutTests/css3/scroll-snap/scroll-snap-discrete-wheel-event-in-mainframe.html: Added.
Add a new layout test to exercise the change, in a mainframe (root) scroll snapping context.
* LayoutTests/css3/scroll-snap/scroll-snap-wheel-event.html:
Adjust an existing stateless scroll snapping test to exercise the change by lowering the scrolling
tick count from 3 to 1. Without this change, this adjustment would've bumped us back to the original
scroll position; after this change, we'll now animate to the next snap point.
* LayoutTests/platform/glib/TestExpectations:
* LayoutTests/platform/ios-wk2/TestExpectations:
* LayoutTests/platform/mac-wk1/TestExpectations:
Discrete wheel events on the root don't seem to trigger scroll snapping at all in WebKit1, both
before and after this patch. I filed webkit.org/b/255498, to track that issue separately.
* Source/WebCore/platform/ScrollingEffectsController.h:
Maintain a LIFO queue of up to three discrete wheel event deltas, which we use to determine the
user's intended scrolling direction after finishing a stream of discrete wheel events.
* Source/WebCore/platform/mac/ScrollingEffectsController.mm:
(WebCore::ScrollingEffectsController::stopAllTimers):
(WebCore::toWheelEventStatus):
(WebCore::operator<<):
(WebCore::ScrollingEffectsController::scheduleDiscreteScrollSnap):
(WebCore::ScrollingEffectsController::discreteSnapTransitionTimerFired):
Rename "stateless" -> "discrete", to reflect the fact that the new implementation is now stateful
by way of maintaining a queue of recent discrete wheel event deltas. Additionally, use
`transitionToGlideAnimationState()` to kick off scroll snapping if the average wheel event delta is
nonzero.
(WebCore::ScrollingEffectsController::processWheelEventForScrollSnap):
(WebCore::ScrollingEffectsController::scheduleStatelessScrollSnap): Deleted.
Dramatically reduce the delay before firing the scroll snap timer for discrete wheel events, now
that the purpose is no longer to wait for the user to manually scroll to the next page before
snapping, but rather observe enough events to estimate the user's intended scrolling direction.
(WebCore::ScrollingEffectsController::statelessSnapTransitionTimerFired): Deleted.
Canonical link: https://commits.webkit.org/263071@main
Identifier: 259548.665 at safari-7615-branch
Commit: 502cd653a7f7071660b42a3f916dab2c40f6ae66
https://github.com/WebKit/WebKit/commit/502cd653a7f7071660b42a3f916dab2c40f6ae66
Author: Simon Fraser <simon.fraser at apple.com>
Date: 2023-04-20 (Thu, 20 Apr 2023)
Changed paths:
A LayoutTests/css3/scroll-snap/resnap-after-layout-expected.txt
A LayoutTests/css3/scroll-snap/resnap-after-layout.html
M LayoutTests/platform/gtk/TestExpectations
M LayoutTests/platform/ios-wk2/TestExpectations
M LayoutTests/platform/wpe/TestExpectations
M Source/WebCore/platform/ScrollSnapAnimatorState.cpp
M Source/WebCore/platform/ScrollSnapAnimatorState.h
M Source/WebCore/platform/ScrollableArea.cpp
Log Message:
-----------
Cherry-pick ee03689988d7. rdar://problem/107885376
Scroll snap sometimes jumps back to the wrong place on stevejobsarchive.com
https://bugs.webkit.org/show_bug.cgi?id=255492
rdar://107885376
Reviewed by Wenson Hsieh.
259696 at main added some logic that attempts to re-snap after layout when multiple boxes were snapped,
adding a `m_currentlySnappedBoxes` member to `ScrollSnapAnimatorState`.
However, `m_currentlySnappedBoxes` was only updated in the `resnapAfterLayout` code path, not when
scrolling moved you to a new snap point. That resulted in `resnapAfterLayout` sometimes returning
you to a stale location if you'd scrolled to a new snap point since the last time
`resnapAfterLayout` was run, especially when hitting the "multiple boxes were snapped" clause.
It's troublesome to have both `m_currentlySnappedBoxes` and a `snapTargetID` in each SnapOffset (a
future patch will clean this up). But for now, ensure that `m_currentlySnappedBoxes` is updated on
each scroll-related snap as well as resnapping after layout.
* LayoutTests/css3/scroll-snap/resnap-after-layout-expected.txt: Added.
* LayoutTests/css3/scroll-snap/resnap-after-layout.html: Added.
* LayoutTests/platform/gtk/TestExpectations:
* LayoutTests/platform/ios-wk2/TestExpectations:
* LayoutTests/platform/wpe/TestExpectations:
* Source/WebCore/platform/ScrollSnapAnimatorState.cpp:
(WebCore::ScrollSnapAnimatorState::setActiveSnapIndexForAxis):
(WebCore::ScrollSnapAnimatorState::updateCurrentlySnappedBoxes):
(WebCore::chooseBoxToResnapTo):
(WebCore::ScrollSnapAnimatorState::resnapAfterLayout):
(WebCore::ScrollSnapAnimatorState::setNearestScrollSnapIndexForAxisAndOffsetInternal):
(WebCore::ScrollSnapAnimatorState::setNearestScrollSnapIndexForOffset):
(WebCore::ScrollSnapAnimatorState::chooseBoxToResnapTo const): Deleted.
(WebCore::ScrollSnapAnimatorState::setNearestScrollSnapIndexForAxisAndOffset): Deleted.
* Source/WebCore/platform/ScrollSnapAnimatorState.h: Some functions can be private.
(WebCore::ScrollSnapAnimatorState::setActiveSnapIndexForAxisInternal): The "internal" implies that it doesn't update m_currentlySnappedBoxes.
(WebCore::ScrollSnapAnimatorState::setActiveSnapIndexForAxis): Deleted.
* Source/WebCore/platform/ScrollableArea.cpp:
(WebCore::ScrollableArea::resnapAfterLayout): Improved logging.
(WebCore::ScrollableArea::doPostThumbMoveSnapping): Improved logging.
Canonical link: https://commits.webkit.org/263097@main
Identifier: 259548.666 at safari-7615-branch
Commit: 4aa8750579fb41180e551ec753a1f79e1ea06798
https://github.com/WebKit/WebKit/commit/4aa8750579fb41180e551ec753a1f79e1ea06798
Author: Dan Glastonbury <djg at apple.com>
Date: 2023-04-20 (Thu, 20 Apr 2023)
Changed paths:
M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ProgramMtl.mm
Log Message:
-----------
[ANGLE] UBO convert only whole block
rdar://106964250
Reviewed by Dean Jackson.
OpenGL doesn't guarantee that the buffer backing uniform blocks needs to be a
multiple of the block size. When converting OpenGL layout blocks to Metal
layout, ConvertUniformBufferData is rounding up the size of the backing buffer
to a multiple of the block size which leads to reading out of bounds.
To ensure we don't read outside the source buffer, this change replaces calls to
`memcpy` with `memcpy_guarded` which accepts a pointer to the limit of available
data and copies as much data as is available, writing zeroes for any unavailable
amount.
Conversion of bools didn't use memcpy, so the raw pointer is checked against
maxSrcPtr and only dereferenced if valid, otherwise zero is used.
This has been tested with ASan and UBSan enabled against the OpenGL dEQP tests
for Uniform Buffer Objects in ANGLE.
* Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ProgramMtl.mm:
Canonical link: https://commits.webkit.org/259548.667@safari-7615-branch
Commit: 361116a68ae66e4f50d7e4e84faee59577cc8031
https://github.com/WebKit/WebKit/commit/361116a68ae66e4f50d7e4e84faee59577cc8031
Author: Wenson Hsieh <wenson_hsieh at apple.com>
Date: 2023-04-20 (Thu, 20 Apr 2023)
Changed paths:
A LayoutTests/css3/scroll-snap/scroll-snap-discrete-wheel-events-with-layout-expected.txt
A LayoutTests/css3/scroll-snap/scroll-snap-discrete-wheel-events-with-layout.html
M LayoutTests/platform/glib/TestExpectations
M LayoutTests/platform/ios-wk2/TestExpectations
M Source/WebCore/page/scrolling/ScrollingTree.cpp
M Source/WebCore/page/scrolling/ScrollingTree.h
M Source/WebCore/platform/mac/ScrollingEffectsController.mm
M Source/WebKit/UIProcess/RemoteLayerTree/RemoteScrollingCoordinatorProxy.h
M Source/WebKit/UIProcess/RemoteLayerTree/RemoteScrollingTree.cpp
M Source/WebKit/UIProcess/RemoteLayerTree/RemoteScrollingTree.h
M Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteScrollingCoordinatorProxyMac.h
M Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteScrollingCoordinatorProxyMac.mm
Log Message:
-----------
Cherry-pick 025262762049. rdar://problem/108231619
[macOS] Performing layout when scroll snapping with a physical mouse wheel snaps to the last snap position
https://bugs.webkit.org/show_bug.cgi?id=255603
Reviewed by Tim Horton.
Currently, when `resnapAfterLayout()` is called after a layout pass while scrolling with a physical
mouse wheel in a scroll snapping container, we end up erroneously re-snapping to the last active
snap position. This doesn't happen when using a trackpad to scroll because we bail here:
```
void ScrollableArea::resnapAfterLayout()
{
…
if (!scrollAnimator || isScrollSnapInProgress() || isUserScrollInProgress())
return;
```
…due to the fact that `isUserScrollInProgress()` is `true`, since this flag is set over the course
of both user-driven and momentum scrolling phases. Importantly, note that `isScrollSnapInProgress()`
is only `true` in this case where UI-side compositing is *disabled* — this is because nothing
currently calls `{add|remove}NodeWithActiveScrollSnap` on `RemoteScrollingUIState`, which means that
we never end up propagating `m_nodesWithActiveScrollSnap` to the web process when UI-side
compositing is enabled, so from the web-process' perspective, `isScrollSnapInProgress()` is always
`false`.
As such, in order to make physical mouse wheel scrolling work well when there are interleaved layout
passes, the fix is two-fold:
1. Consider `isScrollSnapInProgress()` to be true if the discrete wheel event timer is scheduled.
2. Add plumbing to deliver `isScrollSnapInProgress()` state from the UI process to the web process
through the scrolling state tree, to ensure that this bug fix is also effective when UI-side
compositing is enabled.
Test: css3/scroll-snap/scroll-snap-discrete-wheel-events-with-layout.html
* LayoutTests/css3/scroll-snap/scroll-snap-discrete-wheel-events-with-layout-expected.txt: Added.
* LayoutTests/css3/scroll-snap/scroll-snap-discrete-wheel-events-with-layout.html: Added.
Add a new test case to exercise the bug fix.
* LayoutTests/platform/glib/TestExpectations:
* LayoutTests/platform/ios-wk2/TestExpectations:
* Source/WebCore/page/scrolling/ScrollingTree.cpp:
(WebCore::ScrollingTree::setNodeScrollSnapInProgress):
* Source/WebCore/page/scrolling/ScrollingTree.h:
(WebCore::ScrollingTree::scrollingTreeNodeDidBeginScrollSnapping):
(WebCore::ScrollingTree::scrollingTreeNodeDidEndScrollSnapping):
Add new override hooks to allow the client layer to know when scrolling tree nodes change "scroll
snap in progress" state. See WebKit2 changes below for more information.
* Source/WebCore/platform/mac/ScrollingEffectsController.mm:
(WebCore::ScrollingEffectsController::stopAllTimers):
(WebCore::ScrollingEffectsController::isScrollSnapInProgress const):
Consider scroll snap in progress if we've scheduled a scroll snap while handling discrete wheel
events.
(WebCore::ScrollingEffectsController::discreteSnapTransitionTimerFired):
Add a couple of call sites to `m_client.didStopScrollSnapAnimation()` in the case where the timer
is either stopped early or without triggering a scroll snap animation, such that we don't end up
with a node being stuck indefinitely in `nodesWithActiveScrollSnap`.
* Source/WebKit/UIProcess/RemoteLayerTree/RemoteScrollingCoordinatorProxy.h:
(WebKit::RemoteScrollingCoordinatorProxy::scrollingTreeNodeDidBeginScrollSnapping):
(WebKit::RemoteScrollingCoordinatorProxy::scrollingTreeNodeDidEndScrollSnapping):
* Source/WebKit/UIProcess/RemoteLayerTree/RemoteScrollingTree.cpp:
(WebKit::RemoteScrollingTree::scrollingTreeNodeDidBeginScrollSnapping):
(WebKit::RemoteScrollingTree::scrollingTreeNodeDidEndScrollSnapping):
Add plumbing from `RemoteScrollingTree` -> `RemoteScrollingCoordinatorProxy` ->
`RemoteScrollingUIState` whenever a scrolling node begins or ends scroll snapping progress.
* Source/WebKit/UIProcess/RemoteLayerTree/RemoteScrollingTree.h:
* Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteScrollingCoordinatorProxyMac.h:
* Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteScrollingCoordinatorProxyMac.mm:
(WebKit::RemoteScrollingCoordinatorProxyMac::scrollingTreeNodeDidBeginScrollSnapping):
(WebKit::RemoteScrollingCoordinatorProxyMac::scrollingTreeNodeDidEndScrollSnapping):
Canonical link: https://commits.webkit.org/263108@main
Identifier: 259548.667 at safari-7615-branch
Commit: 005d93b39e87b494bcbe4516b1d8d29e14808725
https://github.com/WebKit/WebKit/commit/005d93b39e87b494bcbe4516b1d8d29e14808725
Author: Wenson Hsieh <wenson_hsieh at apple.com>
Date: 2023-04-20 (Thu, 20 Apr 2023)
Changed paths:
M LayoutTests/TestExpectations
A LayoutTests/css3/scroll-snap/ios/scroll-snap-mainframe-scroll-deceleration-with-obscured-inset-expected.txt
A LayoutTests/css3/scroll-snap/ios/scroll-snap-mainframe-scroll-deceleration-with-obscured-inset.html
M LayoutTests/platform/ios-wk2/TestExpectations
M Source/WebKit/UIProcess/RemoteLayerTree/ios/RemoteScrollingCoordinatorProxyIOS.mm
M Tools/WebKitTestRunner/TestOptions.cpp
M Tools/WebKitTestRunner/TestOptions.h
M Tools/WebKitTestRunner/ios/TestControllerIOS.mm
Log Message:
-----------
Cherry-pick dc3e66efee5b. rdar://problem/108008480
[iOS] Scrolling snaps to previous snap point when tapping during a scroll snap in mainframe
https://bugs.webkit.org/show_bug.cgi?id=255670
rdar://108008480
Reviewed by Tim Horton.
When interrupting scroll view deceleration with a tap gesture, we re-run logic to retarget the snap
offset given the current scroll offset and the projected (original) scroll offset where we would've
ended up scrolling. In an overflow region where this bug does *not* reproduce, the current offset is
equal to the projected offset, so we simply retarget to the closest snap point.
However, in a mainframe scroll snapping context where the bug reproduces, the projected snap offset
is off by an amount equal to the top obscured inset, which means that instead of defaulting to the
closest snap position, we'll instead always retarget the previous snap point. To fix this, we simply
apply this same adjustment to this projected offset.
Test: css3/scroll-snap/ios/scroll-snap-mainframe-scroll-deceleration-with-obscured-inset.html
* LayoutTests/TestExpectations:
* LayoutTests/css3/scroll-snap/ios/scroll-snap-mainframe-scroll-deceleration-with-obscured-inset-expected.txt: Added.
* LayoutTests/css3/scroll-snap/ios/scroll-snap-mainframe-scroll-deceleration-with-obscured-inset.html: Added.
Add a layout test to exercise this change, by scrolling via a swipe gesture, tapping, and verifying
that we don't snap back to the start.
* LayoutTests/platform/ios-wk2/TestExpectations:
* Source/WebKit/UIProcess/RemoteLayerTree/ios/RemoteScrollingCoordinatorProxyIOS.mm:
(WebKit::RemoteScrollingCoordinatorProxyIOS::adjustTargetContentOffsetForSnapping):
Offset the projected offset by the top obscured inset, for consistency with the current offset.
* Tools/WebKitTestRunner/TestOptions.cpp:
(WTR::TestOptions::defaults):
(WTR::TestOptions::keyTypeMapping):
* Tools/WebKitTestRunner/TestOptions.h:
(WTR::TestOptions::obscuredInsetTop const):
* Tools/WebKitTestRunner/ios/TestControllerIOS.mm:
(WTR::TestController::platformResetStateToConsistentValues):
Add a new test option to specify a top obscured inset value on the web view.
Canonical link: https://commits.webkit.org/263158@main
Identifier: 259548.669 at safari-7615-branch
Commit: a1c1e04148d7b4606a1322e889c6a12c36753f5d
https://github.com/WebKit/WebKit/commit/a1c1e04148d7b4606a1322e889c6a12c36753f5d
Author: Jer Noble <jer.noble at apple.com>
Date: 2023-04-20 (Thu, 20 Apr 2023)
Changed paths:
M LayoutTests/media/media-source/media-webm-opus-partial-abort-expected.txt
M LayoutTests/media/media-source/media-webm-opus-partial-abort.html
M LayoutTests/media/media-source/media-webm-opus-partial-expected.txt
M LayoutTests/media/media-source/media-webm-opus-partial.html
M LayoutTests/media/video-test.js
M Source/WebCore/platform/MediaSample.h
M Source/WebCore/platform/graphics/cocoa/CMUtilities.mm
M Source/WebCore/platform/graphics/cocoa/SourceBufferParserWebM.cpp
M Source/WebCore/platform/graphics/cocoa/SourceBufferParserWebM.h
Log Message:
-----------
Cherry-pick 262837 at main (7f1bcb55362b). rdar://106976225
[Cocoa] "Pop" of bad audio heard at the start of certain YouTube videos
https://bugs.webkit.org/show_bug.cgi?id=255212
rdar://106976225
Reviewed by Eric Carlson.
Tracking addition of a test via https://bugs.webkit.org/show_bug.cgi?id=255227.
Two interrelated problems cause discontinuties in the audio output at the
start of certain Opus-encoded WebM files.
1) A bug in the ffmpeg muxer causes the initial block in a cluster to be 1ms
too long, which causes an audible discontinuity to be generated from
AVSampleBufferAudioRenderer.
2) Some Opus-encoded WebM files include a CodecDelay value, which requires
players to decode, but not render, the initial audio frames in a stream.
For 2), map the CodecDelay value to a kCMSampleBufferAttachmentKey_TrimDurationAtStart
attachment in the resulting CMSampleBuffer. This causes the output duration of the
sample to be reduced by the trim duration, and the output presentation time to be
increased by the trim duration, so also shift the input presentation time by the same
amount. This aligns the first audible frame with the start time of the track.
For 1), if a discontinuity is encountered, and the discontinuity is less than 15ms
simply advance the presentation time of the subsequent sample by the discontinuity
duration. Track this discontinuity cumulatively, so that if multiple discontinuities
are encountered that total greater than 15ms, a real audible discontinuity is generated
and the track is brought back in sync with the master timeline.
* Source/WebCore/platform/MediaSample.h:
* Source/WebCore/platform/graphics/cocoa/CMUtilities.mm:
(WebCore::toCMSampleBuffer):
* Source/WebCore/platform/graphics/cocoa/SourceBufferParserWebM.cpp:
(WebCore::WebMParser::VideoTrackData::consumeFrameData):
(WebCore::WebMParser::AudioTrackData::AudioTrackData):
(WebCore::WebMParser::AudioTrackData::consumeFrameData):
* Source/WebCore/platform/graphics/cocoa/SourceBufferParserWebM.h:
(WebCore::WebMParser::AudioTrackData::AudioTrackData): Deleted.
Canonical link: https://commits.webkit.org/262837@main
Canonical link: https://commits.webkit.org/259548.670@safari-7615-branch
Commit: a04c374a68356d926ec8e7d4b6fc1d31f6452e35
https://github.com/WebKit/WebKit/commit/a04c374a68356d926ec8e7d4b6fc1d31f6452e35
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-04-21 (Fri, 21 Apr 2023)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/commit.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/commit_unittest.py
Log Message:
-----------
Cherry-pick 263027 at main (3338c3aac8ff). rdar://108143386
[git-webkit] Do not include indented trailers
https://bugs.webkit.org/show_bug.cgi?id=255528
rdar://108143386
Reviewed by Ryan Haddad.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/commit.py:
(Commit): Trailers cannot start with whitespace.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/commit_unittest.py:
Canonical link: https://commits.webkit.org/263027@main
Canonical link: https://commits.webkit.org/259548.671@safari-7615-branch
Commit: 696c971de90d829e654ee0f92c3935364eeae658
https://github.com/WebKit/WebKit/commit/696c971de90d829e654ee0f92c3935364eeae658
Author: Carlos Alberto Lopez Perez <clopez at igalia.com>
Date: 2023-04-21 (Fri, 21 Apr 2023)
Changed paths:
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py
M Tools/Scripts/webkitpy/autoinstalled/twisted.py
Log Message:
-----------
Cherry-pick 263081 at main (2a0a1467f4d8). https://bugs.webkit.org/show_bug.cgi?id=255519
[WPE][GTK] Autoinstall version conflicts for cryptography and cffi libraries when running the run-benchmark script
https://bugs.webkit.org/show_bug.cgi?id=255519
Reviewed by Jonathan Bedard.
Autoinstall cffi and cryptography libraries for all platforms
on webkitcorepy since now are required for twisted and use
the version that was defined on twisted.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py:
* Tools/Scripts/webkitpy/autoinstalled/twisted.py:
Canonical link: https://commits.webkit.org/263081@main
Canonical link: https://commits.webkit.org/259548.672@safari-7615-branch
Commit: 8c86863d21e5738aec4cbeb97806913f5d25eb51
https://github.com/WebKit/WebKit/commit/8c86863d21e5738aec4cbeb97806913f5d25eb51
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-04-21 (Fri, 21 Apr 2023)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pull_request.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/pull_request_unittest.py
Log Message:
-----------
Cherry-pick 263099 at main (feea593221f2). rdar://107615755
[git-webkit] Provide mechanism to exempt bugs from redaction (Follow-up)
https://bugs.webkit.org/show_bug.cgi?id=254993
rdar://107615755
Reviewed by Dewei Zhu.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pull_request.py:
(PullRequest.create_pull_request): If the issue exempt from redaction is the second issue,
we should print the fact that the first redacted issue is being made public.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/pull_request_unittest.py:
Canonical link: https://commits.webkit.org/263099@main
Canonical link: https://commits.webkit.org/259548.673@safari-7615-branch
Commit: 2bedb0e080ed17d6d9b5096f2dc422c235ffe411
https://github.com/WebKit/WebKit/commit/2bedb0e080ed17d6d9b5096f2dc422c235ffe411
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-04-21 (Fri, 21 Apr 2023)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pull_request.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/pull_request_unittest.py
Log Message:
-----------
Cherry-pick 263101 at main (9384f300d865). rdar://107343169
[git-webkit] Prevent publication of commits for redacted PRs
https://bugs.webkit.org/show_bug.cgi?id=254627
rdar://107343169
Reviewed by Dewei Zhu.
Since we have a way of marking issues as exempt from redaction, local tooling
should not aid the user in uploading commits for redacted issues.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pull_request.py:
(PullRequest.create_pull_request): Exit program if user declines (or cannot) upload
a redacted change.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/pull_request_unittest.py:
Canonical link: https://commits.webkit.org/263101@main
Canonical link: https://commits.webkit.org/259548.674@safari-7615-branch
Commit: 9ba6158e50770841848839e617e09da0466bba00
https://github.com/WebKit/WebKit/commit/9ba6158e50770841848839e617e09da0466bba00
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-04-21 (Fri, 21 Apr 2023)
Changed paths:
M Tools/Scripts/webkitpy/tool/commands/commandtest.py
M Tools/Scripts/webkitpy/tool/commands/upload.py
M Tools/Scripts/webkitpy/tool/commands/upload_unittest.py
M Tools/Scripts/webkitpy/tool/steps/__init__.py
A Tools/Scripts/webkitpy/tool/steps/checkforredactedissue.py
Log Message:
-----------
Cherry-pick 263104 at main (dc5b85ccaaa7). rdar://108169167
[webkit-patch] Check issue redaction before upload
https://bugs.webkit.org/show_bug.cgi?id=255565
rdar://108169167
Rubber-stamped by Alan Baradlay.
webkit-patch should check if a patch references a redacted issue, just like git-webkit.
* Tools/Scripts/webkitpy/tool/commands/commandtest.py:
(CommandsTest.assert_execute_outputs): Check command output, even when exceptions are raised.
* Tools/Scripts/webkitpy/tool/commands/upload.py:
(AbstractPatchUploadingCommand._issues): List all issues associated with patch being uploaded.
(AbstractPatchUploadingCommand._prepare_state): Cache issues associated with patch.
(Post): Check that associated issues are not redacted.
(LandSafely): Ditto.
(Upload): Ditto.
(Upload._prepare_state): Cache issues associated with patch.
* Tools/Scripts/webkitpy/tool/commands/upload_unittest.py:
(MockIssue):
(MockRedaction):
(UploadCommandsTest.test_upload_blocked):
(UploadCommandsTest.test_upload_exempt):
* Tools/Scripts/webkitpy/tool/steps/__init__.py: Export CheckForRedactedIssue.
* Tools/Scripts/webkitpy/tool/steps/checkforredactedissue.py: Added.
(CheckForRedactedIssue): Abandon upload if associated issues are redacted.
Canonical link: https://commits.webkit.org/263104@main
Canonical link: https://commits.webkit.org/259548.675@safari-7615-branch
Commit: 39b0087a0443ead18c79b840fbdd898a2ec2e201
https://github.com/WebKit/WebKit/commit/39b0087a0443ead18c79b840fbdd898a2ec2e201
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-04-21 (Fri, 21 Apr 2023)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/local/git.py
Log Message:
-----------
Cherry-pick 263190 at main (610c7d596fb7). rdar://108328653
[git-webkit] Avoid listing all branches for old commits
https://bugs.webkit.org/show_bug.cgi?id=255737
rdar://108328653
Reviewed by Dewei Zhu.
For very old commits, listing all branches those commits are members of
can be very expensive. It's also a fairly wasteful operation, most commits
are on `main`, so we should quickly check that case first before attempting
the more general case.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/local/git.py:
(Git._is_on_default_branch): Directly check if a commit is on the default branch.
(Git.commit): Attempt to directly check if a commit is on the default branch before
listing all branches for a commit.
Canonical link: https://commits.webkit.org/263190@main
Canonical link: https://commits.webkit.org/259548.676@safari-7615-branch
Commit: be22708f4dbd06657377fd22b92926faee34e01b
https://github.com/WebKit/WebKit/commit/be22708f4dbd06657377fd22b92926faee34e01b
Author: Russell Epstein <repstein at apple.com>
Date: 2023-04-21 (Fri, 21 Apr 2023)
Changed paths:
M Source/WebKit/UIProcess/RemoteLayerTree/RemoteScrollingTree.cpp
Log Message:
-----------
Unreviewed build fix. rdar://107885426
Source/WebKit/UIProcess/RemoteLayerTree/RemoteScrollingTree.cpp:76:9: error: value of type 'WebKit::RemoteScrollingCoordinatorProxy' is not contextually convertible to 'bool'
Canonical link: https://commits.webkit.org/259548.677@safari-7615-branch
Commit: 7c662f5b36e37d3496bcfc361c9545a13f28ef24
https://github.com/WebKit/WebKit/commit/7c662f5b36e37d3496bcfc361c9545a13f28ef24
Author: Arunsundar Kannan <arunsundar_kannan at apple.com>
Date: 2023-04-21 (Fri, 21 Apr 2023)
Changed paths:
A LayoutTests/fast/inline/layoutBox-null-deref-crash-on-repaint-expected.txt
A LayoutTests/fast/inline/layoutBox-null-deref-crash-on-repaint.html
M Source/WebCore/rendering/RenderInline.cpp
Log Message:
-----------
Renderinline::offsetForInFlowPositionedInline causes a null-deref of a laybox on repaint.
https://bugs.webkit.org/show_bug.cgi?id=255552.
rdar://107952390.
Reviewed by Alan Baradlay.
Line layout codepath invalidation is triggered by JS which issues a repaint on the newly inserted renderer. The newly inserted renderer is used for geometry computations and which calls offsetForInFlowPositionedInline in case of inline boxes. This tries to access the lineBoxes assocaited with the renderers but they invalidated by previous repaints. This leads to null deref of the lineboxes.
* LayoutTests/fast/inline/layoutBox-null-deref-crash-on-repaint-expected.txt: Added.
* LayoutTests/fast/inline/layoutBox-null-deref-crash-on-repaint.html: Added.
* Source/WebCore/rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::isLineLayoutPresent const):
* Source/WebCore/rendering/RenderBlockFlow.h:
* Source/WebCore/rendering/RenderInline.cpp:
(WebCore::RenderInline::offsetForInFlowPositionedInline const):
Canonical link: https://commits.webkit.org/259548.678@safari-7615-branch
Commit: 5334ed87186f273a6409bf0d5d38c36faf30060f
https://github.com/WebKit/WebKit/commit/5334ed87186f273a6409bf0d5d38c36faf30060f
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-04-21 (Fri, 21 Apr 2023)
Changed paths:
M Source/WebKit/UIProcess/ios/WKWebGeolocationPolicyDeciderIOS.mm
Log Message:
-----------
Cherry-pick 14f467660549. rdar://problem/107352115
Regression(259658 at main) Geolocation permission prompt is no longer showing in modal view
https://bugs.webkit.org/show_bug.cgi?id=255133
rdar://107352115
Reviewed by Wenson Hsieh and Tim Horton.
Use the same view controller to present the prompt as the UIWebView code used to.
I have verified locally that this fixes the issue.
* Source/WebKit/UIProcess/ios/WKWebGeolocationPolicyDeciderIOS.mm:
(-[WKWebGeolocationPolicyDecider _executeNextChallenge]):
Canonical link: https://commits.webkit.org/262697@main
Identifier: 259548.679 at safari-7615-branch
Commit: 07d73d8cb1379586ef0e812a3e65291a2f9b92ef
https://github.com/WebKit/WebKit/commit/07d73d8cb1379586ef0e812a3e65291a2f9b92ef
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-04-21 (Fri, 21 Apr 2023)
Changed paths:
M Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm
M Source/WebKit/UIProcess/WebProcessPool.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm
Log Message:
-----------
Cherry-pick 2dbbdbf493db. rdar://problem/107723629
REGRESSION (iOS 16.4): Chrome crashes in WebBackForwardCache::takeSuspendedPage
https://bugs.webkit.org/show_bug.cgi?id=255102
rdar://107723629
Reviewed by Geoffrey Garen.
We recently added an AddAllowedFirstPartyForCookies async IPC call inside
WebProcessPool::processForNavigation(), right after we decide which process to
use. Because the IPC is async, this means that the selected process may crash
while we're waiting for a response. If this happens, we now call
processForNavigation() again to select a new process instead of trying to
proceed with the navigation with the terminated process.
Similarly, also make sure that the destination suspendedPage is still valid
after receiving the async IPC, in case the back/forward cache got cleared
during the IPC (e.g. due to memory pressure).
* Source/WebKit/UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::processForNavigation):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
Canonical link: https://commits.webkit.org/262709@main
Identifier: 259548.680 at safari-7615-branch
Commit: 1e04ec38d7f9319fbd8ed2fb4a1d7071fe315002
https://github.com/WebKit/WebKit/commit/1e04ec38d7f9319fbd8ed2fb4a1d7071fe315002
Author: Kimmo Kinnunen <kkinnunen at apple.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/mtl_render_utils.h
Log Message:
-----------
ANGLE mtl_render_utils.h various classes have uninitialised std::array<> members
https://bugs.webkit.org/show_bug.cgi?id=255865
rdar://90537480
Reviewed by Dean Jackson.
Initialize all needed std::array<>s via value initialization.
The default initialization does not initialize the array, leading to
uninitialized reads.
The std::array<>s in RenderUtils are value-initialized in the constructor.
* Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/mtl_render_utils.h:
(rx::mtl::RenderUtils::angle::EnumSize<PixelType>):
Canonical link: https://commits.webkit.org/259548.681@safari-7615-branch
Commit: faf6a474e931160a68aa2abb5db341a5e946fc8a
https://github.com/WebKit/WebKit/commit/faf6a474e931160a68aa2abb5db341a5e946fc8a
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
A LayoutTests/fast/dom/object-load-pdf-data-url-expected.txt
A LayoutTests/fast/dom/object-load-pdf-data-url.html
M Source/WebCore/html/HTMLImageLoader.cpp
M Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm
Log Message:
-----------
Cherry-pick 2c5a97645ec0. rdar://problem/107795151
Regression(255052 at main) Some streaming sites fail with an Embedded Video Sandbox Browser Error
https://bugs.webkit.org/show_bug.cgi?id=255900
<rdar://107795151>
Reviewed by Tim Horton and Darin Adler.
Some streaming sites fail with an Embedded Video Sandbox Browser Error since
255052 at main. 255052 at main seems correct per the specification but exposing the
"Chrome PDF Viewer" caused those sites to use a different code path for
validating iframe sandboxing.
They now try to load a data URL with a pdf MIME type inside an <object> element
and this was firing an error event on iOS, which was causing the site's logic
to display the sandbox error.
There is logic inside WebFrameLoaderClient::objectContentType() that is iOS
specific and causes us to try to load PDF as an image when inside an <object>.
This is because we don't support loadings such PDFs as plugins on iOS.
However, WebKit, in general, doesn't fire load/error events on <object> elements
that are loaded as plugins. It only does so when loading the <object> as an image.
I propose that we stop firing the load/error events for <object> loads of PDFs on
iOS, to make it look like they were loaded as plugins and avoid firing events that
could confuse sites such as the ones in the radar.
* LayoutTests/fast/dom/object-load-pdf-data-url-expected.txt: Added.
* LayoutTests/fast/dom/object-load-pdf-data-url.html: Added.
* Source/WebCore/html/HTMLImageLoader.cpp:
(WebCore::HTMLImageLoader::dispatchLoadEvent():
Canonical link: https://commits.webkit.org/263377@main
Identifier: 259548.682 at safari-7615-branch
Commit: 4cd2a95afafccf579cd05455d3bc9566351ad979
https://github.com/WebKit/WebKit/commit/4cd2a95afafccf579cd05455d3bc9566351ad979
Author: Rob Buis <rbuis at igalia.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/css/css-values/hypot-pow-sqrt-computed-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/css/css-values/hypot-pow-sqrt-computed.html
M LayoutTests/imported/w3c/web-platform-tests/css/css-values/round-mod-rem-computed-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/css/css-values/round-mod-rem-computed.html
M Source/WebCore/css/calc/CSSCalcOperationNode.cpp
M Source/WebCore/css/calc/CSSCalcOperationNode.h
Log Message:
-----------
Cherry-pick 1643a89b579b. rdar://problem/107168358
css/css-values/hypot-pow-sqrt-computed.html WPT crashes
https://bugs.webkit.org/show_bug.cgi?id=254392
Reviewed by Tim Nguyen.
When simplifying hypot CSSCalcOperationNodes we may have only one child and
it may not be a CSSCalcPrimitiveValueNode, in that case do not simplify.
Add a similar check and tests for round, mod and rem.
* LayoutTests/imported/w3c/web-platform-tests/css/css-values/hypot-pow-sqrt-computed-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-values/hypot-pow-sqrt-computed.html:
* LayoutTests/imported/w3c/web-platform-tests/css/css-values/round-mod-rem-computed-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-values/round-mod-rem-computed.html:
* Source/WebCore/css/calc/CSSCalcOperationNode.cpp:
(WebCore::CSSCalcOperationNode::combineChildren):
* Source/WebCore/css/calc/CSSCalcOperationNode.h:
Canonical link: https://commits.webkit.org/263345@main
Identifier: 259548.683 at safari-7615-branch
Commit: 11680b16159b14480308a96e7700b7f290649909
https://github.com/WebKit/WebKit/commit/11680b16159b14480308a96e7700b7f290649909
Author: Tim Nguyen <ntim at apple.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/css/css-values/hypot-pow-sqrt-computed-expected.txt
M Source/WebCore/platform/calc/CalcExpressionOperation.cpp
Log Message:
-----------
Cherry-pick a9211716efb3. rdar://problem/108487071
CSS hypot() function sometimes returns the result squared
https://bugs.webkit.org/show_bug.cgi?id=255905
rdar://108487071
Reviewed by Tim Horton.
In cases where the result is computed by CalcExpressionOperation.cpp, the result ends up being squared, because we're missing a sqrt() operation.
The result is correct for cases computed by CSSCalcOperationNode.cpp however, ideally code should be shared to prevent these types of bugs.
* LayoutTests/imported/w3c/web-platform-tests/css/css-values/hypot-pow-sqrt-computed-expected.txt:
* Source/WebCore/platform/calc/CalcExpressionOperation.cpp:
(WebCore::CalcExpressionOperation::evaluate const):
Canonical link: https://commits.webkit.org/263351@main
Identifier: 259548.684 at safari-7615-branch
Commit: 84d7397487c0f6320eb59d34772195a8b81ee72a
https://github.com/WebKit/WebKit/commit/84d7397487c0f6320eb59d34772195a8b81ee72a
Author: Dan Robson <dan_robson at apple.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
A LayoutTests/css3/scroll-snap/ios/scroll-snap-mainframe-pinch-out-expected.txt
A LayoutTests/css3/scroll-snap/ios/scroll-snap-mainframe-pinch-out.html
M LayoutTests/css3/scroll-snap/ios/scroll-snap-mainframe-scroll-deceleration-with-obscured-inset.html
M LayoutTests/resources/ui-helper.js
M Source/WebCore/page/ChromeClient.h
M Source/WebCore/page/FrameView.cpp
A Source/WebCore/page/LocalFrameView.h
M Source/WebCore/platform/ScrollableArea.cpp
M Source/WebCore/platform/ScrollableArea.h
M Source/WebKit/Platform/spi/ios/UIKitSPI.h
M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm
M Source/WebKit/UIProcess/RemoteLayerTree/ios/RemoteScrollingCoordinatorProxyIOS.mm
M Source/WebKit/UIProcess/ios/WKScrollView.mm
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
M Source/WebKit/WebProcess/WebPage/WebPage.h
Log Message:
-----------
Apply patch. rdar://problem/108008629
Identifier: 259548.685 at safari-7615-branch
Commit: 1d51b2fcc819ac2982f20cbd5e41d89292773e2f
https://github.com/WebKit/WebKit/commit/1d51b2fcc819ac2982f20cbd5e41d89292773e2f
Author: Dan Robson <dan_robson at apple.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
R LayoutTests/css3/scroll-snap/ios/scroll-snap-mainframe-pinch-out-expected.txt
R LayoutTests/css3/scroll-snap/ios/scroll-snap-mainframe-pinch-out.html
M LayoutTests/css3/scroll-snap/ios/scroll-snap-mainframe-scroll-deceleration-with-obscured-inset.html
M LayoutTests/resources/ui-helper.js
M Source/WebCore/page/ChromeClient.h
M Source/WebCore/page/FrameView.cpp
R Source/WebCore/page/LocalFrameView.h
M Source/WebCore/platform/ScrollableArea.cpp
M Source/WebCore/platform/ScrollableArea.h
M Source/WebKit/Platform/spi/ios/UIKitSPI.h
M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm
M Source/WebKit/UIProcess/RemoteLayerTree/ios/RemoteScrollingCoordinatorProxyIOS.mm
M Source/WebKit/UIProcess/ios/WKScrollView.mm
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
M Source/WebKit/WebProcess/WebPage/WebPage.h
Log Message:
-----------
Revert "Apply patch. rdar://problem/108008629"
This reverts commit 84d7397487c0f6320eb59d34772195a8b81ee72a.
Identifier: 259548.686 at safari-7615-branch
Commit: 2c37e8ef640dc83e01580c92fdce006610bc2e35
https://github.com/WebKit/WebKit/commit/2c37e8ef640dc83e01580c92fdce006610bc2e35
Author: Dan Robson <dan_robson at apple.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
A LayoutTests/css3/scroll-snap/ios/scroll-snap-mainframe-pinch-out-expected.txt
A LayoutTests/css3/scroll-snap/ios/scroll-snap-mainframe-pinch-out.html
M LayoutTests/css3/scroll-snap/ios/scroll-snap-mainframe-scroll-deceleration-with-obscured-inset.html
M LayoutTests/resources/ui-helper.js
M Source/WebCore/page/ChromeClient.h
M Source/WebCore/page/FrameView.cpp
M Source/WebCore/page/FrameView.h
M Source/WebCore/platform/ScrollableArea.cpp
M Source/WebCore/platform/ScrollableArea.h
M Source/WebKit/Platform/spi/ios/UIKitSPI.h
M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm
M Source/WebKit/UIProcess/RemoteLayerTree/ios/RemoteScrollingCoordinatorProxyIOS.mm
M Source/WebKit/UIProcess/ios/WKScrollView.mm
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
M Source/WebKit/WebProcess/WebPage/WebPage.h
Log Message:
-----------
Apply patch. rdar://problem/108008629
Identifier: 259548.687 at safari-7615-branch
Commit: 0500e7adcfa56961c08d67e8032c7dba6a1d39f2
https://github.com/WebKit/WebKit/commit/0500e7adcfa56961c08d67e8032c7dba6a1d39f2
Author: Aakash Jain <aakash_jain at apple.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
A Tools/Scripts/upload-file-to-url
Log Message:
-----------
Cherry-pick 262888 at main (ab2b21fb6389). https://bugs.webkit.org/show_bug.cgi?id=255340
[ews] Add a script to upload a file to given url
https://bugs.webkit.org/show_bug.cgi?id=255340
Reviewed by Ryan Haddad.
* Tools/Scripts/upload-file-to-url: Added.
Canonical link: https://commits.webkit.org/262888@main
Canonical link: https://commits.webkit.org/259548.688@safari-7615-branch
Commit: a75d564e8c5f4448c1f629a342831c6cc53db761
https://github.com/WebKit/WebKit/commit/a75d564e8c5f4448c1f629a342831c6cc53db761
Author: Alexey Shvayka <ashvayka at apple.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
A JSTests/stress/regress-255806.js
M Source/JavaScriptCore/runtime/StringPrototype.cpp
Log Message:
-----------
jsc_fuzz: ASSERTION FAILED: !is8Bit() || isEmpty() in stringProtoFuncToWellFormed()
https://bugs.webkit.org/show_bug.cgi?id=255806
<rdar://108256807>
Reviewed by Yusuke Suzuki.
It's necessary to resolve a rope to determine if a string is 8-bit: JSRopeString's is8BitInPointer merely
implies it can be represented as 8-bit, but after the rope is resolved, it can become a 16-bit string.
* JSTests/stress/regress-255806.js: Added.
* Source/JavaScriptCore/runtime/StringPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
Canonical link: https://commits.webkit.org/259548.689@safari-7615-branch
Commit: b05050e0cc0031ca2bf2f2d26d002639629dee18
https://github.com/WebKit/WebKit/commit/b05050e0cc0031ca2bf2f2d26d002639629dee18
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
A JSTests/stress/marked-buffer-fill-should-be-gc-aware.js
M Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
M Source/JavaScriptCore/runtime/ArgList.h
Log Message:
-----------
[JSC] MarkedVector::fill should register itself as a root
https://bugs.webkit.org/show_bug.cgi?id=255951
rdar://108261913
Reviewed by Alexey Shvayka and Justin Michaud.
1. MarkedVector::fill is not registering itself as a strong root of GC. This patch fixes it with m_markSet->add.
2. Initialize buffer with empty value in MarkedVector::fill. This buffer can be scanned via GC when GC is invoked from
a passed lambda.
* JSTests/stress/marked-buffer-fill-should-be-gc-aware.js: Added.
(foo):
* Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:
(JSC::LLInt::handleVarargsCheckpoint):
* Source/JavaScriptCore/runtime/ArgList.h:
(JSC::MarkedVector::fill):
Canonical link: https://commits.webkit.org/259548.690@safari-7615-branch
Commit: 2feb3068b0538f424b0eee65e9df802d313446a2
https://github.com/WebKit/WebKit/commit/2feb3068b0538f424b0eee65e9df802d313446a2
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-04-26 (Wed, 26 Apr 2023)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/remote/git_hub.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pull_request.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/land_unittest.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/pull_request_unittest.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/revert_unittest.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/squash_unittest.py
Log Message:
-----------
Cherry-pick 263251 at main (556bf5c84d3e). rdar://97741202
[git-webkit] Update fork via API instead of local push
https://bugs.webkit.org/show_bug.cgi?id=243283
rdar://97741202
Reviewed by Aakash Jain.
For GitHub forks, update the fork via GitHub's API before pushing anything
to avoid re-pushing commits GitHub already has.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/remote/git_hub.py:
(GitHub.request): Mock 'merge-upstream' path.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pull_request.py:
(PullRequest.create_pull_request): Update fork's base branch before pushing PR branch,
and use GitHub's API to update the fork if available.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/land_unittest.py:
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/pull_request_unittest.py:
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/revert_unittest.py:
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/squash_unittest.py:
Canonical link: https://commits.webkit.org/263251@main
Canonical link: https://commits.webkit.org/259548.691@safari-7615-branch
Commit: a22a1db149f87c88a03b001d569b0c5d02bcce42
https://github.com/WebKit/WebKit/commit/a22a1db149f87c88a03b001d569b0c5d02bcce42
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-04-26 (Wed, 26 Apr 2023)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/publish.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/bitbucket.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/git_hub.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/scm.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/svn.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/git_unittest.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/svn_unittest.py
Log Message:
-----------
Cherry-pick 263389 at main (0756acde4447). rdar://108510545
[git-webkit] Allow alternative publication account
https://bugs.webkit.org/show_bug.cgi?id=255934
rdar://108510545
Reviewed by Elliott Williams.
Support a --user option in `git-webkit publish` to allow an alternative account
from a user's regular development account to perform the push.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/publish.py:
(Publish.parser): Add --user option.
(Publish.main): Prompt user for password if --user specified, pass that password via
environment variable to `git push` commands.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/setup.py:
(Setup.git): Add credential helper, event if the checkout is not a HTTPs checkout.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/bitbucket.py:
(BitBucket.checkout_url): Return ssh and http checkout URL.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/git_hub.py:
(GitHub.checkout_url): Return ssh and http checkout URL.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/scm.py:
(Scm.checkout_url): Added.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/svn.py:
(Svn.checkout_url): Return http checkout URL.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/git_unittest.py:
(TestGitHub.test_checkout_url):
(TestBitBucket.test_checkout_url):
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/svn_unittest.py:
(TestRemoteSvn.test_checkout_url):
Canonical link: https://commits.webkit.org/263389@main
Canonical link: https://commits.webkit.org/259548.692@safari-7615-branch
Commit: 5e67e613d41ad26e5c9a7a0aedb0d98521ab9aff
https://github.com/WebKit/WebKit/commit/5e67e613d41ad26e5c9a7a0aedb0d98521ab9aff
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-04-26 (Wed, 26 Apr 2023)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pull_request.py
Log Message:
-----------
Cherry-pick 263431 at main (2a1e05db9254). rdar://108565576
[git-webkit] Fallback to git push if API call fails
https://bugs.webkit.org/show_bug.cgi?id=255999
rdar://108565576
Reviewed by Aakash Jain.
This is a follow-up fix for 263251 at main.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pull_request.py:
(PullRequest.create_pull_request): Push target branch to fork if the branch doesn't exist.
Canonical link: https://commits.webkit.org/263431@main
Canonical link: https://commits.webkit.org/259548.693@safari-7615-branch
Commit: f1d2dd13dd491f766d8dbde1b6a5eed5d3801373
https://github.com/WebKit/WebKit/commit/f1d2dd13dd491f766d8dbde1b6a5eed5d3801373
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-04-26 (Wed, 26 Apr 2023)
Changed paths:
M metadata/trackers.json
Log Message:
-----------
Cherry-pick 263440 at main (9c5f7b8588c3). rdar://107615755
[git-webkit] Provide mechanism to exempt bugs from redaction (Follow-up)
https://bugs.webkit.org/show_bug.cgi?id=254993
rdar://107615755
Reviewed by Ryan Haddad.
* metadata/trackers.json: Rename keyword.
Canonical link: https://commits.webkit.org/263440@main
Canonical link: https://commits.webkit.org/259548.694@safari-7615-branch
Commit: a61e3766b183d6a0c872ca9dbce651391d7b0853
https://github.com/WebKit/WebKit/commit/a61e3766b183d6a0c872ca9dbce651391d7b0853
Author: Jer Noble <jer.noble at apple.com>
Date: 2023-04-27 (Thu, 27 Apr 2023)
Changed paths:
M Source/WebKit/WebProcess/GPU/media/cocoa/VideoLayerRemoteCocoa.mm
Log Message:
-----------
Cherry-pick 8a95a469c00c. rdar://problem/108109357
[Cocoa] Extra transform left on video layer when UI-side compositing is disabled
https://bugs.webkit.org/show_bug.cgi?id=256027
rdar://108109357
Reviewed by Eric Carlson.
In -resolveBounds, we bail out early if the WKVideoLayerRemote has the correct bounds and has
a identity affineTransform. But in -layoutSublayers we apply the transform directly to the
videoLayer, rather than the WKVideoLayerRemote itself, so this check will always succeed.
Leaving the transformation in place _should_ have no perceivable side effects. However power
testing has revealed that in some circumstances, this layer change may result in excess power
use when displaying video in fullscreen mode.
* Source/WebKit/WebProcess/GPU/media/cocoa/VideoLayerRemoteCocoa.mm:
(-[WKVideoLayerRemote resolveBounds]):
Canonical link: https://commits.webkit.org/263456@main
Canonical link: https://commits.webkit.org/259548.695@safari-7615-branch
Commit: cd940689dbca5046675dcfb3965d40f15342581c
https://github.com/WebKit/WebKit/commit/cd940689dbca5046675dcfb3965d40f15342581c
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-04-27 (Thu, 27 Apr 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7615.3.1
Identifier: 259548.696 at safari-7615-branch
Commit: bc76e765c3350557cd6400263e7206270f24dc1a
https://github.com/WebKit/WebKit/commit/bc76e765c3350557cd6400263e7206270f24dc1a
Author: Dawn Flores <dawn_flores at apple.com>
Date: 2023-04-27 (Thu, 27 Apr 2023)
Changed paths:
M LayoutTests/platform/mac-ventura/TestExpectations
Log Message:
-----------
[ Gardening ]([ EWS arm64 ] 3x imported/w3c/web-platform-tests/css/css-color/parsing/color* (layout-tests) are constant failures)
rdar://108624999
Unreviewed test gardening.
* LayoutTests/platform/mac-ventura/TestExpectations:
Canonical link: https://commits.webkit.org/259548.697@safari-7615-branch
Commit: bdb16982bf8259f58dd11d9e3c03a03ba45ca248
https://github.com/WebKit/WebKit/commit/bdb16982bf8259f58dd11d9e3c03a03ba45ca248
Author: Dawn Flores <dawn_flores at apple.com>
Date: 2023-04-27 (Thu, 27 Apr 2023)
Changed paths:
M LayoutTests/platform/mac-monterey/TestExpectations
Log Message:
-----------
[Gardening] (Mass Expectations for failing tests on branch)
rdar://107906590
Unreviewed test gardening.
* LayoutTests/platform/mac-monterey/TestExpectations:
Canonical link: https://commits.webkit.org/259548.698@safari-7615-branch
Commit: c80d8c789c3e0545dee40d60b2908321a720fae8
https://github.com/WebKit/WebKit/commit/c80d8c789c3e0545dee40d60b2908321a720fae8
Author: Dawn Flores <dawn_flores at apple.com>
Date: 2023-04-27 (Thu, 27 Apr 2023)
Changed paths:
M LayoutTests/platform/mac-ventura/TestExpectations
Log Message:
-----------
[ Gardening ]fast/images/avif-image-docu ment.html is a flaky crash (251099))
rdar://104615689
https://bugs.webkit.org/show_bug.cgi?id=251099
Unreviewed test gardening.
Resolving a typo.
* LayoutTests/platform/mac-ventura/TestExpectations:
Canonical link: https://commits.webkit.org/259548.699@safari-7615-branch
Commit: f68117865bcfdad098e513d31a3a1545fce9e762
https://github.com/WebKit/WebKit/commit/f68117865bcfdad098e513d31a3a1545fce9e762
Author: Tyler Wilcock <tyler_w at apple.com>
Date: 2023-04-27 (Thu, 27 Apr 2023)
Changed paths:
M Source/WTF/wtf/PlatformEnableCocoa.h
M Source/WebCore/accessibility/mac/AXObjectCacheMac.mm
Log Message:
-----------
Cherry-pick e6a6b562387c. rdar://problem/107946915
AX: ITM should only be available for Ventura and later
https://bugs.webkit.org/show_bug.cgi?id=255501
rdar://107946915
Reviewed by Chris Fleizach.
ENABLE(ACCESSIBILITY_ISOLATED_TREE) should require macOS >= 13.0 -- this
patch fixes that.
* Source/WTF/wtf/PlatformEnableCocoa.h:
* Source/WebCore/accessibility/mac/AXObjectCacheMac.mm:
Canonical link: https://commits.webkit.org/263330@main
Identifier: 259548.700 at safari-7615-branch
Commit: 242b34db872adec699b7f804f89aa74d8f51f599
https://github.com/WebKit/WebKit/commit/242b34db872adec699b7f804f89aa74d8f51f599
Author: Brady Eidson <beidson at apple.com>
Date: 2023-04-27 (Thu, 27 Apr 2023)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/notifications/idlharness.https.any-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/notifications/idlharness.https.any.serviceworker-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/notifications/idlharness.https.any.worker-expected.txt
M Source/WebCore/Modules/notifications/Notification.cpp
M Source/WebCore/Modules/notifications/Notification.h
M Source/WebCore/Modules/notifications/Notification.idl
M Source/WebCore/Modules/notifications/NotificationData.cpp
M Source/WebCore/Modules/notifications/NotificationData.h
M Source/WebCore/Modules/notifications/NotificationDataCocoa.mm
M Source/WebCore/Modules/notifications/NotificationOptions.idl
M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
M Source/WebKit/UIProcess/API/Cocoa/_WKNotificationData.h
M Source/WebKit/UIProcess/API/Cocoa/_WKNotificationData.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/PushAPI.mm
Log Message:
-----------
Cherry-pick c33fee9a5907. rdar://problem/108624855
WebKit needs to pass along NotificationOptions.silent to API clients
https://bugs.webkit.org/show_bug.cgi?id=254562
rdar://107424158
Reviewed by Megan Gardner.
WebKit doesn't display notifications itself. API clients do that.
WebKit simply passes along all of the information about the proposed notification to the client.
If a client wants to support notifications having sound, it also needs to know when a particular
notification should be silent.
JavaScript can specify in its NotificationOptions dictionary whether or not it prefers a
notification be silent.
This patch pays attention to the silent flag and passes along to the API client whether it:
- Was set to true
- Was set to false
- Was not set at all
* Source/WebCore/Modules/notifications/Notification.cpp:
(WebCore::Notification::create):
(WebCore::Notification::Notification):
(WebCore::Notification::data const):
* Source/WebCore/Modules/notifications/Notification.h:
* Source/WebCore/Modules/notifications/Notification.idl:
* Source/WebCore/Modules/notifications/NotificationData.cpp:
(WebCore::NotificationData::isolatedCopy const):
(WebCore::NotificationData::isolatedCopy):
* Source/WebCore/Modules/notifications/NotificationData.h:
* Source/WebCore/Modules/notifications/NotificationDataCocoa.mm:
(WebCore::nsValueToOptionalBool):
(WebCore::NotificationData::fromDictionary):
(WebCore::NotificationData::dictionaryRepresentation const):
* Source/WebCore/Modules/notifications/NotificationOptions.idl:
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
* Source/WebKit/UIProcess/API/Cocoa/_WKNotificationData.h:
* Source/WebKit/UIProcess/API/Cocoa/_WKNotificationData.mm:
(-[_WKNotificationData initWithCoreData:dataStore:]):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/PushAPI.mm:
Canonical link: https://commits.webkit.org/263184@main
Identifier: 259548.701 at safari-7615-branch
Commit: d7114d64c3205f9c9a4d05c538f69821eddaba8f
https://github.com/WebKit/WebKit/commit/d7114d64c3205f9c9a4d05c538f69821eddaba8f
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2023-04-27 (Thu, 27 Apr 2023)
Changed paths:
A LayoutTests/fast/forms/datalist/datalist-dropdown-transformed-element-crash-expected.txt
A LayoutTests/fast/forms/datalist/datalist-dropdown-transformed-element-crash.html
M Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm
Log Message:
-----------
[macOS] Crash when presenting a datalist dropdown for a transformed element
https://bugs.webkit.org/show_bug.cgi?id=256029
rdar://105190475
Reviewed by Wenson Hsieh.
AppKit throws an exception when an `NSWindow` is constructed with an
invalid frame. The `<datalist>` dropdown is an `NSWindow` with a frame derived
from the rect of its associated element. When this element is off-screen or
abnormally large, the frame used for the window may be invalid.
Fix by ensuring the frame can never be outside the screen.
* LayoutTests/fast/forms/datalist/datalist-dropdown-transformed-element-crash-expected.txt: Added.
* LayoutTests/fast/forms/datalist/datalist-dropdown-transformed-element-crash.html: Added.
* Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm:
(-[WKDataListSuggestionsController dropdownRectForElementRect:]):
1. Use the presenting window's screen, rather than the main screen for correctness.
2. Take the intersection of the screen's visible frame and the element's visible frame to avoid using an invalid rect.
3. Ensure the minimum origin of the window is (0, 0).
Canonical link: https://commits.webkit.org/259548.702@safari-7615-branch
Commit: 0ffc79d64999230b42051334ef806821fa2fda04
https://github.com/WebKit/WebKit/commit/0ffc79d64999230b42051334ef806821fa2fda04
Author: Chirag M Shah <chirag_m_shah at apple.com>
Date: 2023-04-27 (Thu, 27 Apr 2023)
Changed paths:
M LayoutTests/TestExpectations
A LayoutTests/fullscreen/exit-full-screen-video-crash-expected.txt
A LayoutTests/fullscreen/exit-full-screen-video-crash.html
M Source/WebKit/WebProcess/cocoa/VideoFullscreenManager.mm
Log Message:
-----------
Fix crash when HTMLMediaElement::exitFullscreen is called on a video
element which is not currently full screen
https://bugs.webkit.org/show_bug.cgi?id=255970
rdar://108489504
Reviewed by Jer Noble.
This change fixes an issue where exitFullScreen is called on video, but
the current full screen element is div, due to which we end up
scheduling the webkitendfullscreenEvent event for video, which trips
over an assertion.
* LayoutTests/fullscreen/exit-full-screen-video-crash-expected.txt: Added.
* LayoutTests/fullscreen/exit-full-screen-video-crash.html: Added.
* Source/WebKit/WebProcess/cocoa/VideoFullscreenManager.mm:
(WebKit::VideoFullscreenManager::exitVideoFullscreenForVideoElement):
(WebKit::VideoFullscreenManager::exitVideoFullscreenToModeWithoutAnimation):
Canonical link: https://commits.webkit.org/259548.703@safari-7615-branch
Commit: 6daf218b50fbf8921a5271ca8b9106d1772da05a
https://github.com/WebKit/WebKit/commit/6daf218b50fbf8921a5271ca8b9106d1772da05a
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-04-28 (Fri, 28 Apr 2023)
Changed paths:
M Tools/TestWebKitAPI/Tests/WTF/bmalloc/IsoHeap.cpp
Log Message:
-----------
Cherry-pick b6951b41f339. rdar://problem/108470299
Unreviewed, suppress warning
https://bugs.webkit.org/show_bug.cgi?id=255887
rdar://108470299
* Tools/TestWebKitAPI/Tests/WTF/bmalloc/IsoHeap.cpp:
(TEST):
Canonical link: https://commits.webkit.org/263332@main
Canonical link: https://commits.webkit.org/259548.704@safari-7615-branch
Commit: 2c77ea0857a3136736ab8948ceb2a529e293acbe
https://github.com/WebKit/WebKit/commit/2c77ea0857a3136736ab8948ceb2a529e293acbe
Author: Russell Epstein <repstein at apple.com>
Date: 2023-04-28 (Fri, 28 Apr 2023)
Changed paths:
M LayoutTests/TestExpectations
M Source/WebCore/layout/integration/LayoutIntegrationBoxTree.cpp
M Source/WebCore/rendering/CounterNode.cpp
M Source/WebCore/rendering/LegacyLineLayout.cpp
M Source/WebCore/rendering/RenderBlockFlow.cpp
M Source/WebCore/rendering/RenderCounter.cpp
M Source/WebCore/rendering/RenderCounter.h
M Source/WebCore/rendering/RenderView.cpp
M Source/WebCore/rendering/RenderView.h
M Source/WebCore/rendering/line/BreakingContext.h
M Source/WebCore/rendering/updating/RenderTreeBuilder.cpp
M Source/WebCore/rendering/updating/RenderTreeUpdater.cpp
M Source/WebCore/rendering/updating/RenderTreeUpdaterGeneratedContent.cpp
M Source/WebCore/rendering/updating/RenderTreeUpdaterGeneratedContent.h
Log Message:
-----------
Cherry-pick 263127 at main (21790649ca10). rdar://problem/108611630
Update counters at the end of render tree update
https://bugs.webkit.org/show_bug.cgi?id=255589
rdar://108189324
Reviewed by Alan Baradlay.
Simplify counter updating by doing it in a single place at the end of render tree update.
* Source/WebCore/layout/integration/LayoutIntegrationBoxTree.cpp:
(WebCore::LayoutIntegration::BoxTree::createLayoutBox):
Remove layout-time update code from here and elsewhere.
* Source/WebCore/rendering/CounterNode.cpp:
(WebCore::CounterNode::resetRenderers):
Invalidate by adding the counter to a weak map.
* Source/WebCore/rendering/LegacyLineLayout.cpp:
(WebCore::dirtyLineBoxesForRenderer):
* Source/WebCore/rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::layoutModernLines):
* Source/WebCore/rendering/RenderCounter.cpp:
(WebCore::RenderCounter::RenderCounter):
(WebCore::RenderCounter::willBeDestroyed):
(WebCore::RenderCounter::originalText const):
Just generate the text here.
(WebCore::RenderCounter::updateCounter):
Use setText instead of setRenderedText so we get correct layout invalidation for free.
(WebCore::RenderCounter::computePreferredLogicalWidths): Deleted.
Updating counters is no longer tied to preferred width updates.
* Source/WebCore/rendering/RenderCounter.h:
* Source/WebCore/rendering/RenderCounter.cpp:
(WebCore::RenderCounter::rendererRemovedFromTree): Deleted.
(WebCore::updateCounters): Deleted.
(WebCore::RenderCounter::rendererSubtreeAttached): Deleted.
No need for these tree-traversing move paths anymore. Counters get recomputed using the normal update paths.
* Source/WebCore/rendering/RenderView.cpp:
(WebCore::RenderView::addCounterNeedingUpdate):
(WebCore::RenderView::takeCountersNeedingUpdate):
Track counters that need updating. This replaces the use preferred logical width bit.
* Source/WebCore/rendering/RenderView.h:
* Source/WebCore/rendering/line/BreakingContext.h:
(WebCore::BreakingContext::handleText):
(WebCore::updateCounterIfNeeded): Deleted.
* Source/WebCore/rendering/updating/RenderTreeUpdater.cpp:
(WebCore::RenderTreeUpdater::commit):
* Source/WebCore/rendering/updating/RenderTreeBuilder.cpp:
(WebCore::RenderTreeBuilder::attachToRenderElementInternal):
(WebCore::RenderTreeBuilder::detachFromRenderElement):
* Source/WebCore/rendering/updating/RenderTreeUpdaterGeneratedContent.cpp:
(WebCore::RenderTreeUpdater::GeneratedContent::updateCounters):
Do The actual updating.
* Source/WebCore/rendering/updating/RenderTreeUpdaterGeneratedContent.h:
Canonical link: https://commits.webkit.org/263127@main
Canonical link: https://commits.webkit.org/259548.705@safari-7615-branch
Commit: 3312a9738245adde0c331414b4f9540984891aff
https://github.com/WebKit/WebKit/commit/3312a9738245adde0c331414b4f9540984891aff
Author: Sammy Gill <sammy.gill at apple.com>
Date: 2023-04-28 (Fri, 28 Apr 2023)
Changed paths:
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end.html
M Source/WebCore/css/ComputedStyleExtractor.cpp
M Source/WebCore/rendering/RenderBlockFlow.cpp
M Source/WebCore/rendering/RenderBox.cpp
M Source/WebCore/rendering/RenderBox.h
Log Message:
-----------
Cherry-pick e44bd7f346a1. rdar://problem/106454992
[margin-trim][block layout] Trimmed block-end margins should be reflected in computed style in a horizontal writing-mode BFC.
https://bugs.webkit.org/show_bug.cgi?id=253610
rdar://106454992
Reviewed by Alan Baradlay.
We currently perform margin trimming by doing some backtracking after a
block container with block-end margin trim has completed layout (261750 at main).
In order to make sure that these margins are properly shown in their
computed style value, we need a way for ComputedStyleExtractor to know
that the block-end margin for the renderer has been trimmed. This can be
done by setting the margin-trim rare data bit for that renderer.
Whenever we trim a margin in RenderBlockFlow::trimBlockEndChildrenMargins,
we can replace the calls to setMarginAfterForChild with setTrimmedMarginForChild
which will both trim the margin and set the rare data bit for the renderer.
Later on when ComputedStyleExtractor tries to determine the value of
a bottom margin for a renderer it can first use hasTrimmedMargin on the
renderer in order to determine if that specific margin is trimmed.
While creating this patch and testing the logic, I found that certain
margins are not being trimmed correctly. It seems like particularly that
self collapsing children that has other nested self collapsing content
do not have the nested content trimmed properly. Whenever we have a
self collapsing child, we need to also go inside and trim the margins
of any other children (and perhaps perform this logic for any other
children that are nested inside that). For example
<container>
<item style="margin-bottom: 10px"></item>
<item style="margin-bottom: 10px; height: 0px;">
<item style="margin-bottom: 10px; height: 0px;">
<item style="margin-bottom: 10px; height: 0px;">
<item style="margin-bottom: 10px; height: 0px;"></item>
<item style="margin-bottom: 10px; height: 0px;"></item>
</item>
</item>
</item>
</container>
In this scenario the content itself looks fine as if margin-trimming
occurred correctly, however when looking at the computed margin-bottom
values of the nested self collapsing children we can see that their
margins were not trimmed. Currently we fail the tests in these scenarios
that are introduced in this patch because of this. I plan on addressing
this in a separate patch following this one.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end.html: Added.
* Source/WebCore/css/ComputedStyleExtractor.cpp:
(WebCore::rendererCanHaveTrimmedMargin):
* Source/WebCore/rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::trimBlockEndChildrenMargins):
* Source/WebCore/rendering/RenderBox.cpp:
(WebCore::RenderBox::physicalToFlowRelativeDirectionMapping const):
(WebCore::RenderBox::hasTrimmedMargin const):
(WebCore::RenderBox::hasTrimmedMargin const):
* Source/WebCore/rendering/RenderBox.h:
(WebCore::RenderBox::isBlockLevelBox const):
Canonical link: https://commits.webkit.org/263398@main
Identifier: 259548.706 at safari-7615-branch
Commit: 8f853d51e77467ec36628720b243fd347cfd9b02
https://github.com/WebKit/WebKit/commit/8f853d51e77467ec36628720b243fd347cfd9b02
Author: Sammy Gill <sammy.gill at apple.com>
Date: 2023-04-28 (Fri, 28 Apr 2023)
Changed paths:
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-child-with-border-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-child-with-border.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-self-collapsing-nested-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-self-collapsing-nested.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start.html
M Source/WebCore/css/ComputedStyleExtractor.cpp
M Source/WebCore/rendering/RenderBlockFlow.cpp
M Source/WebCore/rendering/RenderBox.cpp
M Source/WebCore/rendering/RenderLayoutState.cpp
M Source/WebCore/rendering/RenderLayoutState.h
Log Message:
-----------
Cherry-pick 99e30b0ca8f6. rdar://problem/106452955
[margin-trim][block-layout] Content at block-start edge should have trimmed margins reflected in computed style
https://bugs.webkit.org/show_bug.cgi?id=253606
rdar://106452955
Reviewed by Alan Baradlay.
When we trim margins at the block-start edge, we can indicate that the
renderer has a trimmed margin by replacing the calls to setMarginBefore/After
with setTrimmedMarginForChild. This will perform the same behavior of
trimming the renderer's margins by updating its m_marginBox and also
setting the margin-trim rare data bit to indicate that the margin has
been trimmed.
In order to apply this behavior for nested block content that is at the
block-start edge of the outer block container we need to keep track of
some additional state. If a block container has block-start margin-trim
set then it will push some new state onto m_blockStartTrimming to indicate
that block-start trimming should occur and propagate this information to
its children in order to determine whether they should trim. This
new structure acts as a stack that will help nested block containers
determine if they should trim the margins at their block-start edge
based upon its containing block's trimming state and its own MarginInfo
state.
A block container will push new state onto this stack in the following
scenarios:
- If a block-container has block-start margin trim set, then it will push
some new state onto the stack (true) indicating trimming should occur
- A nested block container will check to see if its containing block has trimming
state set by checking the value at the top of the stack along with whether or
not its margins can collapse through to its containing block
- If the containing block has trimming state and the nested child's
margins can collapse through to the top, then the nested child will
push its own state onto the stack to use later on as it lays out
its children. The state will be the same as its containing block's
so that the nested block container will only trim if it is at the
block-start edge of the containing block that has margin-trim set.
- If the containing block has trimming state and the nested child's
margins *cannot* collapse through to the top, then it will push
state onto the stack (false) to indicate that it should not
perform any sort of trimming. This will also indicate to nested
block containers that they should also not trim.
<div id="container" style="margin-trim: block">
<div id="outer" style="margin-block-start: 10px; border: 1px solid black; width: 50px; height: 50px; background-color: green;">
<div id="inner" style="margin-block-start: 10px; border: 1px solid black; width: 50px; height: 50px; background-color: blue;"></div>
</div>
</div>
Here "container," will push some state onto the margin trimming stack
to indicate that it should trim margins at the block-start edge. When
"outer," goes through layout, it will see that its containing block had
set some trimming state so it will do the same. Since it has a border that
means its children's margins cannot collapse through, so it should not
trim those margins and set the state appropriately. "Inner," will see
that its containing block had set some margin-trim state and will need
to do the same. Since its children's margins could collapse through, it
will use the same state as its containing block. However, since the
containing block did not perform trimming, it will also not trim when
it attempts to use this information.
In ComputedStyleExtractor, we will check to see if the renderer has its
top margin trimmed by checking to see if the rare data bit was set during
layout by using RenderBox::hasTrimmedMargin.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-child-with-border-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-child-with-border.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-self-collapsing-nested-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-self-collapsing-nested.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start.html: Added.
* Source/WebCore/css/ComputedStyleExtractor.cpp:
(WebCore::rendererCanHaveTrimmedMargin):
(WebCore::isLayoutDependent):
* Source/WebCore/rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::layoutBlockChildren):
(WebCore::RenderBlockFlow::layoutBlockChild):
(WebCore::RenderBlockFlow::collapseMarginsWithChildInfo):
* Source/WebCore/rendering/RenderBox.cpp:
(WebCore::RenderBox::physicalToFlowRelativeDirectionMapping const):
(WebCore::RenderBox::hasTrimmedMargin const):
* Source/WebCore/rendering/RenderBox.h:
(WebCore::RenderBox::isBlockLevelBox const):
* Source/WebCore/rendering/RenderLayoutState.cpp:
(WebCore::RenderLayoutState::RenderLayoutState):
* Source/WebCore/rendering/RenderLayoutState.h:
(WebCore::RenderLayoutState::RenderLayoutState):
(WebCore::RenderLayoutState::pushBlockStartTrimming):
(WebCore::RenderLayoutState::peekBlockStartTrimming):
(WebCore::RenderLayoutState::popBlockStartTrimming):
Canonical link: https://commits.webkit.org/263412@main
Identifier: 259548.707 at safari-7615-branch
Commit: 433df92ef6c0a2eaf02f62e5bb3a49ff5fcae774
https://github.com/WebKit/WebKit/commit/433df92ef6c0a2eaf02f62e5bb3a49ff5fcae774
Author: Sammy Gill <sammy.gill at apple.com>
Date: 2023-04-28 (Fri, 28 Apr 2023)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children-expected.txt
M Source/WebCore/rendering/RenderBlockFlow.cpp
Log Message:
-----------
Cherry-pick 809b95bb1a78. rdar://problem/108327029
[margin-trim][block layout] Nested self-collapsing children at block-end should also be trimmed.
https://bugs.webkit.org/show_bug.cgi?id=255736
rdar://108327029
Reviewed by Alan Baradlay.
When walking back up the block container for the purposes of block-end
margin trimming we may run into a self collapsing child that needs to
have both of its margins trimmed and its position adjusted. However, it
is also possible that these self-collapsing children may also have other
self-collapsing children nested arbitrarily within. If that is the case,
we need to also trim the margins of all of its descendants.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children-expected.txt:
* Source/WebCore/rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::trimBlockEndChildrenMargins):
Canonical link: https://commits.webkit.org/263439@main
Identifier: 259548.708 at safari-7615-branch
Commit: 6efa0b2526878ed6fa65fbcd7bf95eaa59e47a1d
https://github.com/WebKit/WebKit/commit/6efa0b2526878ed6fa65fbcd7bf95eaa59e47a1d
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-04-29 (Sat, 29 Apr 2023)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children-expected.txt
M Source/WebCore/rendering/RenderBlockFlow.cpp
Log Message:
-----------
Revert "Cherry-pick 809b95bb1a78. rdar://problem/108327029"
This reverts commit 433df92ef6c0a2eaf02f62e5bb3a49ff5fcae774.
Identifier: 259548.709 at safari-7615-branch
Commit: 20004ef38ba22c2f3870a8a56bad4f47355c1a22
https://github.com/WebKit/WebKit/commit/20004ef38ba22c2f3870a8a56bad4f47355c1a22
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-04-29 (Sat, 29 Apr 2023)
Changed paths:
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-child-with-border-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-child-with-border.html
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-self-collapsing-nested-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-self-collapsing-nested.html
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start.html
M Source/WebCore/css/ComputedStyleExtractor.cpp
M Source/WebCore/rendering/RenderBlockFlow.cpp
M Source/WebCore/rendering/RenderBox.cpp
M Source/WebCore/rendering/RenderLayoutState.cpp
M Source/WebCore/rendering/RenderLayoutState.h
Log Message:
-----------
Revert "Cherry-pick 99e30b0ca8f6. rdar://problem/106452955"
This reverts commit 8f853d51e77467ec36628720b243fd347cfd9b02.
Identifier: 259548.710 at safari-7615-branch
Commit: 52f806e6cbf85e3b97b69164fe1d95ba956cc6fb
https://github.com/WebKit/WebKit/commit/52f806e6cbf85e3b97b69164fe1d95ba956cc6fb
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-04-29 (Sat, 29 Apr 2023)
Changed paths:
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child.html
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children.html
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end.html
M Source/WebCore/css/ComputedStyleExtractor.cpp
M Source/WebCore/rendering/RenderBlockFlow.cpp
M Source/WebCore/rendering/RenderBox.cpp
M Source/WebCore/rendering/RenderBox.h
Log Message:
-----------
Revert "Cherry-pick e44bd7f346a1. rdar://problem/106454992"
This reverts commit 3312a9738245adde0c331414b4f9540984891aff.
Identifier: 259548.711 at safari-7615-branch
Commit: a7149084a1f528e39c7f2ce10f0e26cee3f93377
https://github.com/WebKit/WebKit/commit/a7149084a1f528e39c7f2ce10f0e26cee3f93377
Author: Tim Nguyen <ntim at apple.com>
Date: 2023-05-01 (Mon, 01 May 2023)
Changed paths:
A LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/color-mix-currentcolor-border-repaint-expected.xht
A LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/color-mix-currentcolor-border-repaint-parent-expected.xht
A LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/color-mix-currentcolor-border-repaint-parent.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/color-mix-currentcolor-border-repaint.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/currentcolor-border-repaint-parent-expected.xht
A LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/currentcolor-border-repaint-parent.html
M Source/WebCore/animation/CSSPropertyAnimation.cpp
M Source/WebCore/css/StyleColor.cpp
M Source/WebCore/css/StyleColor.h
M Source/WebCore/css/color/CSSUnresolvedColor.cpp
M Source/WebCore/css/color/CSSUnresolvedColor.h
M Source/WebCore/editing/EditingStyle.cpp
M Source/WebCore/rendering/style/BorderData.cpp
M Source/WebCore/rendering/style/RenderStyle.cpp
M Source/WebCore/rendering/style/RenderStyle.h
M Source/WebCore/rendering/style/SVGRenderStyle.cpp
M Source/WebCore/rendering/style/StyleGradientImage.cpp
M Source/WebCore/style/ElementRuleCollector.cpp
M Source/WebCore/svg/properties/SVGAnimationAdditiveValueFunctionImpl.cpp
Log Message:
-----------
Cherry-pick 63a655702b01. rdar://problem/104872702
Repaint issues with currentColor & color-mix()
https://bugs.webkit.org/show_bug.cgi?id=256118
rdar://104872702
Reviewed by Antti Koivisto.
There are 2 different issues:
1. Raw `currentColor` (even without `color-mix()`) will not repaint if the color was changed on the ancestors
2. Using `currentColor` inside `color-mix()` will not repaint if the color was changed (either on the element itself or the ancestors)
1. is fixed by taking in account currentColor changes in `RenderStyle::changeRequiresRepaint()`
2. is fixed by introducing a `containsCurrentColor()` helper taking in account nested currentColor inside `color-mix()`, and replacing appropriate `isCurrentColor()` checks.
Also remove `RenderStyle::isCurrentColor()` since it does not add much value.
* LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/color-mix-currentcolor-border-repaint-expected.xht: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/color-mix-currentcolor-border-repaint-parent-expected.xht: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/color-mix-currentcolor-border-repaint-parent.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/color-mix-currentcolor-border-repaint.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/currentcolor-border-repaint-parent-expected.xht: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/currentcolor-border-repaint-parent.html: Added.
* Source/WebCore/animation/CSSPropertyAnimation.cpp:
(WebCore::blendSyntaxValues):
* Source/WebCore/css/StyleColor.cpp:
(WebCore::StyleColor::containsCurrentColor):
(WebCore::StyleColor::containsCurrentColor const):
* Source/WebCore/css/StyleColor.h:
* Source/WebCore/css/color/CSSUnresolvedColor.cpp:
(WebCore::CSSUnresolvedColor::containsCurrentColor const):
* Source/WebCore/css/color/CSSUnresolvedColor.h:
* Source/WebCore/editing/EditingStyle.cpp:
(WebCore::EditingStyle::removeTextFillAndStrokeColorsIfNeeded):
* Source/WebCore/rendering/style/BorderData.cpp:
(WebCore::BorderData::isEquivalentForPainting const):
* Source/WebCore/rendering/style/RenderStyle.cpp:
(WebCore::RenderStyle::changeRequiresRepaint const):
(WebCore::RenderStyle::colorResolvingCurrentColor const):
* Source/WebCore/rendering/style/RenderStyle.h:
(WebCore::RenderStyle::currentColor):
(WebCore::RenderStyle::isCurrentColor): Deleted.
* Source/WebCore/rendering/style/SVGRenderStyle.cpp:
(WebCore::colorChangeRequiresRepaint):
* Source/WebCore/rendering/style/StyleGradientImage.cpp:
(WebCore::stopsAreCacheable):
* Source/WebCore/style/ElementRuleCollector.cpp:
(WebCore::Style::ElementRuleCollector::addMatchedProperties):
* Source/WebCore/svg/properties/SVGAnimationAdditiveValueFunctionImpl.cpp:
(WebCore::SVGAnimationColorFunction::calculateDistance const):
Canonical link: https://commits.webkit.org/263531@main
Identifier: 259548.712 at safari-7615-branch
Commit: 9bf39d96592d02c3988efa649a43ca46f966c5f1
https://github.com/WebKit/WebKit/commit/9bf39d96592d02c3988efa649a43ca46f966c5f1
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-05-01 (Mon, 01 May 2023)
Changed paths:
M Source/WebCore/css/ComputedStyleExtractor.cpp
Log Message:
-----------
Apply patch. rdar://problem/108664653
Identifier: 259548.713 at safari-7615-branch
Commit: 5e0c1ca6b0e7be181bd76ce983b9236c4759b5fa
https://github.com/WebKit/WebKit/commit/5e0c1ca6b0e7be181bd76ce983b9236c4759b5fa
Author: Sammy Gill <sammy.gill at apple.com>
Date: 2023-05-01 (Mon, 01 May 2023)
Changed paths:
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end.html
M Source/WebCore/css/ComputedStyleExtractor.cpp
M Source/WebCore/rendering/RenderBlockFlow.cpp
M Source/WebCore/rendering/RenderBox.cpp
M Source/WebCore/rendering/RenderBox.h
Log Message:
-----------
Cherry-pick e44bd7f346a1. rdar://problem/106454992
[margin-trim][block layout] Trimmed block-end margins should be reflected in computed style in a horizontal writing-mode BFC.
https://bugs.webkit.org/show_bug.cgi?id=253610
rdar://106454992
Reviewed by Alan Baradlay.
We currently perform margin trimming by doing some backtracking after a
block container with block-end margin trim has completed layout (261750 at main).
In order to make sure that these margins are properly shown in their
computed style value, we need a way for ComputedStyleExtractor to know
that the block-end margin for the renderer has been trimmed. This can be
done by setting the margin-trim rare data bit for that renderer.
Whenever we trim a margin in RenderBlockFlow::trimBlockEndChildrenMargins,
we can replace the calls to setMarginAfterForChild with setTrimmedMarginForChild
which will both trim the margin and set the rare data bit for the renderer.
Later on when ComputedStyleExtractor tries to determine the value of
a bottom margin for a renderer it can first use hasTrimmedMargin on the
renderer in order to determine if that specific margin is trimmed.
While creating this patch and testing the logic, I found that certain
margins are not being trimmed correctly. It seems like particularly that
self collapsing children that has other nested self collapsing content
do not have the nested content trimmed properly. Whenever we have a
self collapsing child, we need to also go inside and trim the margins
of any other children (and perhaps perform this logic for any other
children that are nested inside that). For example
<container>
<item style="margin-bottom: 10px"></item>
<item style="margin-bottom: 10px; height: 0px;">
<item style="margin-bottom: 10px; height: 0px;">
<item style="margin-bottom: 10px; height: 0px;">
<item style="margin-bottom: 10px; height: 0px;"></item>
<item style="margin-bottom: 10px; height: 0px;"></item>
</item>
</item>
</item>
</container>
In this scenario the content itself looks fine as if margin-trimming
occurred correctly, however when looking at the computed margin-bottom
values of the nested self collapsing children we can see that their
margins were not trimmed. Currently we fail the tests in these scenarios
that are introduced in this patch because of this. I plan on addressing
this in a separate patch following this one.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end.html: Added.
* Source/WebCore/css/ComputedStyleExtractor.cpp:
(WebCore::rendererCanHaveTrimmedMargin):
* Source/WebCore/rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::trimBlockEndChildrenMargins):
* Source/WebCore/rendering/RenderBox.cpp:
(WebCore::RenderBox::physicalToFlowRelativeDirectionMapping const):
(WebCore::RenderBox::hasTrimmedMargin const):
(WebCore::RenderBox::hasTrimmedMargin const):
* Source/WebCore/rendering/RenderBox.h:
(WebCore::RenderBox::isBlockLevelBox const):
Canonical link: https://commits.webkit.org/263398@main
Identifier: 259548.714 at safari-7615-branch
Commit: b149bce837304901b1677cc8fe93f1e9297f9cd9
https://github.com/WebKit/WebKit/commit/b149bce837304901b1677cc8fe93f1e9297f9cd9
Author: Sammy Gill <sammy.gill at apple.com>
Date: 2023-05-01 (Mon, 01 May 2023)
Changed paths:
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-child-with-border-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-child-with-border.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-self-collapsing-nested-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-self-collapsing-nested.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start.html
M Source/WebCore/css/ComputedStyleExtractor.cpp
M Source/WebCore/rendering/RenderBlockFlow.cpp
M Source/WebCore/rendering/RenderBox.cpp
M Source/WebCore/rendering/RenderLayoutState.cpp
M Source/WebCore/rendering/RenderLayoutState.h
Log Message:
-----------
Cherry-pick 99e30b0ca8f6. rdar://problem/106452955
[margin-trim][block-layout] Content at block-start edge should have trimmed margins reflected in computed style
https://bugs.webkit.org/show_bug.cgi?id=253606
rdar://106452955
Reviewed by Alan Baradlay.
When we trim margins at the block-start edge, we can indicate that the
renderer has a trimmed margin by replacing the calls to setMarginBefore/After
with setTrimmedMarginForChild. This will perform the same behavior of
trimming the renderer's margins by updating its m_marginBox and also
setting the margin-trim rare data bit to indicate that the margin has
been trimmed.
In order to apply this behavior for nested block content that is at the
block-start edge of the outer block container we need to keep track of
some additional state. If a block container has block-start margin-trim
set then it will push some new state onto m_blockStartTrimming to indicate
that block-start trimming should occur and propagate this information to
its children in order to determine whether they should trim. This
new structure acts as a stack that will help nested block containers
determine if they should trim the margins at their block-start edge
based upon its containing block's trimming state and its own MarginInfo
state.
A block container will push new state onto this stack in the following
scenarios:
- If a block-container has block-start margin trim set, then it will push
some new state onto the stack (true) indicating trimming should occur
- A nested block container will check to see if its containing block has trimming
state set by checking the value at the top of the stack along with whether or
not its margins can collapse through to its containing block
- If the containing block has trimming state and the nested child's
margins can collapse through to the top, then the nested child will
push its own state onto the stack to use later on as it lays out
its children. The state will be the same as its containing block's
so that the nested block container will only trim if it is at the
block-start edge of the containing block that has margin-trim set.
- If the containing block has trimming state and the nested child's
margins *cannot* collapse through to the top, then it will push
state onto the stack (false) to indicate that it should not
perform any sort of trimming. This will also indicate to nested
block containers that they should also not trim.
<div id="container" style="margin-trim: block">
<div id="outer" style="margin-block-start: 10px; border: 1px solid black; width: 50px; height: 50px; background-color: green;">
<div id="inner" style="margin-block-start: 10px; border: 1px solid black; width: 50px; height: 50px; background-color: blue;"></div>
</div>
</div>
Here "container," will push some state onto the margin trimming stack
to indicate that it should trim margins at the block-start edge. When
"outer," goes through layout, it will see that its containing block had
set some trimming state so it will do the same. Since it has a border that
means its children's margins cannot collapse through, so it should not
trim those margins and set the state appropriately. "Inner," will see
that its containing block had set some margin-trim state and will need
to do the same. Since its children's margins could collapse through, it
will use the same state as its containing block. However, since the
containing block did not perform trimming, it will also not trim when
it attempts to use this information.
In ComputedStyleExtractor, we will check to see if the renderer has its
top margin trimmed by checking to see if the rare data bit was set during
layout by using RenderBox::hasTrimmedMargin.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-child-with-border-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-child-with-border.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-self-collapsing-nested-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-self-collapsing-nested.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start.html: Added.
* Source/WebCore/css/ComputedStyleExtractor.cpp:
(WebCore::rendererCanHaveTrimmedMargin):
(WebCore::isLayoutDependent):
* Source/WebCore/rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::layoutBlockChildren):
(WebCore::RenderBlockFlow::layoutBlockChild):
(WebCore::RenderBlockFlow::collapseMarginsWithChildInfo):
* Source/WebCore/rendering/RenderBox.cpp:
(WebCore::RenderBox::physicalToFlowRelativeDirectionMapping const):
(WebCore::RenderBox::hasTrimmedMargin const):
* Source/WebCore/rendering/RenderBox.h:
(WebCore::RenderBox::isBlockLevelBox const):
* Source/WebCore/rendering/RenderLayoutState.cpp:
(WebCore::RenderLayoutState::RenderLayoutState):
* Source/WebCore/rendering/RenderLayoutState.h:
(WebCore::RenderLayoutState::RenderLayoutState):
(WebCore::RenderLayoutState::pushBlockStartTrimming):
(WebCore::RenderLayoutState::peekBlockStartTrimming):
(WebCore::RenderLayoutState::popBlockStartTrimming):
Canonical link: https://commits.webkit.org/263412@main
Identifier: 259548.715 at safari-7615-branch
Commit: fe8bf739074db33f746ed08620176e34fccaaeba
https://github.com/WebKit/WebKit/commit/fe8bf739074db33f746ed08620176e34fccaaeba
Author: Sammy Gill <sammy.gill at apple.com>
Date: 2023-05-01 (Mon, 01 May 2023)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children-expected.txt
M Source/WebCore/rendering/RenderBlockFlow.cpp
Log Message:
-----------
Cherry-pick 809b95bb1a78. rdar://problem/108327029
[margin-trim][block layout] Nested self-collapsing children at block-end should also be trimmed.
https://bugs.webkit.org/show_bug.cgi?id=255736
rdar://108327029
Reviewed by Alan Baradlay.
When walking back up the block container for the purposes of block-end
margin trimming we may run into a self collapsing child that needs to
have both of its margins trimmed and its position adjusted. However, it
is also possible that these self-collapsing children may also have other
self-collapsing children nested arbitrarily within. If that is the case,
we need to also trim the margins of all of its descendants.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children-expected.txt:
* Source/WebCore/rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::trimBlockEndChildrenMargins):
Canonical link: https://commits.webkit.org/263439@main
Identifier: 259548.716 at safari-7615-branch
Commit: 1c4897d1134aa0eb5e5463830541d7f5597bcb52
https://github.com/WebKit/WebKit/commit/1c4897d1134aa0eb5e5463830541d7f5597bcb52
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-05-01 (Mon, 01 May 2023)
Changed paths:
R LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/color-mix-currentcolor-border-repaint-expected.xht
R LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/color-mix-currentcolor-border-repaint-parent-expected.xht
R LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/color-mix-currentcolor-border-repaint-parent.html
R LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/color-mix-currentcolor-border-repaint.html
R LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/currentcolor-border-repaint-parent-expected.xht
R LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/currentcolor-border-repaint-parent.html
M Source/WebCore/animation/CSSPropertyAnimation.cpp
M Source/WebCore/css/StyleColor.cpp
M Source/WebCore/css/StyleColor.h
M Source/WebCore/css/color/CSSUnresolvedColor.cpp
M Source/WebCore/css/color/CSSUnresolvedColor.h
M Source/WebCore/editing/EditingStyle.cpp
M Source/WebCore/rendering/style/BorderData.cpp
M Source/WebCore/rendering/style/RenderStyle.cpp
M Source/WebCore/rendering/style/RenderStyle.h
M Source/WebCore/rendering/style/SVGRenderStyle.cpp
M Source/WebCore/rendering/style/StyleGradientImage.cpp
M Source/WebCore/style/ElementRuleCollector.cpp
M Source/WebCore/svg/properties/SVGAnimationAdditiveValueFunctionImpl.cpp
Log Message:
-----------
Revert "Cherry-pick 63a655702b01. rdar://problem/104872702"
This reverts commit a7149084a1f528e39c7f2ce10f0e26cee3f93377.
Identifier: 259548.717 at safari-7615-branch
Commit: 4b11fc9c5e1dad1f8b47e872be2fb0d224ac49e5
https://github.com/WebKit/WebKit/commit/4b11fc9c5e1dad1f8b47e872be2fb0d224ac49e5
Author: Brady Eidson <beidson at apple.com>
Date: 2023-05-01 (Mon, 01 May 2023)
Changed paths:
M Source/WebKit/UIProcess/API/C/WKNotification.cpp
M Source/WebKit/UIProcess/API/C/WKNotification.h
Log Message:
-----------
Cherry-pick eaa067b4e145. rdar://problem/108747682
Expose C-based API for WKNotificationGetAlert
https://bugs.webkit.org/show_bug.cgi?id=255759
rdar://108348296
Reviewed by Megan Gardner.
* Source/WebKit/UIProcess/API/C/WKNotification.cpp:
(WKNotificationGetAlert):
* Source/WebKit/UIProcess/API/C/WKNotification.h:
Canonical link: https://commits.webkit.org/263212@main
Identifier: 259548.718 at safari-7615-branch
Commit: 4c34d7bba54c12b26992fcef9c382502a7a045c4
https://github.com/WebKit/WebKit/commit/4c34d7bba54c12b26992fcef9c382502a7a045c4
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-05-01 (Mon, 01 May 2023)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children-expected.txt
M Source/WebCore/rendering/RenderBlockFlow.cpp
Log Message:
-----------
Revert "Cherry-pick 809b95bb1a78. rdar://problem/108327029"
This reverts commit fe8bf739074db33f746ed08620176e34fccaaeba.
Identifier: 259548.719 at safari-7615-branch
Commit: e8815d6a5e76a7726882a12b9a3596bc802e09ec
https://github.com/WebKit/WebKit/commit/e8815d6a5e76a7726882a12b9a3596bc802e09ec
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-05-01 (Mon, 01 May 2023)
Changed paths:
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-child-with-border-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-child-with-border.html
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-self-collapsing-nested-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-self-collapsing-nested.html
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start.html
M Source/WebCore/css/ComputedStyleExtractor.cpp
M Source/WebCore/rendering/RenderBlockFlow.cpp
M Source/WebCore/rendering/RenderBox.cpp
M Source/WebCore/rendering/RenderLayoutState.cpp
M Source/WebCore/rendering/RenderLayoutState.h
Log Message:
-----------
Revert "Cherry-pick 99e30b0ca8f6. rdar://problem/106452955"
This reverts commit b149bce837304901b1677cc8fe93f1e9297f9cd9.
Identifier: 259548.720 at safari-7615-branch
Commit: bd32211f61933392f00129ffd87ee0ede4aa5e98
https://github.com/WebKit/WebKit/commit/bd32211f61933392f00129ffd87ee0ede4aa5e98
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-05-01 (Mon, 01 May 2023)
Changed paths:
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child.html
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children.html
R LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end.html
M Source/WebCore/css/ComputedStyleExtractor.cpp
M Source/WebCore/rendering/RenderBlockFlow.cpp
M Source/WebCore/rendering/RenderBox.cpp
M Source/WebCore/rendering/RenderBox.h
Log Message:
-----------
Revert "Cherry-pick e44bd7f346a1. rdar://problem/106454992"
This reverts commit 5e0c1ca6b0e7be181bd76ce983b9236c4759b5fa.
Identifier: 259548.721 at safari-7615-branch
Commit: 56d6eb673565b77196fc6c9682d1be720f781c0d
https://github.com/WebKit/WebKit/commit/56d6eb673565b77196fc6c9682d1be720f781c0d
Author: Russell Epstein <repstein at apple.com>
Date: 2023-05-01 (Mon, 01 May 2023)
Changed paths:
A LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/color-mix-currentcolor-border-repaint-expected.xht
A LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/color-mix-currentcolor-border-repaint-parent-expected.xht
A LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/color-mix-currentcolor-border-repaint-parent.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/color-mix-currentcolor-border-repaint.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/currentcolor-border-repaint-parent-expected.xht
A LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/currentcolor-border-repaint-parent.html
M Source/WebCore/animation/CSSPropertyAnimation.cpp
M Source/WebCore/css/StyleColor.cpp
M Source/WebCore/css/StyleColor.h
M Source/WebCore/css/color/CSSUnresolvedColor.cpp
M Source/WebCore/css/color/CSSUnresolvedColor.h
M Source/WebCore/editing/EditingStyle.cpp
M Source/WebCore/rendering/style/BorderData.cpp
M Source/WebCore/rendering/style/RenderStyle.cpp
M Source/WebCore/rendering/style/SVGRenderStyle.cpp
M Source/WebCore/rendering/style/StyleGradientImage.cpp
M Source/WebCore/style/ElementRuleCollector.cpp
M Source/WebCore/svg/properties/SVGAnimationAdditiveValueFunctionImpl.cpp
Log Message:
-----------
Apply patch. rdar://problem/104872702
Identifier: 259548.722 at safari-7615-branch
Commit: 9e8e582627a83ed3706ec32caee92283a5f6db88
https://github.com/WebKit/WebKit/commit/9e8e582627a83ed3706ec32caee92283a5f6db88
Author: Alex Christensen <achristensen at apple.com>
Date: 2023-05-02 (Tue, 02 May 2023)
Changed paths:
M Source/WebCore/animation/KeyframeEffect.cpp
M Source/WebCore/platform/graphics/transforms/IdentityTransformOperation.h
M Source/WebCore/platform/graphics/transforms/Matrix3DTransformOperation.h
M Source/WebCore/platform/graphics/transforms/MatrixTransformOperation.h
M Source/WebCore/platform/graphics/transforms/PerspectiveTransformOperation.h
M Source/WebCore/platform/graphics/transforms/RotateTransformOperation.cpp
M Source/WebCore/platform/graphics/transforms/RotateTransformOperation.h
M Source/WebCore/platform/graphics/transforms/ScaleTransformOperation.cpp
M Source/WebCore/platform/graphics/transforms/ScaleTransformOperation.h
M Source/WebCore/platform/graphics/transforms/SkewTransformOperation.cpp
M Source/WebCore/platform/graphics/transforms/SkewTransformOperation.h
M Source/WebCore/platform/graphics/transforms/TransformOperation.h
M Source/WebCore/platform/graphics/transforms/TranslateTransformOperation.cpp
M Source/WebCore/platform/graphics/transforms/TranslateTransformOperation.h
M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
Log Message:
-----------
TransformOperation subclasses should verify deserialized type
https://bugs.webkit.org/show_bug.cgi?id=255629
rdar://108161092
Reviewed by David Kilzer.
The type needs to line up with the same types used by the is, downcast, and dynamicDowncast functions.
* Source/WebCore/animation/KeyframeEffect.cpp:
(WebCore::KeyframeEffect::computedNeedsForcedLayout):
* Source/WebCore/platform/graphics/transforms/IdentityTransformOperation.h:
* Source/WebCore/platform/graphics/transforms/Matrix3DTransformOperation.h:
* Source/WebCore/platform/graphics/transforms/MatrixTransformOperation.h:
* Source/WebCore/platform/graphics/transforms/PerspectiveTransformOperation.h:
* Source/WebCore/platform/graphics/transforms/RotateTransformOperation.cpp:
(WebCore::RotateTransformOperation::RotateTransformOperation):
* Source/WebCore/platform/graphics/transforms/RotateTransformOperation.h:
* Source/WebCore/platform/graphics/transforms/ScaleTransformOperation.cpp:
(WebCore::ScaleTransformOperation::ScaleTransformOperation):
* Source/WebCore/platform/graphics/transforms/ScaleTransformOperation.h:
* Source/WebCore/platform/graphics/transforms/SkewTransformOperation.cpp:
(WebCore::SkewTransformOperation::SkewTransformOperation):
* Source/WebCore/platform/graphics/transforms/SkewTransformOperation.h:
* Source/WebCore/platform/graphics/transforms/TransformOperation.h:
(WebCore::TransformOperation::isRotateTransformOperationType):
(WebCore::TransformOperation::isScaleTransformOperationType):
(WebCore::TransformOperation::isSkewTransformOperationType):
(WebCore::TransformOperation::isTranslateTransformOperationType):
(WebCore::TransformOperation::isRotateTransformOperationType const): Deleted.
(WebCore::TransformOperation::isScaleTransformOperationType const): Deleted.
(WebCore::TransformOperation::isSkewTransformOperationType const): Deleted.
(WebCore::TransformOperation::isTranslateTransformOperationType const): Deleted.
* Source/WebCore/platform/graphics/transforms/TranslateTransformOperation.cpp:
(WebCore::TranslateTransformOperation::TranslateTransformOperation):
* Source/WebCore/platform/graphics/transforms/TranslateTransformOperation.h:
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
Canonical link: https://commits.webkit.org/259548.723@safari-7615-branch
Commit: ed91d31068648f5bb03ff99d5b2d60a5aa9cc0d9
https://github.com/WebKit/WebKit/commit/ed91d31068648f5bb03ff99d5b2d60a5aa9cc0d9
Author: Ryan Haddad <ryanhaddad at apple.com>
Date: 2023-05-02 (Tue, 02 May 2023)
Changed paths:
R LayoutTests/platform/ios-simulator/imported/w3c/web-platform-tests/svg/import/metadata-example-01-t-manual-expected.txt
R LayoutTests/platform/ios-wk2/fast/block/basic/011-expected.txt
R LayoutTests/platform/ios-wk2/fast/block/basic/minheight-expected.txt
R LayoutTests/platform/ios-wk2/fast/block/margin-collapse/103-expected.txt
R LayoutTests/platform/ios-wk2/fast/css/002-expected.txt
R LayoutTests/platform/ios-wk2/fast/invalid/008-expected.txt
R LayoutTests/platform/ios-wk2/fast/overflow/003-expected.txt
R LayoutTests/platform/ios-wk2/fast/overflow/infiniteRecursion-expected.txt
R LayoutTests/platform/ios-wk2/fast/text/international/bidi-explicit-embedding-expected.txt
M LayoutTests/platform/ios/TestExpectations
M LayoutTests/platform/ios/css1/box_properties/acid_test-expected.txt
M LayoutTests/platform/ios/css2.1/t09-c5526c-display-00-e-expected.txt
M LayoutTests/platform/ios/fast/block/basic/011-expected.txt
M LayoutTests/platform/ios/fast/block/margin-collapse/103-expected.txt
M LayoutTests/platform/ios/fast/forms/search-styled-expected.txt
M LayoutTests/platform/ios/fast/overflow/003-expected.txt
M LayoutTests/platform/ios/fast/table/rowindex-expected.txt
A LayoutTests/platform/ios/imported/w3c/web-platform-tests/css/css-writing-modes/forms/meter-appearance-native-computed-style.optional-expected.txt
A LayoutTests/platform/ios/imported/w3c/web-platform-tests/fetch/content-length/api-and-duplicate-headers.any-expected.txt
A LayoutTests/platform/ios/imported/w3c/web-platform-tests/fetch/content-length/api-and-duplicate-headers.any.worker-expected.txt
A LayoutTests/platform/ios/imported/w3c/web-platform-tests/html/dom/idlharness.https_exclude=(Document_Window_HTML._)-expected.txt
A LayoutTests/platform/ios/imported/w3c/web-platform-tests/html/semantics/disabled-elements/disabled-event-dispatch.tentative-expected.txt
A LayoutTests/platform/ios/imported/w3c/web-platform-tests/html/semantics/popovers/popover-light-dismiss-expected.txt
M LayoutTests/platform/ios/imported/w3c/web-platform-tests/screen-orientation/nested-documents-expected.txt
M LayoutTests/platform/ios/imported/w3c/web-platform-tests/screen-orientation/unlock-expected.txt
A LayoutTests/platform/ios/imported/w3c/web-platform-tests/svg/import/metadata-example-01-t-manual-expected.txt
M LayoutTests/platform/ios/scrollbars/overflow-scrollbar-combinations-expected.txt
M LayoutTests/platform/ios/svg/W3C-SVG-1.1/metadata-example-01-b-expected.txt
M LayoutTests/platform/ios/svg/custom/svg-fonts-in-html-expected.txt
M LayoutTests/platform/ios/svg/custom/use-on-symbol-inside-pattern-expected.txt
M LayoutTests/platform/ios/tables/mozilla/bugs/bug2479-2-expected.txt
Log Message:
-----------
Cherry-pick 262717 at main (5981ddb013be). rdar://107742631
[iOS] Rebaseline tests for iOS 16.4
https://bugs.webkit.org/show_bug.cgi?id=255140
rdar://107742631
Unreviewed test gardening
* LayoutTests/platform/ios/TestExpectations:
* LayoutTests/platform/ios/css1/box_properties/acid_test-expected.txt:
* LayoutTests/platform/ios/css2.1/t09-c5526c-display-00-e-expected.txt:
* LayoutTests/platform/ios/fast/block/basic/011-expected.txt:
* LayoutTests/platform/ios/fast/block/margin-collapse/103-expected.txt:
* LayoutTests/platform/ios/fast/forms/search-styled-expected.txt:
* LayoutTests/platform/ios/fast/overflow/003-expected.txt:
* LayoutTests/platform/ios/fast/table/rowindex-expected.txt:
* LayoutTests/platform/ios/imported/w3c/web-platform-tests/css/css-writing-modes/forms/meter-appearance-native-computed-style.optional-expected.txt: Added.
* LayoutTests/platform/ios/imported/w3c/web-platform-tests/fetch/content-length/api-and-duplicate-headers.any-expected.txt: Added.
* LayoutTests/platform/ios/imported/w3c/web-platform-tests/html/dom/idlharness.https_exclude=(Document_Window_HTML._)-expected.txt: Added.
* LayoutTests/platform/ios/imported/w3c/web-platform-tests/html/semantics/disabled-elements/disabled-event-dispatch.tentative-expected.txt: Added.
* LayoutTests/platform/ios/imported/w3c/web-platform-tests/html/semantics/popovers/popover-light-dismiss-expected.txt: Added.
* LayoutTests/platform/ios/imported/w3c/web-platform-tests/screen-orientation/nested-documents-expected.txt:
* LayoutTests/platform/ios/imported/w3c/web-platform-tests/screen-orientation/unlock-expected.txt:
* LayoutTests/platform/ios/imported/w3c/web-platform-tests/svg/import/metadata-example-01-t-manual-expected.txt: Added.
* LayoutTests/platform/ios/scrollbars/overflow-scrollbar-combinations-expected.txt:
* LayoutTests/platform/ios/svg/W3C-SVG-1.1/metadata-example-01-b-expected.txt:
* LayoutTests/platform/ios/svg/custom/svg-fonts-in-html-expected.txt:
* LayoutTests/platform/ios/svg/custom/use-on-symbol-inside-pattern-expected.txt:
* LayoutTests/platform/ios/tables/mozilla/bugs/bug2479-2-expected.txt:
* LayoutTests/platform/ios-simulator/imported/w3c/web-platform-tests/svg/import/metadata-example-01-t-manual-expected.txt: Removed.
* LayoutTests/platform/ios-wk2/fast/block/basic/011-expected.txt: Removed.
* LayoutTests/platform/ios-wk2/fast/block/basic/minheight-expected.txt: Removed.
* LayoutTests/platform/ios-wk2/fast/block/margin-collapse/103-expected.txt: Removed.
* LayoutTests/platform/ios-wk2/fast/css/002-expected.txt: Removed.
* LayoutTests/platform/ios-wk2/fast/invalid/008-expected.txt: Removed.
* LayoutTests/platform/ios-wk2/fast/overflow/003-expected.txt: Removed.
* LayoutTests/platform/ios-wk2/fast/overflow/infiniteRecursion-expected.txt: Removed.
* LayoutTests/platform/ios-wk2/fast/text/international/bidi-explicit-embedding-expected.txt: Removed.
* LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/semantics/popovers/popover-light-dismiss-expected.txt: Removed.
Canonical link: https://commits.webkit.org/262717@main
Canonical link: https://commits.webkit.org/259548.724@safari-7615-branch
Commit: d03416657a40b995244ef0b1319d3d4bfa4074c4
https://github.com/WebKit/WebKit/commit/d03416657a40b995244ef0b1319d3d4bfa4074c4
Author: Robert Jenner <jenner at apple.com>
Date: 2023-05-02 (Tue, 02 May 2023)
Changed paths:
M LayoutTests/fast/gradients/linear-two-hints-angle.html
Log Message:
-----------
Cherry-pick 262858 at main (01307ba22bed). rdar://107774707
[ iOS ] fast/gradients/linear-two-hints-angle.html is a constant ImageOnlyFailure
https://bugs.webkit.org/show_bug.cgi?id=255181
rdar://107774707
Unreviewed test gardening.
* LayoutTests/fast/gradients/linear-two-hints-angle.html:
* LayoutTests/platform/ios/TestExpectations:
Canonical link: https://commits.webkit.org/262858@main
Canonical link: https://commits.webkit.org/259548.725@safari-7615-branch
Commit: 46cc2aa9eacb1978cd76e55ff4fa0086d893ff69
https://github.com/WebKit/WebKit/commit/46cc2aa9eacb1978cd76e55ff4fa0086d893ff69
Author: Robert Jenner <jenner at apple.com>
Date: 2023-05-02 (Tue, 02 May 2023)
Changed paths:
M LayoutTests/platform/ios/TestExpectations
Log Message:
-----------
Cherry-pick 262734 at main (b3ab7042bc2a). rdar://problem/107772432
[GARDNEING] Batch mark expectations for newly failing tests introduced with iOS 16.4 update
https://bugs.webkit.org/show_bug.cgi?id=255177
rdar://problem/107772432
Unreviewed test gardening.
* LayoutTests/platform/ios/TestExpectations:
Canonical link: https://commits.webkit.org/262734@main
Canonical link: https://commits.webkit.org/259548.726@safari-7615-branch
Commit: 2aad4d480bf30e7db859e1f30ba7d90adb2c3dc5
https://github.com/WebKit/WebKit/commit/2aad4d480bf30e7db859e1f30ba7d90adb2c3dc5
Author: Tim Nguyen <ntim at apple.com>
Date: 2023-05-03 (Wed, 03 May 2023)
Changed paths:
A LayoutTests/imported/w3c/web-platform-tests/css/css-color/color-mix-currentcolor-003-expected.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-color/color-mix-currentcolor-003-ref.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-color/color-mix-currentcolor-003.html
M Source/WebCore/style/StyleBuilderCustom.h
Log Message:
-----------
Cherry-pick 0d0b8844e76c. rdar://problem/108698737
REGRESSION(259145 at main): Crash when using 'currentcolor' with color-mix() in color property
https://bugs.webkit.org/show_bug.cgi?id=256171
rdar://108698737
Reviewed by Darin Adler.
We were previously not handling `color-mix()` in the logic to resolve colors for `BuilderCustom::applyValueColor`.
Use StyleColor::resolveColor() which properly takes care of all cases.
* LayoutTests/imported/w3c/web-platform-tests/css/css-color/color-mix-currentcolor-003-expected.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-color/color-mix-currentcolor-003-ref.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-color/color-mix-currentcolor-003.html: Added.
* Source/WebCore/style/StyleBuilderCustom.h:
(WebCore::Style::BuilderCustom::applyValueColor):
Canonical link: https://commits.webkit.org/263556@main
Identifier: 259548.727 at safari-7615-branch
Commit: 4206d483814cad487ba2a0b8b6b58cf7a60a0477
https://github.com/WebKit/WebKit/commit/4206d483814cad487ba2a0b8b6b58cf7a60a0477
Author: Chirag M Shah <chirag_m_shah at apple.com>
Date: 2023-05-03 (Wed, 03 May 2023)
Changed paths:
A LayoutTests/fast/media/media-player-uaf-expected.txt
A LayoutTests/fast/media/media-player-uaf.html
M Source/WebCore/html/HTMLMediaElement.cpp
M Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm
Log Message:
-----------
Fix UAF in MediaPlayerPrivateMediaStreamAVFObjC::processNewVideoFrame
https://bugs.webkit.org/show_bug.cgi?id=256173
rdar://108504399
Reviewed by Jer Noble and Youenn Fablet.
This change fixes the heap UAF on MediaPlayer element by protecting the
MediaPlayer object when executing callbacks/deferred tasks on the mainThread,
so that MediaPlayerPrivateMediaStreamAVFObjC remains valid.
* Source/WebCore/html/HTMLMediaElement.cpp:
* Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::processNewVideoFrame):
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::scheduleDeferredTask):
* LayoutTests/fast/media/media-player-uaf-expected.txt: Added.
* LayoutTests/fast/media/media-player-uaf.html: Added.
Canonical link: https://commits.webkit.org/259548.728@safari-7615-branch
Commit: 5cc2ead4986a1602ac43a1ff2c32c51f2dfc7393
https://github.com/WebKit/WebKit/commit/5cc2ead4986a1602ac43a1ff2c32c51f2dfc7393
Author: Arunsundar Kannan <arunsundar_kannan at apple.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M Source/WebCore/page/DOMWindow.h
Log Message:
-----------
Handle potential overflow of gamepadEventListenerCount.
https://bugs.webkit.org/show_bug.cgi?id=256205.
rdar://80838189.
Reviewed by Ryosuke Niwa.
m_gamepadEventListenerCount can overflow if addEventListener() is called UINT_MAX+1 times.
Once the window is freed, we will be left with a dangling pointer in the GamepadManager.
This change adds a flag to check for overflow and keep the behavior same in the event of overflow..
* Source/WebCore/page/DOMWindow.cpp:
(WebCore::DOMWindow::~DOMWindow):
(WebCore::DOMWindow::incrementGamepadEventListenerCount):
(WebCore::DOMWindow::decrementGamepadEventListenerCount):
* Source/WebCore/page/DOMWindow.h:
Canonical link: https://commits.webkit.org/259548.729@safari-7615-branch
Commit: c123784dc828d5581cf184d082bd86f1f84bd0d8
https://github.com/WebKit/WebKit/commit/c123784dc828d5581cf184d082bd86f1f84bd0d8
Author: Arunsundar Kannan <arunsundar_kannan at apple.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
A LayoutTests/fast/css/style-builder-apply-value-content-type-confusion-expected.txt
A LayoutTests/fast/css/style-builder-apply-value-content-type-confusion.html
M Source/WebCore/style/StyleBuilderCustom.h
Log Message:
-----------
Fix type confusion in BuilderConverter::applyValueContent.
https://bugs.webkit.org/show_bug.cgi?id=255955.
rdar://108499561.
Reviewed by Antti Koivisto.
This change fixes applyValueContent so that it can deal with single
values instead of expecting a list of values towards the end.
* LayoutTests/fast/css/style-builder-apply-value-content-type-confusion-expected.txt: Added.
* LayoutTests/fast/css/style-builder-apply-value-content-type-confusion.html: Added.
* Source/WebCore/style/StyleBuilderCustom.h:
(WebCore::Style::BuilderCustom::applyValueContent):
Canonical link: https://commits.webkit.org/259548.730@safari-7615-branch
Commit: 22f78ddff34169bd63ebd1dd269a6c4241d3a0e0
https://github.com/WebKit/WebKit/commit/22f78ddff34169bd63ebd1dd269a6c4241d3a0e0
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M Tools/Scripts/hooks/prepare-commit-msg
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/local/git.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/branch.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/cherry_pick.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/command.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py
Log Message:
-----------
Cherry-pick 263641 at main (2425de1c879b). rdar://107629444
[git-webkit] Cache filed bug
https://bugs.webkit.org/show_bug.cgi?id=255007
rdar://107629444
Reviewed by Elliott Williams.
git-webkit branch will file a bug. However, that bug is only picked up
in a commit message through environment variables, which means that
bugs filed by `git-webkit branch` aren't very useful except when happening
through `git-webkit pr`'s invocation of `git-webkit branch`. We have a
similar problem when crafting cherry-picks or reverting changes.
* Tools/Scripts/hooks/prepare-commit-msg: Pull title, bug and cherry-pick message from
`git config` if they aren't available in the environment.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/local/git.py: Add ability to get
and set `git config` values.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/branch.py:
(Branch.main): Save filed bug into `git config` environment.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/cherry_pick.py:
(CherryPick.main): Save cherry-pick pattern and bug details into `git config`, use
COMMIT_MESSAGE_BUG instead of GIT_WEBKIT_BUG.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/command.py:
(Command.write_branch_variables): Write variable to `git config`'s branch specific namespace.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py:
(Revert.revert_commit): Save filed bug into `git config` environment.
Canonical link: https://commits.webkit.org/263641@main
Canonical link: https://commits.webkit.org/259548.731@safari-7615-branch
Commit: 12ee50ff164387ed50e1c037e926821ef6c4c8ee
https://github.com/WebKit/WebKit/commit/12ee50ff164387ed50e1c037e926821ef6c4c8ee
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M Tools/Scripts/hooks/pre-push
Log Message:
-----------
Cherry-pick 263677 at main (f4a0a73081dd). rdar://108588596
[pre-push] Check publish pushes for references to redacted commits
https://bugs.webkit.org/show_bug.cgi?id=256025
rdar://108588596
Reviewed by Elliott Williams.
When operating in "publish" mode, our pre-push hook should check commits
for redacted commits, even if the commit in question originates from a
different remote.
* Tools/Scripts/hooks/pre-push:
Canonical link: https://commits.webkit.org/263677@main
Canonical link: https://commits.webkit.org/259548.732@safari-7615-branch
Commit: 8214657dcf4ecbc50f3b2c545db8d84767598c3b
https://github.com/WebKit/WebKit/commit/8214657dcf4ecbc50f3b2c545db8d84767598c3b
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/trace.py
Log Message:
-----------
Cherry-pick 263681 at main (4a2df13be225). rdar://108892742
[git-webkit] Exclude trailing . in commit regex for cherry-picks
https://bugs.webkit.org/show_bug.cgi?id=256305
rdar://108892742
Reviewed by Elliott Williams.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/trace.py:
(Relationship.parse): Use regex definition to exclude trailing period.
Canonical link: https://commits.webkit.org/263681@main
Canonical link: https://commits.webkit.org/259548.733@safari-7615-branch
Commit: f24c4ce75d9daaeb410aec7392228284b499fe42
https://github.com/WebKit/WebKit/commit/f24c4ce75d9daaeb410aec7392228284b499fe42
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/trace.py
Log Message:
-----------
Cherry-pick 263685 at main (c0ccf9b3fce9). rdar://108816711
[git-webkit] Use shared commit issue parsing in 'trace'
https://bugs.webkit.org/show_bug.cgi?id=256236
rdar://108816711
Reviewed by Aakash Jain.
Prefer the shared commits.issues implementation instead of re-implementing
similar code within CommitsStory.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/trace.py:
(CommitsStory.add): Use commits.issues.
(Trace.relationships): Ditto.
(CommitsStory.issues_for): Deleted.
Canonical link: https://commits.webkit.org/263685@main
Canonical link: https://commits.webkit.org/259548.734@safari-7615-branch
Commit: 96fbff2cffb2e2b383efe99d9a1c861ed9ff7bbd
https://github.com/WebKit/WebKit/commit/96fbff2cffb2e2b383efe99d9a1c861ed9ff7bbd
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/local/git.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/publish.py
Log Message:
-----------
Cherry-pick 263686 at main (3d23652e74b3). rdar://108817593
[git-webkit] Correct --format in branch list
https://bugs.webkit.org/show_bug.cgi?id=256237
rdar://108817593
Reviewed by Elliott Williams.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/local/git.py:
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/publish.py:
(Publish.branches_on): Pass --format before --merged. Seperate format into a different argument.
Canonical link: https://commits.webkit.org/263686@main
Canonical link: https://commits.webkit.org/259548.735@safari-7615-branch
Commit: 3597549574e5466289324cf11b90cc10d2a2d6fa
https://github.com/WebKit/WebKit/commit/3597549574e5466289324cf11b90cc10d2a2d6fa
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M Tools/Scripts/hooks/prepare-commit-msg
Log Message:
-----------
Cherry-pick 263687 at main (c8b247965127). rdar://107629444
[git-webkit] Cache filed bug (Follow-up fix)
https://bugs.webkit.org/show_bug.cgi?id=255007
rdar://107629444
Unreviewed follow-up fix.
* Tools/Scripts/hooks/prepare-commit-msg: Handle undefined bug case.
Canonical link: https://commits.webkit.org/263687@main
Canonical link: https://commits.webkit.org/259548.736@safari-7615-branch
Commit: 067edf186e1b00e5b6e88bf38f70f8ee646a2403
https://github.com/WebKit/WebKit/commit/067edf186e1b00e5b6e88bf38f70f8ee646a2403
Author: Antti Koivisto <antti at apple.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
A LayoutTests/imported/w3c/web-platform-tests/css/css-contain/container-queries/container-units-content-box-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-contain/container-queries/container-units-content-box.html
M Source/WebCore/css/CSSPrimitiveValue.cpp
Log Message:
-----------
Cherry-pick e31e2eb9806e. rdar://problem/108754549
Container query length units use border box instead of a content box
https://bugs.webkit.org/show_bug.cgi?id=256178
rdar://problem/108754549
Reviewed by Alan Baradlay.
https://www.w3.org/TR/css-contain-3/#container-query-length:
> For each element, container query length units are evaluated as container size queries on the relevant axis (or axes) described by the unit.
https://www.w3.org/TR/css-contain-3/#container-size-query:
> The width container feature queries the width of the query container’s content box.
> The height container feature queries the height of the query container’s content box.
> The inline-size container feature queries the size of the query container’s content box in the query container’s inline axis.
> The block-size container feature queries the size of the query container’s content box in the query container’s block axis.
* LayoutTests/imported/w3c/web-platform-tests/css/css-contain/container-queries/container-units-content-box-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-contain/container-queries/container-units-content-box.html: Added.
* Source/WebCore/css/CSSPrimitiveValue.cpp:
(WebCore::CSSPrimitiveValue::computeNonCalcLengthDouble):
Resolve the container units against the correct box.
Canonical link: https://commits.webkit.org/263595@main
Commit: 8674bce44c7c93e9bf75d91b2d1f8f7336975c31
https://github.com/WebKit/WebKit/commit/8674bce44c7c93e9bf75d91b2d1f8f7336975c31
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end.html
M Source/WebCore/css/ComputedStyleExtractor.cpp
M Source/WebCore/rendering/RenderBlockFlow.cpp
M Source/WebCore/rendering/RenderBox.cpp
M Source/WebCore/rendering/RenderBox.h
Log Message:
-----------
Apply patch. rdar://problem/106454992
Commit: edd5bbb184f467ecc0acc606af4f51780df81fbe
https://github.com/WebKit/WebKit/commit/edd5bbb184f467ecc0acc606af4f51780df81fbe
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-child-with-border-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-child-with-border.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-self-collapsing-nested-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-self-collapsing-nested.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start.html
M Source/WebCore/css/ComputedStyleExtractor.cpp
M Source/WebCore/rendering/RenderBlockFlow.cpp
M Source/WebCore/rendering/RenderBox.cpp
M Source/WebCore/rendering/RenderLayoutState.cpp
M Source/WebCore/rendering/RenderLayoutState.h
Log Message:
-----------
Apply patch. rdar://problem/106452955
Commit: d49b216c268bbaa679221b12a658e7c0499d902e
https://github.com/WebKit/WebKit/commit/d49b216c268bbaa679221b12a658e7c0499d902e
Author: Sammy Gill <sammy.gill at apple.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children-expected.txt
M Source/WebCore/rendering/RenderBlockFlow.cpp
Log Message:
-----------
Cherry-pick 809b95bb1a78. rdar://problem/108327029
[margin-trim][block layout] Nested self-collapsing children at block-end should also be trimmed.
https://bugs.webkit.org/show_bug.cgi?id=255736
rdar://108327029
Reviewed by Alan Baradlay.
When walking back up the block container for the purposes of block-end
margin trimming we may run into a self collapsing child that needs to
have both of its margins trimmed and its position adjusted. However, it
is also possible that these self-collapsing children may also have other
self-collapsing children nested arbitrarily within. If that is the case,
we need to also trim the margins of all of its descendants.
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-nested-child-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-end-with-self-collapsing-children-expected.txt:
* Source/WebCore/rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::trimBlockEndChildrenMargins):
Canonical link: https://commits.webkit.org/263439@main
Commit: 6bf69a0fd3864e0a062d10173a9761b160c7cbde
https://github.com/WebKit/WebKit/commit/6bf69a0fd3864e0a062d10173a9761b160c7cbde
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
Identifier: 259548.741 at safari-7615-branch
Commit: 5e468393c4a2a3b59cb3cad4908402bd2cdfac9e
https://github.com/WebKit/WebKit/commit/5e468393c4a2a3b59cb3cad4908402bd2cdfac9e
Author: Ryan Haddad <ryanhaddad at apple.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M Tools/TestWebKitAPI/Tests/WebKitCocoa/CookiePrivateBrowsing.mm
Log Message:
-----------
[ Gardening ]Cherry-pick 261522 at main (b8b59f71961f). rdar://106235771
New test: [iOS] TestWebKitAPI.WebKit.CookieAccessFromPDFInAboutBlank is consistently timing out
https://bugs.webkit.org/show_bug.cgi?id=253387
rdar://106235771
Unreviewed test gardening.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/CookiePrivateBrowsing.mm:
(TEST): Disable the test for iOS.
Canonical link: https://commits.webkit.org/261522@main
Canonical link: https://commits.webkit.org/259548.742@safari-7615-branch
Commit: 13bba6c4a2041cfd9318f18880b9a58428a10363
https://github.com/WebKit/WebKit/commit/13bba6c4a2041cfd9318f18880b9a58428a10363
Author: Russell Epstein <repstein at apple.com>
Date: 2023-05-05 (Fri, 05 May 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7615.3.3
Canonical link: https://commits.webkit.org/259548.743@safari-7615-branch
Commit: c01bb59106d88f798da0ebcab8f5655b223a5980
https://github.com/WebKit/WebKit/commit/c01bb59106d88f798da0ebcab8f5655b223a5980
Author: Antti Koivisto <antti at apple.com>
Date: 2023-05-08 (Mon, 08 May 2023)
Changed paths:
M Source/WebCore/css/CSSGroupingRule.cpp
M Source/WebCore/css/CSSStyleSheet.cpp
M Source/WebCore/css/StyleSheetContents.cpp
M Source/WebCore/css/StyleSheetContents.h
M Source/WebCore/css/parser/CSSParserImpl.cpp
Log Message:
-----------
Cherry-pick 1ffbfef4c616. rdar://problem/108758349
Disallow caching of StyleSheetContents that uses nesting
https://bugs.webkit.org/show_bug.cgi?id=256449
rdar://108758349
Reviewed by Alan Baradlay.
Mutations to cached document may affect other stylesheets.
* Source/WebCore/css/CSSGroupingRule.cpp:
(WebCore::CSSGroupingRule::prepareChildStyleRuleForNesting):
* Source/WebCore/css/CSSStyleSheet.cpp:
(WebCore::CSSStyleSheet::prepareChildStyleRuleForNesting):
* Source/WebCore/css/StyleSheetContents.cpp:
(WebCore::StyleSheetContents::isCacheable const):
* Source/WebCore/css/StyleSheetContents.h:
* Source/WebCore/css/parser/CSSParserImpl.cpp:
(WebCore::CSSParserImpl::consumeRegularRuleList):
(WebCore::CSSParserImpl::consumeStyleRule):
Canonical link: https://commits.webkit.org/263799@main
Identifier: 259548.744 at safari-7615-branch
Commit: 4b27e08fbe8e13cfa87b12effdfd7cd6f199955e
https://github.com/WebKit/WebKit/commit/4b27e08fbe8e13cfa87b12effdfd7cd6f199955e
Author: Dan Robson <dan_robson at apple.com>
Date: 2023-05-08 (Mon, 08 May 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7615.3.4
Identifier: 259548.745 at safari-7615-branch
Commit: 1b98f8905ce2a781c7b4b044d2498b396223aa81
https://github.com/WebKit/WebKit/commit/1b98f8905ce2a781c7b4b044d2498b396223aa81
Author: Arunsundar Kannan <arunsundar_kannan at apple.com>
Date: 2023-05-09 (Tue, 09 May 2023)
Changed paths:
A LayoutTests/fast/css/style-builder-convert-grid-track-size-list-type-confusion-expected.txt
A LayoutTests/fast/css/style-builder-convert-grid-track-size-list-type-confusion.html
M Source/WebCore/style/StyleBuilderConverter.h
Log Message:
-----------
Fix type confusion in StyleBuilder::ConvertGridTrackSizeList.
https://bugs.webkit.org/show_bug.cgi?id=256055.
rdar://108501981.
Reviewed by Antti Koivisto.
This change fixes convertGridTrackSizeList so that it can deal with single
values instead of expecting a list of values towards the end.
* LayoutTests/fast/css/style-builder-convert-grid-track-size-list-type-confusion-expected.txt: Added.
* LayoutTests/fast/css/style-builder-convert-grid-track-size-list-type-confusion.html: Added.
* Source/WebCore/style/StyleBuilderConverter.h:
(WebCore::Style::BuilderConverter::convertGridTrackSizeList):
Canonical link: https://commits.webkit.org/259548.746@safari-7615-branch
Commit: b273da8975a7c18d151972db27c4056bf96f4299
https://github.com/WebKit/WebKit/commit/b273da8975a7c18d151972db27c4056bf96f4299
Author: Youenn Fablet <youennf at gmail.com>
Date: 2023-05-09 (Tue, 09 May 2023)
Changed paths:
M Source/ThirdParty/libwebrtc/Source/webrtc/pc/rtc_stats_collector.cc
Log Message:
-----------
[WebRTC] oob in RTCStatsCollector::ProduceTransportStats_n
https://bugs.webkit.org/show_bug.cgi?id=256516
rdar://109084778
Reviewed by Eric Carlson.
Cherry-pick libwebrtc 124d7c3fe5bdc79a355c9df02d07f25331631a68, which makes sure to check that the iterator is valid before using it.
* Source/ThirdParty/libwebrtc/Source/webrtc/pc/rtc_stats_collector.cc:
Canonical link: https://commits.webkit.org/259548.747@safari-7615-branch
Commit: 207e5a27f06d07d01287d0c5cc8171ab8725ca57
https://github.com/WebKit/WebKit/commit/207e5a27f06d07d01287d0c5cc8171ab8725ca57
Author: Chirag M Shah <chirag_m_shah at apple.com>
Date: 2023-05-09 (Tue, 09 May 2023)
Changed paths:
M Source/WebCore/html/CanvasBase.cpp
M Source/WebCore/rendering/style/StyleCanvasImage.cpp
M Source/WebCore/rendering/style/StyleCrossfadeImage.cpp
M Source/WebCore/rendering/style/StyleFilterImage.cpp
M Source/WebCore/rendering/style/StyleGeneratedImage.cpp
M Source/WebCore/rendering/style/StyleGeneratedImage.h
M Source/WebCore/rendering/style/StyleGradientImage.cpp
Log Message:
-----------
Move HashCountedSet to WeakHashCountedSet in StyleGeneratedImage
https://bugs.webkit.org/show_bug.cgi?id=256532
rdar://109106473
Reviewed by Antti Koivisto.
Generated images should use a Weak container to keep track of
RenderElements so that we don't trigger UAF issues.
* Source/WebCore/html/CanvasBase.cpp:
(WebCore:: const):
* Source/WebCore/rendering/style/StyleCanvasImage.cpp:
(WebCore::StyleCanvasImage::image const):
(WebCore::StyleCanvasImage::canvasChanged):
(WebCore::StyleCanvasImage::canvasResized):
* Source/WebCore/rendering/style/StyleCrossfadeImage.cpp:
(WebCore::StyleCrossfadeImage::imageChanged):
* Source/WebCore/rendering/style/StyleFilterImage.cpp:
(WebCore::StyleFilterImage::imageChanged):
* Source/WebCore/rendering/style/StyleGeneratedImage.cpp:
(WebCore::StyleGeneratedImage::addClient):
(WebCore::StyleGeneratedImage::removeClient):
(WebCore::StyleGeneratedImage::hasClient const):
* Source/WebCore/rendering/style/StyleGeneratedImage.h:
(WebCore::StyleGeneratedImage::clients const):
(WebCore::StyleGeneratedImage:: const): Deleted.
* Source/WebCore/rendering/style/StyleGradientImage.cpp:
(WebCore::StyleGradientImage::image const):
Canonical link: https://commits.webkit.org/259548.748@safari-7615-branch
Commit: 81e6dc7d31740e12d72a21e2cc59bf906dfeceb8
https://github.com/WebKit/WebKit/commit/81e6dc7d31740e12d72a21e2cc59bf906dfeceb8
Author: Myles C. Maxfield <mmaxfield at apple.com>
Date: 2023-05-09 (Tue, 09 May 2023)
Changed paths:
M Source/WebCore/page/Navigator.cpp
Log Message:
-----------
[WebGPU] Disable getContext("webgpu") when WebGPU is disabled
https://bugs.webkit.org/show_bug.cgi?id=256571
<rdar://problem/109134077>
Reviewed by Alex Christensen.
navigator.gpu is disabled, but getContext("webgpu") isn't.
* Source/WebCore/page/Navigator.cpp:
(WebCore::Navigator::gpu):
Canonical link: https://commits.webkit.org/259548.749@safari-7615-branch
Commit: 47c1f159af10b513ea37beb7a30014a5d3e07c43
https://github.com/WebKit/WebKit/commit/47c1f159af10b513ea37beb7a30014a5d3e07c43
Author: Aakash Jain <aakash_jain at apple.com>
Date: 2023-05-10 (Wed, 10 May 2023)
Changed paths:
M Tools/Scripts/webkitpy/layout_tests/controllers/single_test_runner.py
Log Message:
-----------
Cherry-pick 263649 at main (2e9ec190c7f6). https://bugs.webkit.org/show_bug.cgi?id=255873
REGRESSION: iOS layout tests intermittently failing with TypeError: 'NoneType' object is not subscriptable in _test_passes_fuzzy_matching
https://bugs.webkit.org/show_bug.cgi?id=255873
Reviewed by Simon Fraser.
Check if fuzzy_result is None before accessing it.
* Tools/Scripts/webkitpy/layout_tests/controllers/single_test_runner.py:
(SingleTestRunner._test_passes_fuzzy_matching):
Canonical link: https://commits.webkit.org/263649@main
Canonical link: https://commits.webkit.org/259548.750@safari-7615-branch
Commit: 9fc652968e3cc0be5adab10fc01c177966ced327
https://github.com/WebKit/WebKit/commit/9fc652968e3cc0be5adab10fc01c177966ced327
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-05-10 (Wed, 10 May 2023)
Changed paths:
M Source/WebKit/Platform/IPC/Connection.cpp
M Source/WebKit/Scripts/webkit/model.py
M Source/WebKit/Scripts/webkit/tests/MessageNames.cpp
M Source/WebKit/Scripts/webkit/tests/MessageNames.h
M Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
Log Message:
-----------
Drop MessageName::Terminate IPC message
https://bugs.webkit.org/show_bug.cgi?id=256373
rdar://108899132
Reviewed by Sihui Liu.
Drop MessageName::Terminate IPC message as it could easily be abused by a
compromised WebProcess to kill the UIProcess.
It was temporarily introduced in 243810 at main to investigate NetworkProcess
hangs we were seeing and should no longer be needed. This reverts 243810 at main.
* Source/WebKit/Platform/IPC/Connection.cpp:
(IPC::Connection::processIncomingMessage):
(IPC::terminateDueToIPCTerminateMessage): Deleted.
* Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::didBecomeUnresponsive):
(WebKit::shouldTerminateNetworkProcessBySendingMessage): Deleted.
Canonical link: https://commits.webkit.org/259548.751@safari-7615-branch
Commit: a0fa94d1a572050f592fc57d2fca6f2b75bd5b0e
https://github.com/WebKit/WebKit/commit/a0fa94d1a572050f592fc57d2fca6f2b75bd5b0e
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-05-10 (Wed, 10 May 2023)
Changed paths:
M LayoutTests/fast/files/null-origin-string-expected.txt
M LayoutTests/fast/files/null-origin-string.html
A LayoutTests/http/tests/security/block-top-level-navigation-to-different-scheme-by-third-party-iframes-expected.txt
A LayoutTests/http/tests/security/block-top-level-navigation-to-different-scheme-by-third-party-iframes.html
A LayoutTests/http/tests/security/block-top-level-navigation-via-redirect-by-third-party-iframes-expected.txt
A LayoutTests/http/tests/security/block-top-level-navigation-via-redirect-by-third-party-iframes.html
A LayoutTests/http/tests/security/resources/navigate-top-level-frame-to-failure-page-different-scheme.html
A LayoutTests/http/tests/security/resources/navigate-top-level-frame-to-failure-page-via-redirect.html
M Source/WebCore/dom/Document.cpp
M Source/WebCore/dom/Document.h
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/NavigationRequester.cpp
M Source/WebCore/loader/NavigationRequester.h
Log Message:
-----------
Restrict further top-frame navigations by a third-party iframe
https://bugs.webkit.org/show_bug.cgi?id=256549
rdar://108794051
Reviewed by Geoffrey Garen.
Restrict further top-frame navigations by a third-party iframe:
- Block navigations to a different scheme
- Block navigations that start off same-site but redirect to a different site
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::isNavigationBlockedByThirdPartyIFrameRedirectBlocking):
* Source/WebCore/dom/Document.h:
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::willSendRequest):
* Source/WebCore/loader/NavigationRequester.cpp:
(WebCore::NavigationRequester::from):
* Source/WebCore/loader/NavigationRequester.h:
(WebCore::NavigationRequester::encode const):
(WebCore::NavigationRequester::decode):
Canonical link: https://commits.webkit.org/259548.752@safari-7615-branch
Commit: 08cf44bc2869fde1d699f3bbb6e08eb4260cf528
https://github.com/WebKit/WebKit/commit/08cf44bc2869fde1d699f3bbb6e08eb4260cf528
Author: Matthieu Dubet <m_dubet at apple.com>
Date: 2023-05-10 (Wed, 10 May 2023)
Changed paths:
M Source/WebCore/css/CSSSelector.cpp
Log Message:
-----------
Cherry-pick 263859 at main (28bb70d0289c). rdar://109152809
[CSS] Fix memory leak in CSSSelector copy ctor
https://bugs.webkit.org/show_bug.cgi?id=256412
rdar://108836283
Reviewed by Antti Koivisto.
After leakRef(), the counter is already at 1, calling ref() is wrong.
* Source/WebCore/css/CSSSelector.cpp:
(WebCore::CSSSelector::CSSSelector):
Canonical link: https://commits.webkit.org/263859@main
Canonical link: https://commits.webkit.org/259548.753@safari-7615-branch
Commit: 20a5467260edc8b5501ffb5ee4fb7e345d07d8c8
https://github.com/WebKit/WebKit/commit/20a5467260edc8b5501ffb5ee4fb7e345d07d8c8
Author: Dan Robson <dan_robson at apple.com>
Date: 2023-05-11 (Thu, 11 May 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7615.3.5
Identifier: 259548.754 at safari-7615-branch
Commit: e7bdd0a46019e5ced4db2e1f0162906961b1e9ea
https://github.com/WebKit/WebKit/commit/e7bdd0a46019e5ced4db2e1f0162906961b1e9ea
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-05-12 (Fri, 12 May 2023)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pickable.py
Log Message:
-----------
Cherry-pick 263898 at main (0f420eb4d89c). rdar://108967330
[git-webkit] Treat tags like branches in pickable
https://bugs.webkit.org/show_bug.cgi?id=256398
rdar://108967330
Reviewed by Elliott Williams.
`git-webkit pickable` can either check if a single commit is pickable, or if
a sequence of commits is pickable. Hashes and hash-replacements (ie, identifiers)
should ask if a single commit as pickable, branches and tags should ask if a
sequence of commits is pickable.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pickable.py:
(Pickable.main): Check if specified ref is a tag or a branch.
Canonical link: https://commits.webkit.org/263898@main
Canonical link: https://commits.webkit.org/259548.755@safari-7615-branch
Commit: f8d50fa162abf19ff4958e863f26b1542fa07cb2
https://github.com/WebKit/WebKit/commit/f8d50fa162abf19ff4958e863f26b1542fa07cb2
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-05-12 (Fri, 12 May 2023)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/commit.py
Log Message:
-----------
Cherry-pick 263906 at main (6aa59a41298e). rdar://109155059
[git-webkit] Don't redact bug title in commit message
https://bugs.webkit.org/show_bug.cgi?id=256588
rdar://109155059
Reviewed by Chris Dumez.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/commit.py:
(Commit.main): Stop scrubbing commit titles of redacted bugs.
Canonical link: https://commits.webkit.org/263906@main
Canonical link: https://commits.webkit.org/259548.756@safari-7615-branch
Commit: 34ceb54ad41dd3188f644e35a78e70e3ca2fec0d
https://github.com/WebKit/WebKit/commit/34ceb54ad41dd3188f644e35a78e70e3ca2fec0d
Author: Aakash Jain <aakash_jain at apple.com>
Date: 2023-05-12 (Fri, 12 May 2023)
Changed paths:
R Tools/Scripts/webkitpy/common/checksvnconfigfile.py
M Tools/Scripts/webkitpy/style/checkers/png.py
M Tools/Scripts/webkitpy/style/checkers/png_unittest.py
M Tools/Scripts/webkitpy/tool/commands/download.py
M Tools/Scripts/webkitpy/tool/steps/__init__.py
R Tools/Scripts/webkitpy/tool/steps/addsvnmimetypeforpng.py
R Tools/Scripts/webkitpy/tool/steps/addsvnmimetypeforpng_unittest.py
Log Message:
-----------
Cherry-pick 261272 at main (ccc5e22b7254). https://bugs.webkit.org/show_bug.cgi?id=253386
check-webkit-style should not complaint about svn related errors while checking png files
https://bugs.webkit.org/show_bug.cgi?id=253386
Reviewed by Jonathan Bedard.
Removed SVN related code from style checker for png files. We moved away from
SVN a while back.
* Tools/Scripts/webkitpy/common/checksvnconfigfile.py: Removed.
* Tools/Scripts/webkitpy/tool/steps/addsvnmimetypeforpng.py: Removed.
* Tools/Scripts/webkitpy/tool/steps/addsvnmimetypeforpng_unittest.py: Removed.
Canonical link: https://commits.webkit.org/261272@main
Canonical link: https://commits.webkit.org/259548.757@safari-7615-branch
Commit: 4df3b5ab1ba21e6d66bfb522806734f59d6e3017
https://github.com/WebKit/WebKit/commit/4df3b5ab1ba21e6d66bfb522806734f59d6e3017
Author: Anne van Kesteren <annevk at annevk.nl>
Date: 2023-05-12 (Fri, 12 May 2023)
Changed paths:
M Tools/Scripts/webkitpy/style/checker.py
Log Message:
-----------
Cherry-pick 263710 at main (ec437900002d). rdar://108892673
check-webkit-style: enforce whitespace/end_of_line
https://bugs.webkit.org/show_bug.cgi?id=256304
rdar://108892673
Reviewed by Jonathan Bedard and Ryosuke Niwa.
This ensures that changed lines will get a style error if they end in whitespace (as defined at https://docs.python.org/3/library/stdtypes.html#str.isspace).
This appears to have agreement per the thread at https://lists.webkit.org/pipermail/webkit-dev/2023-April/thread.html#32525.
* Tools/Scripts/webkitpy/style/checker.py:
Canonical link: https://commits.webkit.org/263710@main
Canonical link: https://commits.webkit.org/259548.758@safari-7615-branch
Commit: 49892baf8b1c1079a386768866485e165c46da75
https://github.com/WebKit/WebKit/commit/49892baf8b1c1079a386768866485e165c46da75
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-05-12 (Fri, 12 May 2023)
Changed paths:
M Tools/Scripts/webkitpy/tool/steps/preparechangelogforrevert.py
Log Message:
-----------
Cherry-pick 263910 at main (076489aa12ca). rdar://109157004
[webkit-patch] Only prefix reverts with r when revision used
https://bugs.webkit.org/show_bug.cgi?id=256592
rdar://109157004
Reviewed by Ryan Haddad.
* Tools/Scripts/webkitpy/tool/steps/preparechangelogforrevert.py:
(PrepareChangeLogForRevert._message_for_revert): Only prefix r when the revision is an integer.
Canonical link: https://commits.webkit.org/263910@main
Canonical link: https://commits.webkit.org/259548.759@safari-7615-branch
Commit: ce9226fc4698f4b295e1cf14dad37dce6c2497bb
https://github.com/WebKit/WebKit/commit/ce9226fc4698f4b295e1cf14dad37dce6c2497bb
Author: Elliott Williams <emw at apple.com>
Date: 2023-05-12 (Fri, 12 May 2023)
Changed paths:
M Tools/Scripts/hooks/prepare-commit-msg
Log Message:
-----------
Cherry-pick 263965 at main (b614d2729f54). rdar://109107387
git-webkit prints "error: invalid key:" during prepare-commit-msg
https://bugs.webkit.org/show_bug.cgi?id=256534
rdar://109107387
Reviewed by Jonathan Bedard.
git-config(1) exits "1" when a key is missing, which is an expected
case for the hook. AFAICT, there's not a good way to silence the error,
so capture stderr when making the call and only print it out if
git-config fails with a *different* exit code.
* Tools/Scripts/hooks/prepare-commit-msg:
Canonical link: https://commits.webkit.org/263965@main
Canonical link: https://commits.webkit.org/259548.760@safari-7615-branch
Commit: 776066945bf4070a7c68da6c2d07e9e97fba0557
https://github.com/WebKit/WebKit/commit/776066945bf4070a7c68da6c2d07e9e97fba0557
Author: Yijia Huang <yijia_huang at apple.com>
Date: 2023-05-16 (Tue, 16 May 2023)
Changed paths:
A JSTests/stress/regress-109134454.js
M Source/JavaScriptCore/b3/B3ReduceStrength.cpp
Log Message:
-----------
[JSC] Fix IntRange speculation for zExt32
https://bugs.webkit.org/show_bug.cgi?id=256573
rdar://109134454
Reviewed by Yusuke Suzuki.
Previously, the IntRange speculation in B3ReduceStrength for node
zExt32 is wrong. This patch fixes this issue.
* JSTests/stress/regress-109134454.js: Added.
* Source/JavaScriptCore/b3/B3ReduceStrength.cpp:
Canonical link: https://commits.webkit.org/259548.761@safari-7615-branch
Commit: 7fb3ced7874a5e387d557092de32f86a086f19cc
https://github.com/WebKit/WebKit/commit/7fb3ced7874a5e387d557092de32f86a086f19cc
Author: David Degazio <d_degazio at apple.com>
Date: 2023-05-16 (Tue, 16 May 2023)
Changed paths:
A JSTests/wasm/stress/throw-multiple-values.js
A JSTests/wasm/stress/throw-with-live-value-on-stack.js
M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp
Log Message:
-----------
Parameters to throw alias with stack elements in WASM LLInt
https://bugs.webkit.org/show_bug.cgi?id=256818
rdar://108036137
Reviewed by Yusuke Suzuki.
Correctly computes stack offsets when materializing the operands of
a wasm_throw instruction in the WasmLLIntGenerator by counting relative
to the stack height before the operands were popped as opposed to after.
* JSTests/wasm/stress/throw-multiple-values.js: Added.
(async test):
* JSTests/wasm/stress/throw-with-live-value-on-stack.js: Added.
(async test):
* Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:
(JSC::Wasm::LLIntGenerator::addThrow):
Canonical link: https://commits.webkit.org/259548.762@safari-7615-branch
Commit: 62d974e461701e33e79b5e0912b38b4eceb4081a
https://github.com/WebKit/WebKit/commit/62d974e461701e33e79b5e0912b38b4eceb4081a
Author: Yijia Huang <yijia_huang at apple.com>
Date: 2023-05-16 (Tue, 16 May 2023)
Changed paths:
A JSTests/stress/regress-109102631.js
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Log Message:
-----------
[JSC] GetTypedArrayByteOffset should do speculation check for all bits in DFG
https://bugs.webkit.org/show_bug.cgi?id=256865
rdar://109428505
Reviewed by Yusuke Suzuki.
DFG abstract interpreter speculates that GetTypedArrayByteOffset node
should have int32 result. However, when compiling GetTypedArrayByteOffset
we only do speculation check on lower bits of the result, which is wrong.
This patch fixes this problem.
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
Canonical link: https://commits.webkit.org/259548.763@safari-7615-branch
Commit: 51673956823d9ece6a1427790744d4c370c07a3a
https://github.com/WebKit/WebKit/commit/51673956823d9ece6a1427790744d4c370c07a3a
Author: Michael Saboff <msaboff at apple.com>
Date: 2023-05-17 (Wed, 17 May 2023)
Changed paths:
M JSTests/stress/unscopables.js
M LayoutTests/inspector/model/remote-object-get-properties-expected.txt
M LayoutTests/js/Object-getOwnPropertyNames-expected.txt
M LayoutTests/js/array-unscopables-properties-expected.txt
M LayoutTests/js/script-tests/Object-getOwnPropertyNames.js
M LayoutTests/js/script-tests/array-unscopables-properties.js
M Source/JavaScriptCore/runtime/OptionsList.h
M Source/WebInspectorUI/UserInterface/Models/NativeFunctionParameters.js
Log Message:
-----------
Cherry-pick 0ad3c9cd654b. rdar://problem/109156668
[JSC] Disable Array#group and Array#groupToMap
https://bugs.webkit.org/show_bug.cgi?id=256591
rdar://109156668
Reviewed by Yusuke Suzuki and Devin Rousso.
Disable stage 3 proposed APIs Array#group and Array#groupToMap as they have run into web compatibility issues.
The name for at least Array#group will likely change.
* JSTests/stress/unscopables.js:
* LayoutTests/inspector/model/remote-object-get-properties-expected.txt:
* LayoutTests/js/Object-getOwnPropertyNames-expected.txt:
* LayoutTests/js/array-unscopables-properties-expected.txt:
* LayoutTests/js/script-tests/Object-getOwnPropertyNames.js:
* LayoutTests/js/script-tests/array-unscopables-properties.js:
* Source/JavaScriptCore/runtime/OptionsList.h:
* Source/WebInspectorUI/UserInterface/Models/NativeFunctionParameters.js:
Canonical link: https://commits.webkit.org/263922@main
Identifier: 259548.764 at safari-7615-branch
Commit: 568981718c59f02253680b0bc87c6079bdfc6eb1
https://github.com/WebKit/WebKit/commit/568981718c59f02253680b0bc87c6079bdfc6eb1
Author: Kimmo Kinnunen <kkinnunen at apple.com>
Date: 2023-05-17 (Wed, 17 May 2023)
Changed paths:
A LayoutTests/fast/canvas/canvas-put-image-data-after-draw-expected.html
A LayoutTests/fast/canvas/canvas-put-image-data-after-draw.html
M Source/WebKit/WebProcess/GPU/graphics/RemoteImageBufferProxy.cpp
Log Message:
-----------
Cherry-pick a658f97638bf. rdar://problem/108741153
Cherry-pick 263978 at main (a658f97638bf). rdar://108741153
REGRESSION(261130 at main): Canvas putImageData draws onto wrong canvas
https://bugs.webkit.org/show_bug.cgi?id=256151
rdar://108741153
Reviewed by Said Abou-Hallawa.
Pending reads are of form CGImage that points to the IOSurface.
Thus the IOSurface cannot be modified without synchronizing with the
GPUP.
Fix by simulating a write and synchronizing with the GPUP. After
this completes, there are no readers to the IOSurface and the
operation may proceed.
* LayoutTests/fast/canvas/canvas-put-image-data-after-draw-expected.html: Added.
* LayoutTests/fast/canvas/canvas-put-image-data-after-draw.html: Added.
* Source/WebKit/WebProcess/GPU/graphics/RemoteImageBufferProxy.cpp:
(WebKit::RemoteImageBufferProxy::putPixelBuffer):
Canonical link: https://commits.webkit.org/263978@main
Identifier: 259548.765 at safari-7615-branch
Commit: f244685eaca5a3c4971c03262df2cfadca246856
https://github.com/WebKit/WebKit/commit/f244685eaca5a3c4971c03262df2cfadca246856
Author: Brandon Stewart <brandonstewart at apple.com>
Date: 2023-05-18 (Thu, 18 May 2023)
Changed paths:
A LayoutTests/imported/w3c/web-platform-tests/compression/compression-large-flush-output.any-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/compression/compression-large-flush-output.any.html
A LayoutTests/imported/w3c/web-platform-tests/compression/compression-large-flush-output.any.js
M Source/WebCore/Modules/compression/CompressionStreamEncoder.cpp
M Source/WebCore/Modules/compression/CompressionStreamEncoder.h
M Source/WebCore/Modules/compression/DecompressionStreamDecoder.cpp
M Source/WebCore/Modules/compression/DecompressionStreamDecoder.h
Log Message:
-----------
Cherry-pick a30d9284f5b9. rdar://problem/107133345
Compression Streams not handling large outputs during the flush stage
https://bugs.webkit.org/show_bug.cgi?id=254021
Reviewed by Chris Dumez and Brent Fulgham.
We missed an edge case where during the flush step we may have data longer than
the allocated output. Since the avail_in will be set to 0 we would just exit.
We need to verify that the stream has ended before exiting.
* LayoutTests/imported/w3c/web-platform-tests/compression/compression-large-flush-output.any-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/compression/compression-large-flush-output.any.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/compression/compression-large-flush-output.any.js: Added.
(async compressData):
(promise_test.async t):
* Source/WebCore/Modules/compression/CompressionStreamEncoder.cpp:
(WebCore::CompressionStreamEncoder::flush):
(WebCore::CompressionStreamEncoder::didDeflateFinish const):
(WebCore::didDeflateFail):
(WebCore::CompressionStreamEncoder::compress):
* Source/WebCore/Modules/compression/CompressionStreamEncoder.h:
(WebCore::CompressionStreamEncoder::CompressionStreamEncoder):
* Source/WebCore/Modules/compression/DecompressionStreamDecoder.cpp:
(WebCore::DecompressionStreamDecoder::flush):
(WebCore::DecompressionStreamDecoder::didInflateFinish const):
(WebCore::didInflateFail):
(WebCore::DecompressionStreamDecoder::didInflateContainExtraBytes const):
(WebCore::DecompressionStreamDecoder::decompressZlib):
(WebCore::DecompressionStreamDecoder::decompressAppleCompressionFramework):
* Source/WebCore/Modules/compression/DecompressionStreamDecoder.h:
(WebCore::DecompressionStreamDecoder::DecompressionStreamDecoder):
Canonical link: https://commits.webkit.org/263997@main
Identifier: 259548.766 at safari-7615-branch
Commit: 168b349a71f00c0d7295aaa5ddcb88b5e2f58a50
https://github.com/WebKit/WebKit/commit/168b349a71f00c0d7295aaa5ddcb88b5e2f58a50
Author: Matthieu Dubet <m_dubet at apple.com>
Date: 2023-05-18 (Thu, 18 May 2023)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/parsing-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/parsing.html
M LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/serialize-group-rules-with-decls.tentative-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/serialize-group-rules-with-decls.tentative.html
M Source/WebCore/css/CSSGroupingRule.cpp
M Source/WebCore/css/CSSStyleRule.cpp
Log Message:
-----------
Cherry-pick 264003 at main (e07871e21ea8). rdar://109208359
[CSS Nesting] Don't serialize first implicit style rule inside group rule
https://bugs.webkit.org/show_bug.cgi?id=256647
rdar://109208359
Reviewed by Antti Koivisto.
Orphaned properties in group rule are implicitly added
to a style rule with '&' as selector ;
this implicit style rule should not be serialized.
* LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/parsing-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/parsing.html:
* LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/serialize-group-rules-with-decls.tentative-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/serialize-group-rules-with-decls.tentative.html:
Import from WPT
* Source/WebCore/css/CSSGroupingRule.cpp:
(WebCore::CSSGroupingRule::appendCSSTextForItems const):
(WebCore::CSSGroupingRule::cssTextForDeclsAndRules const):
* Source/WebCore/css/CSSStyleRule.cpp:
(WebCore::CSSStyleRule::cssTextForDeclsAndRules const):
This behavior only concerns group rule, not style rule (where a property can't be orphaned)
Canonical link: https://commits.webkit.org/264003@main
Canonical link: https://commits.webkit.org/259548.767@safari-7615-branch
Commit: 80440fb1fa52e95d3d11b822053641f0df66a9b6
https://github.com/WebKit/WebKit/commit/80440fb1fa52e95d3d11b822053641f0df66a9b6
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-05-22 (Mon, 22 May 2023)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/publish.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/publish_unittest.py
Log Message:
-----------
Cherry-pick 264124 at main (cafa1460dd1b). rdar://108962363
[git-webkit] Allow publish to exclude branches or tags
https://bugs.webkit.org/show_bug.cgi?id=256388
rdar://108962363
Reviewed by Elliott Williams.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/publish.py:
(Publish.parser): Add --exclude option.
(Publish.branches_on): Exclude specified branches.
(Publish.tags_on): Exclude specified tags.
(Publish.main): Exclude specified branches and tags from publication.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/publish_unittest.py:
(TestPublish.test_git_exclude):
Canonical link: https://commits.webkit.org/264124@main
Canonical link: https://commits.webkit.org/259548.768@safari-7615-branch
Commit: bedbee4cf2dca82297c470f86bfa6e8c3abdc53f
https://github.com/WebKit/WebKit/commit/bedbee4cf2dca82297c470f86bfa6e8c3abdc53f
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-05-22 (Mon, 22 May 2023)
Changed paths:
M Tools/Scripts/libraries/webkitcorepy/setup.py
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/file_lock.py
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/tests/file_lock_unittest.py
Log Message:
-----------
Cherry-pick 264321 at main (1c10cac85558). rdar://109487762
[webkitcorepy] Fix race condition in FileLock
https://bugs.webkit.org/show_bug.cgi?id=256931
rdar://109487762
Reviewed by Alexey Proskuryakov.
* Tools/Scripts/libraries/webkitcorepy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/file_lock.py:
(FileLock.is_process_running): Check if a specific PID is running.
(FileLock.acquire): Create and acquire lock in a single operation on Unix systems.
Save the current PID to the file, which allows future processes to ignore this lock
if the PID saved in it is dead. For systems which support it, use O_EXLOCK and interrupts
instead of a spinlock. Raise exceptions when we fail to acquire the lock.
(FileLock.release): Delete the lockfile before releasing it on Unix systems. Systems using
O_EXLOCK simply need to close their file handle.
(FileLock.__exit__): Don't raise a 2nd exception if __enter__ has raised one.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/tests/file_lock_unittest.py:
(action):
(FileLockTestCase.test_locked):
(FileLockTestCase.test_locked_timeout):
(FileLockTestCase.test_double):
(FileLockTestCase.test_race):
Canonical link: https://commits.webkit.org/264321@main
Canonical link: https://commits.webkit.org/259548.769@safari-7615-branch
Commit: aa5e9d582edd21ec6ef9578b2f635f6cdf0a265c
https://github.com/WebKit/WebKit/commit/aa5e9d582edd21ec6ef9578b2f635f6cdf0a265c
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-05-22 (Mon, 22 May 2023)
Changed paths:
M Tools/Scripts/libraries/webkitcorepy/setup.py
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/autoinstall.py
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/file_lock.py
Log Message:
-----------
Cherry-pick 264322 at main (caf109704d37). rdar://109488201
[webkitcorepy] Support multiple autoinstallers running in parallel
https://bugs.webkit.org/show_bug.cgi?id=256933
rdar://109488201
Reviewed by Alexey Proskuryakov.
Lay down a lockfile so that only one autoinstaller process can modify an autoinstall
location at a time.
* Tools/Scripts/libraries/webkitcorepy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/autoinstall.py:
(Package.install): While installing a package, acquire the lock to prevent
other processes from installing packages while this one is.
(AutoInstall): Define manifest.json and lockfile as class members.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/file_lock.py:
(FileLock.acquire): Disable patch in Timeout to avoid infinite recursion.
Canonical link: https://commits.webkit.org/264322@main
Canonical link: https://commits.webkit.org/259548.770@safari-7615-branch
Commit: 2ece37d3ee5b1163e995b68d860acce97402c622
https://github.com/WebKit/WebKit/commit/2ece37d3ee5b1163e995b68d860acce97402c622
Author: Dawn Flores <dawn_flores at apple.com>
Date: 2023-05-22 (Mon, 22 May 2023)
Changed paths:
M LayoutTests/platform/ios/TestExpectations
M LayoutTests/platform/mac/TestExpectations
Log Message:
-----------
[ Gardening ]([ EWS ] 5x imported/w3c/web-platform-tests/css/ (Layout-tests) are constant failures)
rdar://108628398
Unreviewed test gardening.
* LayoutTests/platform/ios/TestExpectations:
* LayoutTests/platform/mac/TestExpectations:
Canonical link: https://commits.webkit.org/259548.771@safari-7615-branch
Commit: 64e3d5c74385b79609db6ff9bd54d1a6aa8a4970
https://github.com/WebKit/WebKit/commit/64e3d5c74385b79609db6ff9bd54d1a6aa8a4970
Author: Simon Fraser <simon.fraser at apple.com>
Date: 2023-05-22 (Mon, 22 May 2023)
Changed paths:
A LayoutTests/compositing/overflow/overflow-change-abspos-descendant-expected.txt
A LayoutTests/compositing/overflow/overflow-change-abspos-descendant.html
M Source/WebCore/rendering/RenderLayer.cpp
Log Message:
-----------
Cherry-pick 263286 at main (eb40daa6cd50). rdar://109683319
Crash in collectStationaryLayerRelatedOverflowNodes()
https://bugs.webkit.org/show_bug.cgi?id=255830
<rdar://107526702>
Reviewed by Alan Baradlay.
Some unusual content configurations can hit the ASSERT(overflowLayer.isComposited())
in collectStationaryLayerRelatedOverflowNodes(), which ends up in a null dereference in release builds.
The issue occurs when a RenderLayer which was using composited scrolling becomes non-scrollable,
but hasCompositedScrollableOverflow() continues to return true, leading to errors in compositing code
which relies on canUseCompositedScrolling(). RenderLayerScrollableArea caches m_hasCompositedScrollableOverflow,
and failed to recompute it in this case.
Fix by having RenderLayer::styleChanged() force hasCompositedScrollableOverflow() to be recomputed
when style scrollability changes.
The testcase is derived from rdar://88329753.
* LayoutTests/compositing/overflow/overflow-change-abspos-descendant-expected.txt: Added.
* LayoutTests/compositing/overflow/overflow-change-abspos-descendant.html: Added.
* Source/WebCore/rendering/RenderLayer.cpp:
(WebCore::RenderLayer::calculateClipRects const):
Canonical link: https://commits.webkit.org/263286@main
Canonical link: https://commits.webkit.org/259548.772@safari-7615-branch
Commit: 3d72c3255b5fb2cbfdce5474e90a9765802b70f9
https://github.com/WebKit/WebKit/commit/3d72c3255b5fb2cbfdce5474e90a9765802b70f9
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-05-23 (Tue, 23 May 2023)
Changed paths:
M Source/WebCore/loader/DocumentLoader.cpp
Log Message:
-----------
Follow-up to 259548.752 at safari-7615-branch to cancel navigations instead of blocking them
https://bugs.webkit.org/show_bug.cgi?id=257161
rdar://108794051
Reviewed by Alex Christensen.
259548.752 at safari-7615-branch added further restrictions to prevent top-frame navigations
by third-party iframes, in particular using redirects. I had decided to block the redirect
with a blockedError(). However, it turns out that Safari shows an error page when doing
so, which results in a bad user experience since the top frame is still being navigated
(to an error page).
To address the issue, I am now cancelling the redirect instead and returning a
cancelledError(). I have verified that Safari doesn't show an error page in this case and
that the top frame is not getting navigated.
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::willSendRequest):
Canonical link: https://commits.webkit.org/259548.773@safari-7615-branch
Commit: 23e9761b5751f9a6d81c689ceb26784dd1ea51b0
https://github.com/WebKit/WebKit/commit/23e9761b5751f9a6d81c689ceb26784dd1ea51b0
Author: Alexey Shvayka <ashvayka at apple.com>
Date: 2023-05-23 (Tue, 23 May 2023)
Changed paths:
A JSTests/stress/define-property-on-receiver-jsfunction-prototype-no-crash.js
M JSTests/stress/ordinary-set-exceptions.js
M Source/JavaScriptCore/runtime/JSObject.cpp
Log Message:
-----------
[JSC] putByValWithThis shouldn't bypass definePropertyOnReceiverSlow
https://bugs.webkit.org/show_bug.cgi?id=257164
<rdar://108759737>
Reviewed by Yusuke Suzuki.
The OrdinarySet revamp in https://webkit.org/b/217916 assumed that there are only 2 cases to take the slow path
for altered receivers: overriden [[Set]] in prototype chain and Reflect.set(). I thought that it's unobservable
to take the fast path otherwise since overriden methods were already called.
However, the third case was missed: put_by_val_with_this bytecode op, which is emitted for setting a property
on `super` base, and with https://webkit.org/b/252602, for ProxyObjectStore IC when the trap is missing.
Among other minor web compatibility bugs, missing that case caused properties to be put right on ProxyObject's
structure, where they are unaccessible, skipping calls to "set" and "defineProperty" traps.
This change relaxes the condition for taking the definePropertyOnReceiverSlow() while ensuring all common
[[Set]] targets like JSArray or `class X extends Y {}` are just as fast.
* JSTests/stress/define-property-on-receiver-jsfunction-prototype-no-crash.js: Added.
* Source/JavaScriptCore/runtime/JSObject.cpp:
(JSC::canDefinePropertyOnReceiverFast):
(JSC::JSObject::definePropertyOnReceiver):
Canonical link: https://commits.webkit.org/259548.774@safari-7615-branch
Commit: ffe32d106cb2438f39378707a109d7c2bb27e193
https://github.com/WebKit/WebKit/commit/ffe32d106cb2438f39378707a109d7c2bb27e193
Author: Alexey Shvayka <ashvayka at apple.com>
Date: 2023-05-23 (Tue, 23 May 2023)
Changed paths:
A LayoutTests/fast/dom/non-reified-event-isTrusted-ic-crash-expected.txt
A LayoutTests/fast/dom/non-reified-event-isTrusted-ic-crash.html
M Source/JavaScriptCore/bytecode/PropertyCondition.cpp
M Source/JavaScriptCore/runtime/ClassInfo.h
M Source/JavaScriptCore/runtime/PropertySlot.h
M Source/JavaScriptCore/runtime/Structure.cpp
M Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
Log Message:
-----------
[JSC] PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint() should take non-reified static properties into account
https://bugs.webkit.org/show_bug.cgi?id=255952
<rdar://108334411>
Reviewed by Yusuke Suzuki.
Currently, PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint() is not checking the
structure's non-reified static properties against the condition. This can lead to incorrect analysis
of side effects: AbsenceOfSetEffect condition with a non-reified static setter is considered pure
even though a setter with arbitrary code can be invoked.
This patch fixes AbsenceOfSetEffect validity check for structures with non-reified static properties
while takes extra care to make the fix as precise as possible to avoid unnecessary slowdowns.
* LayoutTests/fast/dom/non-reified-event-isTrusted-ic-crash-expected.txt: Added.
* LayoutTests/fast/dom/non-reified-event-isTrusted-ic-crash.html: Added.
* Source/JavaScriptCore/bytecode/PropertyCondition.cpp:
(JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint const):
* Source/JavaScriptCore/runtime/ClassInfo.h:
* Source/JavaScriptCore/runtime/PropertySlot.h:
* Source/JavaScriptCore/runtime/Structure.cpp:
(JSC::ClassInfo::hasStaticReadOnlyOrGetterSetterProperty const):
* Source/WebCore/bindings/scripts/CodeGeneratorJS.pm:
Canonical link: https://commits.webkit.org/259548.775@safari-7615-branch
Commit: 7849e30e34aa0e4204fd060b8484d14177a7faf1
https://github.com/WebKit/WebKit/commit/7849e30e34aa0e4204fd060b8484d14177a7faf1
Author: Yijia Huang <yijia_huang at apple.com>
Date: 2023-05-23 (Tue, 23 May 2023)
Changed paths:
M JSTests/stress/regress-109102631.js
Log Message:
-----------
[JSC] Skip memory limited systems for test case allocating large size array
https://bugs.webkit.org/show_bug.cgi?id=257215
rdar://109729172
Reviewed by Yusuke Suzuki.
* JSTests/stress/regress-109102631.js:
Canonical link: https://commits.webkit.org/259548.776@safari-7615-branch
Commit: e74d4b07ad3898db3e7d1c819fcaf46bf03ccca3
https://github.com/WebKit/WebKit/commit/e74d4b07ad3898db3e7d1c819fcaf46bf03ccca3
Author: Patrick Angle <pangle at apple.com>
Date: 2023-05-24 (Wed, 24 May 2023)
Changed paths:
M Source/JavaScriptCore/inspector/ScriptCallStack.cpp
M Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.cpp
Log Message:
-----------
Web Inspector: Deeply nested console logging can cause ConsoleMessage to be destroyed while we are still trying to log it
https://bugs.webkit.org/show_bug.cgi?id=256932
rdar://108063640
Reviewed by Mark Lam.
InspectorConsoleAgent has been incorrectly managing the lifetime of each ConsoleMessage by moving messages into a vector
of messages before we have passed those messages on to the frontend. This means that a console message that causes
another console message to be logged may eventually cause our original message to be dropped from the vector if this
occurs deeply enough. At that point, when we unwind back to the original message, it has been destroyed while we are
trying to send it to the frontend, which results in a bad time because we are still inside a function on the
ConsoleMessage that tries to access its own member variables like m_arguments, and fails because the message object
itself has been destroyed, taking its members with it.
This also fixes a subtle message inversion in the backlog of messages and what is logged to the console when Web
Inspector is open, since the message is sent to the frontend after all other processing, but we were previously adding
the message to the vector of past messages before that processing (which may in turn cause more logging before the
actual logging we called in to perform) to occur.
A second minor issue is that ScriptCallStack is incorrectly asserting in its constructor, which preventing investigation
of this issue initially. The call stack should be less than __or equal to__ the max call stack, not just less than.
* Source/JavaScriptCore/inspector/ConsoleMessage.cpp:
(Inspector::ConsoleMessage::addToFrontend):
* Source/JavaScriptCore/inspector/InjectedScript.cpp:
(Inspector::InjectedScript::wrapObject const):
(Inspector::InjectedScript::wrapTable const):
* Source/JavaScriptCore/inspector/ScriptCallStack.cpp:
(Inspector::ScriptCallStack::ScriptCallStack):
* Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.cpp:
(Inspector::InspectorConsoleAgent::addConsoleMessage):
* Source/WebCore/page/PageConsoleClient.cpp:
(WebCore::PageConsoleClient::messageWithTypeAndLevel):
Canonical link: https://commits.webkit.org/259548.777@safari-7615-branch
Commit: 4fefffcb57d1b00a3a78acfa0766122b013bb840
https://github.com/WebKit/WebKit/commit/4fefffcb57d1b00a3a78acfa0766122b013bb840
Author: Brent Fulgham <bfulgham at webkit.org>
Date: 2023-05-25 (Thu, 25 May 2023)
Changed paths:
M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/UIDelegate.mm
Log Message:
-----------
Cherry-pick 7b389848394a. rdar://problem/109853007
REGRESSION(255664 at main): [Lockdown Mode] Switch back to `CaptivePortal` key to avoid shipping apps that use that key
https://bugs.webkit.org/show_bug.cgi?id=252190
<rdar://102422729>
Reviewed by Wenson Hsieh and Chris Dumez.
The Lockdown Mode renaming update done in 255664 at main changed the string used to store
the app-specific user decision about Lockdown Mode use. We did not realize this string
was effectively an API used by other applications.
To avoid breaking behavior, we should revert to use the original key until a proper API
is created.
* Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/UIDelegate.mm:
Canonical link: https://commits.webkit.org/260233@main
Canonical link: https://commits.webkit.org/259548.778@safari-7615-branch
Commit: a71893c9f77d267ea583f5c6a33b0f13497d0ce2
https://github.com/WebKit/WebKit/commit/a71893c9f77d267ea583f5c6a33b0f13497d0ce2
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-05-25 (Thu, 25 May 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7615.3.6
Identifier: 259548.779 at safari-7615-branch
Commit: 27b3c41a193420a8c0ab4deaf2693b95cbb035fd
https://github.com/WebKit/WebKit/commit/27b3c41a193420a8c0ab4deaf2693b95cbb035fd
Author: Dawn Flores <dawn_flores at apple.com>
Date: 2023-05-25 (Thu, 25 May 2023)
Changed paths:
M LayoutTests/platform/mac-wk1/TestExpectations
Log Message:
-----------
Cherry-pick 264542 at main (fca03ab2097e). rdar://106235771
([ WK1 ] 2 http/tests/resourceLoadStatistics/* (layout-tests) are constant failures)
rdar://105804155
Unreviewed test gardening.
These tests need to be skipped on WK1.
* LayoutTests/platform/mac-wk1/TestExpectations:
Canonical link: https://commits.webkit.org/264542@main
Canonical link: https://commits.webkit.org/259548.780@safari-7615-branch
Commit: dbb0655c9d5d901d9e2d0728f98a253a5b821776
https://github.com/WebKit/WebKit/commit/dbb0655c9d5d901d9e2d0728f98a253a5b821776
Author: Kenji Shukuwa <kenji.shukuwa at open-tec.co.jp>
Date: 2023-05-25 (Thu, 25 May 2023)
Changed paths:
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/file_lock.py
Log Message:
-----------
Cherry-pick 264522 at main (86fec1312374). https://bugs.webkit.org/show_bug.cgi?id=257310
[webkitcorepy][Win] Fix NameError error in FileLock after 264321 at main
https://bugs.webkit.org/show_bug.cgi?id=257310
Reviewed by Jonathan Bedard.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/file_lock.py:
(FileLock.acquire):
Canonical link: https://commits.webkit.org/264522@main
Canonical link: https://commits.webkit.org/259548.781@safari-7615-branch
Commit: 9d8c69db76df770982eb4a2e3b09787fa1f3f32e
https://github.com/WebKit/WebKit/commit/9d8c69db76df770982eb4a2e3b09787fa1f3f32e
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-05-25 (Thu, 25 May 2023)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/git-repo.json
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/local/git.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/branch.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pull_request.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/branch_unittest.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/land_unittest.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/pull_request_unittest.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/revert_unittest.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/squash_unittest.py
M Tools/Scripts/webkitpy/common/checkout/scm/git.py
Log Message:
-----------
Cherry-pick 264536 at main (295115e98b2e). rdar://109419012
[git-webkit] Speed up Branch.branch_point
https://bugs.webkit.org/show_bug.cgi?id=256855
rdar://109419012
Reviewed by Elliott Williams.
Calculating the merge-base of a commit and all production branches is actually faster than checking
which branches that commit is a member of. Re-implement branch-point using this techinque.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/git-repo.json: Add identifiers to all commits.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/local/git.py:
(Git.__init__): Pass all arguments to merge-base
(Git.merge_base): Support multiple branch arguments.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/branch.py:
(Branch.branch_point): Calculate the merge-base between the current commit and all potential production branches.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pull_request.py:
(PullRequest.pull_request_branch_point): Early-exit function if branch-point is undefined.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/branch_unittest.py:
(TestBranch.test_branch_point):
(TestBranch.test_branch_point_main):
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/land_unittest.py:
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/pull_request_unittest.py:
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/revert_unittest.py:
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/squash_unittest.py:
Canonical link: https://commits.webkit.org/264536@main
Canonical link: https://commits.webkit.org/259548.782@safari-7615-branch
Commit: 3e4a5e1d52fc9868c5b429e016c06120390f5c53
https://github.com/WebKit/WebKit/commit/3e4a5e1d52fc9868c5b429e016c06120390f5c53
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-05-26 (Fri, 26 May 2023)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pickable.py
Log Message:
-----------
Cherry-pick 264543 at main (5bb3efd51ace). rdar://109840268
[git-webkit] Make more follow-up fixes pickable
https://bugs.webkit.org/show_bug.cgi?id=257335
rdar://109840268
Reviewed by Dewei Zhu.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pickable.py:
(Pickable.pickable): Seperate reverts from follow-up fixes, and be more inclusive of follow-up fixes.
Canonical link: https://commits.webkit.org/264543@main
Canonical link: https://commits.webkit.org/259548.783@safari-7615-branch
Commit: e1ebb63c008085ebe070df66b02dd90148bfc798
https://github.com/WebKit/WebKit/commit/e1ebb63c008085ebe070df66b02dd90148bfc798
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-05-26 (Fri, 26 May 2023)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/local/git.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pull_request.py
Log Message:
-----------
Cherry-pick 264544 at main (bb0606c86b4a). rdar://109860518
[git-webkit] Only reset local main when it contains local commits
https://bugs.webkit.org/enter_bug.cgi?product=WebKit
rdar://109860518
Reviewed by Dewei Zhu.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/local/git.py: Mock --is-ancestor.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pull_request.py:
(PullRequest.pull_request_branch_point): Only reset local branch ref if the local branch ref
is not tracking the remote branch.
Canonical link: https://commits.webkit.org/264544@main
Canonical link: https://commits.webkit.org/259548.784@safari-7615-branch
Commit: f2a2820d312c873be47fbdd12d6be557fae857af
https://github.com/WebKit/WebKit/commit/f2a2820d312c873be47fbdd12d6be557fae857af
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-05-26 (Fri, 26 May 2023)
Changed paths:
A JSTests/stress/resizable-array-buffer-copy-within-length-update.js
M Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h
Log Message:
-----------
[JSC] Recompute length properly when resize happens during TypedArray#copyWithin
https://bugs.webkit.org/show_bug.cgi?id=257387
rdar://109851495
Reviewed by Mark Lam.
copyWithin's side effectful operation can resize resizable ArrayBuffer. We have a code catching this and recompute the appropriate copy count
again, but it can overflow if `to` or `from` are larger than the newly updated `length`. This patch handles this case correctly: returning
since there is no copying content in this case.
* JSTests/stress/resizable-array-buffer-copy-within-length-update.js: Added.
(call_back):
* Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
(JSC::genericTypedArrayViewProtoFuncCopyWithin):
Canonical link: https://commits.webkit.org/259548.785@safari-7615-branch
Commit: c9d2edfda9b00ec2825471d86488c7bd6776364b
https://github.com/WebKit/WebKit/commit/c9d2edfda9b00ec2825471d86488c7bd6776364b
Author: Matthew Finkel <sysrqb at apple.com>
Date: 2023-05-30 (Tue, 30 May 2023)
Changed paths:
A LayoutTests/http/tests/mime/resources/.htaccess
A LayoutTests/http/tests/mime/resources/svg-with-html.svg
A LayoutTests/http/tests/mime/resources/xml-with-html.xml
A LayoutTests/http/tests/mime/svg-with-html-expected.txt
A LayoutTests/http/tests/mime/svg-with-html.html
A LayoutTests/http/tests/mime/xml-with-html-expected.txt
A LayoutTests/http/tests/mime/xml-with-html.html
M Source/WebCore/platform/network/ios/WebCoreURLResponseIOS.mm
Log Message:
-----------
[ios] Prioritize text/plain MIME type over file extension for XML file types
https://bugs.webkit.org/show_bug.cgi?id=257299
rdar://107379119
Reviewed by David Kilzer.
When we receive a file with a text/plain resource, we try harder to find a
better match for the file content, but this can potentially lead to an issue
with some file types like XML. Therefore, if the server says that a file should
be treated as text/plain, and we decide that it is actually XML or SVG, we
prefer using text/plain.
* LayoutTests/http/tests/mime/resources/.htaccess: Added.
* LayoutTests/http/tests/mime/resources/svg-with-html.svg: Added.
* LayoutTests/http/tests/mime/resources/xml-with-html.xml: Added.
* LayoutTests/http/tests/mime/svg-with-html-expected.txt: Added.
* LayoutTests/http/tests/mime/svg-with-html.html: Added.
* LayoutTests/http/tests/mime/xml-with-html-expected.txt: Added.
* LayoutTests/http/tests/mime/xml-with-html.html: Added.
* Source/WebCore/platform/network/ios/WebCoreURLResponseIOS.mm:
(WebCore::shouldPreferTextPlainMIMEType):
(WebCore::adjustMIMETypeIfNecessary):
Canonical link: https://commits.webkit.org/259548.786@safari-7615-branch
Commit: 88ed3825fa4ee17f927da5a03871205bdd4fa461
https://github.com/WebKit/WebKit/commit/88ed3825fa4ee17f927da5a03871205bdd4fa461
Author: Matthew Finkel <sysrqb at apple.com>
Date: 2023-05-30 (Tue, 30 May 2023)
Changed paths:
M Source/WebCore/html/CanvasBase.h
M Source/WebCore/html/HTMLCanvasElement.h
M Source/WebCore/html/OffscreenCanvas.cpp
M Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp
M Source/WebCore/rendering/style/StyleCanvasImage.cpp
Log Message:
-----------
Ensure CanvasBase remains alive while in use
https://bugs.webkit.org/show_bug.cgi?id=257234
rdar://109540621
Reviewed by Chris Dumez.
A HTMLCanvasElement could be destroyed when it calls CanvasBase::setImageBuffer
because that call could trigger a GC. We've seen crashes originating from
HTMLCanvasElement::setImageBufferAndMarkDirty, but this patch adds protection
around other setImageBuffer call sites, as well.
* Source/WebCore/html/CanvasBase.h:
(WebCore::CanvasBase::ref):
(WebCore::CanvasBase::deref):
* Source/WebCore/html/HTMLCanvasElement.h:
* Source/WebCore/html/OffscreenCanvas.cpp:
(WebCore::OffscreenCanvas::create):
(WebCore::OffscreenCanvas::setPlaceholderCanvas):
(WebCore::OffscreenCanvas::pushBufferToPlaceholder):
* Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp:
(WebCore::CanvasRenderingContext2DBase::drawImage):
* Source/WebCore/rendering/style/StyleCanvasImage.cpp:
(WebCore::StyleCanvasImage::image const):
Canonical link: https://commits.webkit.org/259548.787@safari-7615-branch
Commit: 0292d5609d11d00b0fd932159e3b44e5944f3d8d
https://github.com/WebKit/WebKit/commit/0292d5609d11d00b0fd932159e3b44e5944f3d8d
Author: Dawn Flores <dawn_flores at apple.com>
Date: 2023-05-30 (Tue, 30 May 2023)
Changed paths:
A LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/fetch/content-length/api-and-duplicate-headers.any-expected.txt
A LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/fetch/content-length/api-and-duplicate-headers.any.worker-expected.txt
Log Message:
-----------
[ Gardening ] [ Rebasline ] 2X imported/w3c/web-platform-tests/fetch/content-length/api-and-duplicate* (layout-tests) are constant failures
rdar://110026683
Unreviewed test gardening.
* LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/fetch/content-length/api-and-duplicate-headers.any-expected.txt: Added.
* LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/fetch/content-length/api-and-duplicate-headers.any.worker-expected.txt: Added.
Canonical link: https://commits.webkit.org/259548.788@safari-7615-branch
Commit: 20c4a3242226ba1141c4848ac2846da15a45fe5d
https://github.com/WebKit/WebKit/commit/20c4a3242226ba1141c4848ac2846da15a45fe5d
Author: Youenn Fablet <youennf at gmail.com>
Date: 2023-05-30 (Tue, 30 May 2023)
Changed paths:
M Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
Log Message:
-----------
Cherry-pick 7a4f94728cde. rdar://problem/108884055
Webkit PWA in Bad State After Opening in-PWA Webkit Tab
https://bugs.webkit.org/show_bug.cgi?id=256280
rdar://108884055
Reviewed by Chris Dumez.
Network process is registerng a process with pages as service worker clients to a given service worker process.
This allows UIProcess to suspend/resume the service worker process based on all its registered processes.
Our logic to register page processes is working fine.
Our logic to unregister page processes is not working fine if the same process has clients with different origins but the same registrable domain,
for instance a process with a page 'a.example.org' and another page 'b.example.org'.
In that case, when the 'b.example.org' page is gone, we would unregister the process while 'a.example.org' is still running.
We update WebSWServerConnection::unregisterServiceWorkerClient to check for registrable domains of all pages.
Manually tested, we cannot yet write tests with different registrable domains that make use of service workers.
* Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp:
(WebKit::WebSWServerConnection::unregisterServiceWorkerClient):
Canonical link: https://commits.webkit.org/263901@main
Identifier: 259548.789 at safari-7615-branch
Commit: 1e61659a29abac92535b88260139c70709ca9c26
https://github.com/WebKit/WebKit/commit/1e61659a29abac92535b88260139c70709ca9c26
Author: Ryan Reno <rreno at apple.com>
Date: 2023-05-30 (Tue, 30 May 2023)
Changed paths:
A LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window.html
A LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window.js
A LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window.js.headers
A LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window.html
A LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window.js
A LayoutTests/imported/w3c/web-platform-tests/mixed-content/resources/middle-frame.html
M LayoutTests/imported/w3c/web-platform-tests/mixed-content/resources/w3c-import.log
M LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/audio-upgrade.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/audio-upgrade.https.sub.html
M LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/image-upgrade.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/image-upgrade.https.sub.html
A LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/mixed-content-cors.https.sub-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/mixed-content-cors.https.sub.html
M LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/video-upgrade.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/video-upgrade.https.sub.html
M LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/w3c-import.log
M LayoutTests/imported/w3c/web-platform-tests/mixed-content/w3c-import.log
M LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/audio-upgrade.https.sub-expected.txt
M LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/image-upgrade.https.sub-expected.txt
A LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/mixed-content-cors.https.sub-expected.txt
M LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/video-upgrade.https.sub-expected.txt
Log Message:
-----------
Cherry-pick 2f019929ef93. rdar://problem/109676140
[mixed-content] Resync WPT
https://bugs.webkit.org/show_bug.cgi?id=257150
rdar://109676140
Reviewed by Tim Nguyen.
Resync mixed-content tests as of upstream commit
a4d663e6e09213bf599fb3a9dc66a52f2549c7fe
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window.js: Added.
(promise_test):
(promise_test.async t):
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window.js.headers: Added.
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window.js: Added.
(onmessage):
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/resources/middle-frame.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/resources/w3c-import.log:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/audio-upgrade.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/audio-upgrade.https.sub.html:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/image-upgrade.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/image-upgrade.https.sub.html:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/mixed-content-cors.https.sub-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/mixed-content-cors.https.sub.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/video-upgrade.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/video-upgrade.https.sub.html:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/w3c-import.log:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/w3c-import.log:
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/audio-upgrade.https.sub-expected.txt:
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/image-upgrade.https.sub-expected.txt:
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/mixed-content-cors.https.sub-expected.txt: Added.
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/video-upgrade.https.sub-expected.txt:
Canonical link: https://commits.webkit.org/264495@main
Identifier: 259548.790 at safari-7615-branch
Commit: 9316f6e4691e6eff83fc879e1ee96c62936b5b01
https://github.com/WebKit/WebKit/commit/9316f6e4691e6eff83fc879e1ee96c62936b5b01
Author: Matt Woodrow <mattwoodrow at apple.com>
Date: 2023-05-30 (Tue, 30 May 2023)
Changed paths:
A LayoutTests/transforms/3d/hit-testing/hit-preserves-3d-2-expected.txt
A LayoutTests/transforms/3d/hit-testing/hit-preserves-3d-2.html
M Source/WebCore/rendering/RenderLayer.cpp
Log Message:
-----------
Cherry-pick 048b254e9fd9. rdar://problem/110032480
transform-style:preserve-3d has incorrect hit-testing of negative z-index ::after.
https://bugs.webkit.org/show_bug.cgi?id=255028
Reviewed by Simon Fraser.
We call hitTestList with the intention of storing the result in the temporary object 'hitLayer',
and only mutate the final result 'candidateLayer' if the depth test passes.
Unfortunately the 'result' variable is also part of the final output, and this gets mutated
on hitTestList calls that don't pass the depth test.
This creates a temporary 'tempResult' (like we do for the other sections of this function),
and only copies back to 'result' if the depth test passes.
* LayoutTests/transforms/3d/hit-testing/hit-preserves-3d-2-expected.txt: Added.
* LayoutTests/transforms/3d/hit-testing/hit-preserves-3d-2.html: Added.
* Source/WebCore/rendering/RenderLayer.cpp:
(WebCore::RenderLayer::hitTestLayer):
Canonical link: https://commits.webkit.org/262728@main
Identifier: 259548.791 at safari-7615-branch
Commit: f52bc7e18a7ce5930630c0744e92678bed95791d
https://github.com/WebKit/WebKit/commit/f52bc7e18a7ce5930630c0744e92678bed95791d
Author: Charlie Wolfe <charliew at apple.com>
Date: 2023-05-31 (Wed, 31 May 2023)
Changed paths:
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebProcessPool.cpp
M Source/WebKit/UIProcess/WebProcessProxy.h
M Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm
Log Message:
-----------
Process Isolation Bypass via navigating to about:* context
https://bugs.webkit.org/show_bug.cgi?id=257348
rdar://109853048
Reviewed by Chris Dumez and J Pascoe.
This patch fixes an issue where we will never swap processes when navigating from an
about:* page. A compromised WebContent process could leverage this behavior to avoid
swapping processes when navigating to a cross-origin domain.
This is fixed by checking the following when navigating from an about:* page.
- The page has not committed a provisional load to a URL that isn't about:*.
- The source process last loaded a domain from the same origin as the domain we are navigating to.
If neither of these two conditions are met, we won’t reuse the process.
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::didExplicitOpenForFrame):
(WebKit::WebPageProxy::didCommitLoadForFrame):
* Source/WebKit/UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::processForNavigationInternal):
* Source/WebKit/UIProcess/WebProcessProxy.h:
(WebKit::WebProcessProxy::didCommitMeaningfulProvisionalLoad):
(WebKit::WebProcessProxy::hasCommittedAnyMeaningfulProvisionalLoads const):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
Canonical link: https://commits.webkit.org/259548.792@safari-7615-branch
Commit: 758218a8a84ab7fbd074b47544a9013865212907
https://github.com/WebKit/WebKit/commit/758218a8a84ab7fbd074b47544a9013865212907
Author: Matthieu Dubet <m_dubet at apple.com>
Date: 2023-06-01 (Thu, 01 Jun 2023)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/implicit-nesting-expected.html
M LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/implicit-nesting-ref.html
M LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/implicit-nesting.html
M LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/parsing.html
M Source/WebCore/css/CSSSelector.cpp
M Source/WebCore/css/parser/CSSParserImpl.cpp
M Source/WebCore/css/parser/CSSSelectorParser.cpp
Log Message:
-----------
Cherry-pick 22a69c73dd84. rdar://problem/109141615
Cherry-pick 263902 at main (22a69c73dd84). rdar://109141615
[CSS Nesting] Don't serialize the implicit parent selector in relative selector
https://bugs.webkit.org/show_bug.cgi?id=256578
rdar://109141615
Reviewed by Antti Koivisto.
Instead of inserting the implicit parent selector at parse time
(which makes it appears in the serialization),
we insert the resolved parent later (during rule set building).
* LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/implicit-nesting-expected.html:
* LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/implicit-nesting-ref.html:
* LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/implicit-nesting.html:
* LayoutTests/imported/w3c/web-platform-tests/css/css-nesting/parsing.html:
* Source/WebCore/css/CSSSelector.cpp:
(WebCore::CSSSelector::selectorText const):
* Source/WebCore/css/parser/CSSParserImpl.cpp:
(WebCore::CSSParserImpl::consumeStyleRule):
(WebCore::CSSParserImpl::consumeDeclarationListOrStyleBlockHelper):
* Source/WebCore/css/parser/CSSSelectorParser.cpp:
(WebCore::parseCSSSelector):
(WebCore::CSSSelectorParser::consumeRelativeNestedSelector):
(WebCore::CSSSelectorParser::resolveNestingParent):
Canonical link: https://commits.webkit.org/263902@main
Identifier: 259548.793 at safari-7615-branch
Commit: 92a6548afec05882a4abbcd0704b018546c62f16
https://github.com/WebKit/WebKit/commit/92a6548afec05882a4abbcd0704b018546c62f16
Author: Youenn Fablet <youennf at gmail.com>
Date: 2023-06-01 (Thu, 01 Jun 2023)
Changed paths:
A LayoutTests/fast/mediastream/getUserMedia-echoCancellation-expected.txt
A LayoutTests/fast/mediastream/getUserMedia-echoCancellation.html
M Source/WebCore/Modules/mediastream/MediaDevices.cpp
M Source/WebCore/platform/mediastream/MediaConstraints.cpp
M Source/WebCore/platform/mediastream/MediaConstraints.h
Log Message:
-----------
Cherry-pick 3fb10034184d. rdar://problem/110010294
Set echoCancellation to true if not explicitly set within a getUserMedia call
https://bugs.webkit.org/show_bug.cgi?id=257495
rdar://110010294
Reviewed by Eric Carlson.
Before the patch, if the web page does not provide a echoCancellation setting, we would use whatever setting was used by the previous web application using the microphone.
This might break some applications that want echoCancellation but do not set it explicitly.
This change aligns with Chrome's behavior.
* Source/WebCore/Modules/mediastream/MediaDevices.cpp:
(WebCore::MediaDevices::getUserMedia):
* Source/WebCore/platform/mediastream/MediaConstraints.cpp:
(WebCore::MediaConstraints::setDefaultAudioConstraints):
* Source/WebCore/platform/mediastream/MediaConstraints.h:
* LayoutTests/fast/mediastream/getUserMedia-echoCancellation-expected.txt: Added.
* LayoutTests/fast/mediastream/getUserMedia-echoCancellation.html: Added.
Canonical link: https://commits.webkit.org/264721@main
Identifier: 259548.794 at safari-7615-branch
Commit: 32725f4957d96c47da6de775a81ba2b8f6b60f01
https://github.com/WebKit/WebKit/commit/32725f4957d96c47da6de775a81ba2b8f6b60f01
Author: Matthieu Dubet <m_dubet at apple.com>
Date: 2023-06-01 (Thu, 01 Jun 2023)
Changed paths:
A LayoutTests/fast/css/color-mix-various-expected.html
A LayoutTests/fast/css/color-mix-various.html
M Source/WebCore/style/ColorFromPrimitiveValue.cpp
Log Message:
-----------
Cherry-pick 80e4d733b917. rdar://problem/108683501
[CSS] Resolve "currentcolor" with style if possible
https://bugs.webkit.org/show_bug.cgi?id=257255
rdar://108683501
Reviewed by Tim Nguyen.
Ideally, we should never try to resolve "currentcolor" during
style building.
However, for the rare cases where we do it (gradient, drop-shadow)
it's better to use the incomplete style than assuming an absolute color.
* LayoutTests/fast/css/color-mix-various-expected.html: Added.
* LayoutTests/fast/css/color-mix-various.html: Added.
* Source/WebCore/style/ColorFromPrimitiveValue.cpp:
(WebCore::Style::colorFromPrimitiveValueWithResolvedCurrentColor):
* Source/WebCore/style/ElementRuleCollector.cpp:
(WebCore::Style::ElementRuleCollector::addMatchedProperties):
Canonical link: https://commits.webkit.org/264737@main
Identifier: 259548.795 at safari-7615-branch
Commit: 2f8e790f962f42b346c1d9ed08a135e49cc19072
https://github.com/WebKit/WebKit/commit/2f8e790f962f42b346c1d9ed08a135e49cc19072
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-06-01 (Thu, 01 Jun 2023)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/streams/idlharness.any-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/streams/idlharness.any.serviceworker-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/streams/idlharness.any.sharedworker-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/streams/idlharness.any.worker-expected.txt
M Source/WebCore/CMakeLists.txt
M Source/WebCore/DerivedSources-input.xcfilelist
M Source/WebCore/DerivedSources.make
M Source/WebCore/Modules/compression/CompressionStream.js
M Source/WebCore/Modules/compression/DecompressionStream.js
A Source/WebCore/Modules/streams/TransformStream.cpp
A Source/WebCore/Modules/streams/TransformStream.h
M Source/WebCore/Modules/streams/TransformStream.idl
R Source/WebCore/Modules/streams/TransformStream.js
M Source/WebCore/Modules/streams/TransformStreamInternals.js
M Source/WebCore/Sources.txt
M Source/WebCore/WebCore.xcodeproj/project.pbxproj
M Source/WebCore/dom/TextDecoderStream.js
M Source/WebCore/dom/TextEncoderStream.js
Log Message:
-----------
Apply patch. rdar://problem/109409251
Identifier: 259548.796 at safari-7615-branch
Commit: 169a4b7e3f4805d55010f7783b52457fa476cd50
https://github.com/WebKit/WebKit/commit/169a4b7e3f4805d55010f7783b52457fa476cd50
Author: Alexey Shvayka <ashvayka at apple.com>
Date: 2023-06-02 (Fri, 02 Jun 2023)
Changed paths:
A JSTests/stress/regress-108468977.js
M Source/JavaScriptCore/bytecode/PropertyCondition.cpp
M Source/JavaScriptCore/runtime/JSObject.cpp
M Source/JavaScriptCore/runtime/JSObject.h
Log Message:
-----------
[JSC] PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint() should take all put() overrides into account
https://bugs.webkit.org/show_bug.cgi?id=257271
<rdar://108468977>
Reviewed by Yusuke Suzuki.
Currently, PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint() is not taking into account
all existing put() overrides when analyzing side effects of AbsenceOfSetEffect condition, which leads
to incorrect results for e.g. StringObject's "length", which is no-op in sloppy mode yet we rely on
structure being transitioned.
This patch fixes AbsenceOfSetEffect validity check to be more pessimistic when there is overriden put(),
unless it's a common assigment target like JSArray or JSFunction to avoid performance regressions,
all while the helper that checks for special properties with JSObject::definePropertyOnReceiver().
* JSTests/stress/regress-108468977.js: Added.
* Source/JavaScriptCore/bytecode/PropertyCondition.cpp:
(JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint const):
(JSC::nonStructurePropertyMayBecomeReadOnlyWithoutTransition): Deleted.
* Source/JavaScriptCore/runtime/JSObject.cpp:
(JSC::JSObject::mightBeSpecialProperty):
(JSC::JSObject::definePropertyOnReceiver):
(JSC::canDefinePropertyOnReceiverFast): Deleted.
* Source/JavaScriptCore/runtime/JSObject.h:
Canonical link: https://commits.webkit.org/259548.797@safari-7615-branch
Commit: b7e3ebd9c3726e3e84e3b80bc77a6841a0697cf0
https://github.com/WebKit/WebKit/commit/b7e3ebd9c3726e3e84e3b80bc77a6841a0697cf0
Author: Justin Michaud <justin_michaud at apple.com>
Date: 2023-06-02 (Fri, 02 Jun 2023)
Changed paths:
A JSTests/stress/get-concurrently-should-take-cell-lock.js
M Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.cpp
M Source/JavaScriptCore/bytecode/PropertyCondition.cpp
M Source/JavaScriptCore/dfg/DFGGraph.cpp
M Source/JavaScriptCore/runtime/JSArray.cpp
M Source/JavaScriptCore/runtime/JSCell.h
M Source/JavaScriptCore/runtime/JSObject.h
Log Message:
-----------
JSObject::getDirectConcurrently should take the cell lock.
https://bugs.webkit.org/show_bug.cgi?id=257285
rdar://108166258
Reviewed by Yusuke Suzuki.
`JSArray::unshiftCountWithArrayStorage` takes the cell lock and then the
structure lock to prevent the compiler thread from accessing the butterfly
before it is fully initialized.
`JSObject::getDirectConcurrently` only takes the structure lock. This means
that the compiler can take the structure lock, the cell can transition
to a new structure, then unshift can mess up the butterfly, and finally
the compiler thread proceeds to see garbage.
The attached POC only reproduces if waits are introduced to extend the race window.
It seems that the comment above cellLock is outdated, as our current concurrency
protocol to prevent deadlocks is to take the cell lock then the structure lock.
I could not find anywhere that uses the reverse, but if I missed something,
a deadlock will be pretty easy to debug.
* Source/JavaScriptCore/runtime/JSArray.cpp:
(JSC::JSArray::unshiftCountWithArrayStorage):
* Source/JavaScriptCore/runtime/JSCell.h:
(JSC::JSCell::cellLock const):
(JSC::JSCell::cellLock): Deleted.
* Source/JavaScriptCore/runtime/JSObject.h:
(JSC::JSObject::getDirectConcurrently const):
Canonical link: https://commits.webkit.org/259548.798@safari-7615-branch
Commit: 29daeb40cf6a11b1e644365412e43434e346996a
https://github.com/WebKit/WebKit/commit/29daeb40cf6a11b1e644365412e43434e346996a
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-06-05 (Mon, 05 Jun 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7615.3.7
Identifier: 259548.799 at safari-7615-branch
Commit: 1f4eda3d2cabdd6c7ffe9b0d9b48fff49667c72e
https://github.com/WebKit/WebKit/commit/1f4eda3d2cabdd6c7ffe9b0d9b48fff49667c72e
Author: Alan Baradlay <zalan at apple.com>
Date: 2023-06-05 (Mon, 05 Jun 2023)
Changed paths:
M Source/WebCore/layout/formattingContexts/inline/InlineFormattingGeometry.cpp
Log Message:
-----------
Cherry-pick 264579 at main (9d3c89bfe30c). <rdar://108742128>
[IFC][Float] Incorrectly placed float boxes may generate series of empty lines
https://bugs.webkit.org/show_bug.cgi?id=257261
<rdar://108742128>
Reviewed by Antti Koivisto.
When intrusive floats prevent us from placing any content at the current vertical position,
the candidate position for the next line is computed by looking at such intrusive floats.
e.g.
Two float boxes with the inline content of "foobar".
_______ _______
| | | |
| left | | right |
|_______| | |
|_______|
1. "foobar" does not fit at y: 0 (overlaps "left").
2. we find 2 intrusive floats at y: 0
3. vertical position for next line is at the bottom of "left1"
This is rather simple, but if float placement bugs produce some vertical gaps between floats
e.g.
_______ _______
| | | |
| left1 | | right |
|_______| | |
|_______|
_______
| |
| left2 |
|_______|
(note that left2 is supposed to be vertically adjacent to left1)
Now if we run line layout:
1. "foobar" does not fit at y: 0 -> vertical position for next line is at the bottom of "left1"
2. "foobar" still does not fit (assume it overlaps "right") -> position for next line is at the bottom of "right"
3. now assume that "foobar" is tall and it does not fit between the bottom of the "right" and the top of this incorrectly placed "left2"
_______ _______
| | | |
| left1 | | right |
|_______| | |
|_______|
____
|
|___
_|_____
| | |
| | |
|_______|
running "let's find the position for next line by avoiding intrusive floats" logic in InlineFormattingGeometry::logicalTopForNextLine()
finds no intrusive float at the bottom of the "right" float (that's what #2 computed as candidate position).
This is an unexpected state (we assert) and in order not to get stuck on the same vertical position we advance by 1px for the next line hoping we would be able to place "foobar" there.
While it helps to avoid forever looping, if the gap between the bottom of the "right" and the top of the "left2" is
wide we may end up producing thousands of empty lines until we reach the top of the "left2" float box and finally get out of this unexpected state.
In this patch, instead of advancing by 1px, we jump right to the bottom of the "left2" float box (bottom of all the floats in this floating context) and continue from there.
* Source/WebCore/layout/formattingContexts/inline/InlineFormattingGeometry.cpp:
(WebCore::Layout::InlineFormattingGeometry::logicalTopForNextLine const): move float handling to a helper (intrusiveFloatBottom) and return
the max of floatingContext.bottom() and lineLogicalRect.bottom().
Canonical link: https://commits.webkit.org/264579@main
Canonical link: https://commits.webkit.org/259548.800@safari-7615-branch
Commit: 61b244e285212769e72e5e571ff3d121938f9413
https://github.com/WebKit/WebKit/commit/61b244e285212769e72e5e571ff3d121938f9413
Author: Youenn Fablet <youennf at gmail.com>
Date: 2023-06-06 (Tue, 06 Jun 2023)
Changed paths:
A LayoutTests/http/wpt/service-workers/service-worker-pending-job-cancel-expected.txt
A LayoutTests/http/wpt/service-workers/service-worker-pending-job-cancel-worker.js
A LayoutTests/http/wpt/service-workers/service-worker-pending-job-cancel.html
M Source/WebCore/workers/service/ServiceWorkerJob.cpp
Log Message:
-----------
jsc_fuz/wktr: *very flaky* null ptr deref in WebCore::WorkerScriptLoader::cancel() + 20 (WorkerScriptLoader.cpp:351)
https://bugs.webkit.org/show_bug.cgi?id=257568
rdar://109658530
Reviewed by David Kilzer.
Make sure to use the local variable loader instead of m_scriptLoader which is nullified just before.
Switch to std::exchange since it is more semantically correct.
* LayoutTests/http/wpt/service-workers/service-worker-pending-job-cancel-expected.txt: Added.
* LayoutTests/http/wpt/service-workers/service-worker-pending-job-cancel-worker.js: Added.
* LayoutTests/http/wpt/service-workers/service-worker-pending-job-cancel.html: Added.
* Source/WebCore/workers/service/ServiceWorkerJob.cpp:
(WebCore::ServiceWorkerJob::notifyFinished):
(WebCore::ServiceWorkerJob::cancelPendingLoad):
Canonical link: https://commits.webkit.org/259548.801@safari-7615-branch
Commit: bc09b6fca3255742370fdd150cf9627b53794c1e
https://github.com/WebKit/WebKit/commit/bc09b6fca3255742370fdd150cf9627b53794c1e
Author: Ryan Reno <rreno at apple.com>
Date: 2023-06-06 (Tue, 06 Jun 2023)
Changed paths:
M LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt
M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe.html
A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe.html
M LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked-expected.txt
M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html
M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html
M LayoutTests/http/tests/security/referrer-policy-header-multipart.html
M LayoutTests/http/tests/security/referrer-policy-header-test.js
M LayoutTests/http/tests/security/referrer-policy-header.html
M LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-always.html
M LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-default.html
M LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-never.html
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer.html
M LayoutTests/http/tests/security/referrer-policy-https-origin-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-origin.html
M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url.html
M LayoutTests/http/tests/security/resources/postReferrer.py
M LayoutTests/http/tests/security/resources/referrer-policy-log.py
M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-getCurrentPosition.html
M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-watchPosition.html
M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-meta-tag.py
M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.py
R LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http-expected.txt
R LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html
M LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window-expected.txt
A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/nested-documents-expected.txt
A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/unlock-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
M LayoutTests/platform/win/TestExpectations
M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt
M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt
R LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
M Source/WebCore/Modules/websockets/WebSocket.cpp
M Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp
M Source/WebCore/html/HTMLFormElement.cpp
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/DocumentThreadableLoader.cpp
M Source/WebCore/loader/MixedContentChecker.cpp
M Source/WebCore/loader/MixedContentChecker.h
M Source/WebCore/loader/SubframeLoader.cpp
M Source/WebCore/loader/cache/CachedResourceLoader.cpp
Log Message:
-----------
Framed pages have ability to bypass Mixed Content restrictions
https://bugs.webkit.org/show_bug.cgi?id=257331
rdar://109100886
Reviewed by Brent Fulgham.
It is possible to bypass mixed content restrictions in pages which are
framed. There are actually two issues here: secure frames embedded in
insecure frames can bypass and frames which are sandboxed can bypass.
In the former case we are only checking the for mixed content in the
frame making the request as well as the top frame. So if an insecure frame
embeds a secure frame, that secure frame could then embed an insecure frame and
make mixed content requests without being blocked since the middle frame
is not checked against the URL for mixed content.
For the latter case we check whether or not the security origin
of the requestor has an "https" protocol. The problem is sandboxed iframes
are given an opaque origin which does not have the "https" protocol (or
any protocol for that matter) and so we were skipping the mixed content check.
This patch cleans up the MixedContentChecker implementation and fixes
these two methods of bypass. This is accomplished by 1) checking the entire
ancestor frame path from the requestor up to the top frame and 2) considering
what the protocol of the security origin for the frame making the
request would have been if it were not opaque. We special case a main resource
load in the DocumentLoader by checking for mixed content starting from the parent frame.
Otherwise we would block an insecure main frame from navigating a secure
iframe to an insecure URL which is allowed by other browser engines.
LayoutTests/http/tests/security:
Rewrote some tests to no longer use HTTP iframes in HTTPS frames
which is now blocked. These changes also include new console output
for mixed content blocking messages.
* LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http-expected.txt: Removed.
* LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html: Removed.
This test is no longer needed. We now block loading a HTTP iframe
in a middle HTTPS frame so the innermost frame would never have a
chance to load a worker anyway.
* LayoutTests/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window-expected.txt:
LayoutTests/platform:
Updated platform-specific expectations.
* Source/WebCore/Modules/websockets/WebSocket.cpp:
(WebCore::WebSocket::connect):
* Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
(WebCore::WorkerThreadableWebSocketChannel::Bridge::connect):
* Source/WebCore/html/HTMLFormElement.cpp:
(WebCore::HTMLFormElement::parseAttribute):
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::willSendRequest):
* Source/WebCore/loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::loadRequest):
Source/WebCore/loader/MixedContentChecker:
Refactor the MixedContentChecker to expose a more clear API.
isMixedContent was never called by client code and canDisplay and
canShow functions should be more clear that they will be checking
the entire frame ancestor hierarchy so clients don't try to do that
themselves. Move helpers to be static functions in the .cpp file.
* Source/WebCore/loader/MixedContentChecker.cpp:
(WebCore::isMixedContent):
(WebCore::foundMixedContentInFrameTree):
(WebCore::MixedContentChecker::frameAndAncestorsCanDisplayInsecureContent):
(WebCore::MixedContentChecker::frameAndAncestorsCanRunInsecureContent):
(WebCore::MixedContentChecker::checkFormForMixedContent):
(WebCore::MixedContentChecker::checkForMixedContentInFrameTree): Deleted.
(WebCore::MixedContentChecker::isMixedContent): Deleted.
(WebCore::MixedContentChecker::canDisplayInsecureContent): Deleted.
(WebCore::MixedContentChecker::canRunInsecureContent): Deleted.
* Source/WebCore/loader/MixedContentChecker.h:
* Source/WebCore/loader/SubframeLoader.cpp:
(WebCore::FrameLoader::SubframeLoader::pluginIsLoadable):
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::checkInsecureContent const):
Canonical link: https://commits.webkit.org/259548.802@safari-7615-branch
Commit: ed34e0fc30a6c1ab6fa6fc53b71b3de931723889
https://github.com/WebKit/WebKit/commit/ed34e0fc30a6c1ab6fa6fc53b71b3de931723889
Author: Rob Buis <rbuis at igalia.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
A LayoutTests/fast/media/print-video-crash-expected.txt
A LayoutTests/fast/media/print-video-crash.html
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Source/WebKit/WebProcess/WebPage/WebPage.messages.in
M Tools/WebKitTestRunner/TestController.cpp
Log Message:
-----------
Cherry-pick 263022.8 at webkit-2023.4-embargoed (221c50b850f8). rdar://89084798
Make sure end printing is handled before PrintFrame
https://bugs.webkit.org/show_bug.cgi?id=237291
rdar://89084798
Reviewed by Chris Dumez.
To ensure end printing is handled (and layer tree is unfrozen)
introduce a completion handler on EndPrinting and tie its completion
to the completion handler in WebPageProxy::printFrame.
Also do not call endPrinting from TestController.cpp since
WebPageProxy::printFrame takes care of that.
* LayoutTests/fast/media/print-video-crash-expected.txt: Added.
* LayoutTests/fast/media/print-video-crash.html: Added.
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::printFrame):
(WebKit::WebPageProxy::endPrinting):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::endPrinting):
* Source/WebKit/WebProcess/WebPage/WebPage.h:
(WebKit::WebPage::endPrinting):
(WebKit::WebPage::endPrintingDuringDOMPrintOperation):
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:
* Tools/WebKitTestRunner/TestController.cpp:
(WTR::printFrame):
Canonical link: https://commits.webkit.org/263022.8@webkit-2023.4-embargoed
Canonical link: https://commits.webkit.org/259548.803@safari-7615-branch
Commit: a4de140c086157bfbc0c003c91bb4d8edf7c5dda
https://github.com/WebKit/WebKit/commit/a4de140c086157bfbc0c003c91bb4d8edf7c5dda
Author: Rob Buis <rbuis at igalia.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
A LayoutTests/fast/canvas/canvas-print-crash-expected.txt
A LayoutTests/fast/canvas/canvas-print-crash.html
Log Message:
-----------
Cherry-pick 263022.9 at webkit-2023.4-embargoed (a0645306d06d). rdar://102860360
Add test case for bug 251370
https://bugs.webkit.org/show_bug.cgi?id=251370
rdar://102860360
Reviewed by Chris Dumez.
Already fixed by https://commits.webkit.org/263022.8@webkit-2023.4-embargoed, but
add this test for completeness.
* LayoutTests/fast/canvas/canvas-print-crash-expected.txt: Added.
* LayoutTests/fast/canvas/canvas-print-crash.html: Added.
Canonical link: https://commits.webkit.org/263022.9@webkit-2023.4-embargoed
Canonical link: https://commits.webkit.org/259548.804@safari-7615-branch
Commit: 3550ea5e0324e103a800de8fdf71de03d97238b1
https://github.com/WebKit/WebKit/commit/3550ea5e0324e103a800de8fdf71de03d97238b1
Author: Sammy Gill <sammy.gill at apple.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/css/css-logical/parsing/margin-block-inline-computed-expected.txt
M LayoutTests/platform/mac-wk1/TestExpectations
M LayoutTests/platform/mac/TestExpectations
M Source/WebCore/css/ComputedStyleExtractor.cpp
M Source/WebCore/rendering/RenderBox.cpp
M Source/WebCore/rendering/RenderBox.h
Log Message:
-----------
getComputedStyle isLayoutDependent should return true for logical margin properties.
rdar://110266135
Reviewed by Alan Baradlay.
When we try to get the value of a margin using its equivalent logical property,
we will run into a debug ASSERT(!needsLayout()!) that gets triggered because
the logical properties do not return true for isLayoutDependent when they should.
Now, we will force a layout to occur for these properties before trying to
determine their value.
* LayoutTests/imported/w3c/web-platform-tests/css/css-logical/parsing/margin-block-inline-computed-expected.txt:
* LayoutTests/platform/mac-wk1/TestExpectations:
* LayoutTests/platform/mac/TestExpectations:
* Source/WebCore/css/ComputedStyleExtractor.cpp:
(WebCore::formattingContextRootStyle):
(WebCore::physicalToFlowRelativeDirection):
(WebCore::flowRelativeToPhysicalDirection):
(WebCore::toMarginTrimType):
(WebCore::toMarginPropertyID):
(WebCore::isLayoutDependent):
(WebCore::ComputedStyleExtractor::valueForPropertyInStyle):
* Source/WebCore/rendering/RenderBox.cpp:
(WebCore::RenderBox::physicalToFlowRelativeDirectionMapping const): Deleted.
(WebCore::flowRelativeDirectionToMarginTrimType): Deleted.
* Source/WebCore/rendering/RenderBox.h:
Canonical link: https://commits.webkit.org/259548.805@safari-7615-branch
Commit: 8c5fe8ed43271874e1db75f8e6d4265dcaed2699
https://github.com/WebKit/WebKit/commit/8c5fe8ed43271874e1db75f8e6d4265dcaed2699
Author: Ryan Reno <rreno at apple.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
A LayoutTests/media/media-session/actionHandler-no-document-leak-expected.txt
A LayoutTests/media/media-session/actionHandler-no-document-leak.html
A LayoutTests/media/media-session/resources/media-session-action-handler-document-leak-frame.html
M Source/WebCore/Modules/mediasession/MediaSessionActionHandler.h
M Source/WebCore/Modules/mediasession/MediaSessionActionHandler.idl
Log Message:
-----------
Cherry-pick 56280cdcbd8a. rdar://problem/105112595
The Document object is leaked on some pages using media (like YouTube.com)
https://bugs.webkit.org/show_bug.cgi?id=251835
rdar://105112595
Reviewed by Chris Dumez.
By default a callback holds a Strong<> reference to the JS Function
object. This has the effect of making the callback a GC root. Another
option is to annotate the callback with the IsWeakCallback extended
attribute which will hold the callback object as a Weak reference and
keep it alive via the visitJSFunction mechanism instead of making it a
root.
In the case of MediaSessionActionHandler the strong reference will
prevent an HTMLDocument from being garbage collected even after
navigating away and clearing the caches (after a low memory warning, for
example). This change adds the IsWeakCallback attribute and the
necessary virtual function to the MediaSessionActionHandler base class.
LayoutTests:
Add a test to check that action handlers installed by the page are
not leaked. Use an iframe to install and exercise the action
handlers before the iframe is navigated away and a garbage
collection is triggered (repeatedly). If after 500 attempts at GC
the document containing the action handlers still exists we consider
the document leaked.
* LayoutTests/media/media-session/actionHandler-no-document-leak-expected.txt: Added.
* LayoutTests/media/media-session/actionHandler-no-document-leak.html: Added.
* LayoutTests/media/media-session/resources/media-session-action-handler-document-leak-frame.html: Added.
* Source/WebCore/Modules/mediasession/MediaSessionActionHandler.h:
* Source/WebCore/Modules/mediasession/MediaSessionActionHandler.idl:
Canonical link: https://commits.webkit.org/263660@main
Identifier: 259548.806 at safari-7615-branch
Commit: 3b73de9261bd625062401d54c8b6e7e6e9b25ea9
https://github.com/WebKit/WebKit/commit/3b73de9261bd625062401d54c8b6e7e6e9b25ea9
Author: Ryan Reno <rreno at apple.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
A LayoutTests/fast/canvas/canvas-gradient-can-outlive-context-expected.txt
A LayoutTests/fast/canvas/canvas-gradient-can-outlive-context.html
A LayoutTests/fast/canvas/canvas-state-stack-gradient-expected.txt
A LayoutTests/fast/canvas/canvas-state-stack-gradient.html
A LayoutTests/http/tests/canvas/ctx.2d-canvas-style-no-document-leak-expected.txt
A LayoutTests/http/tests/canvas/ctx.2d-canvas-style-no-document-leak.html
A LayoutTests/http/tests/canvas/resources/background.png
A LayoutTests/http/tests/canvas/resources/ctx.2d-fillStyle-color.html
A LayoutTests/http/tests/canvas/resources/ctx.2d-fillStyle-gradient.html
A LayoutTests/http/tests/canvas/resources/ctx.2d-fillStyle-pattern.html
M Source/WebCore/html/canvas/CanvasGradient.cpp
M Source/WebCore/html/canvas/CanvasGradient.h
M Source/WebCore/html/canvas/CanvasStyle.cpp
M Source/WebCore/html/canvas/CanvasStyle.h
Log Message:
-----------
Cherry-pick ade36a336115. rdar://problem/108845985
HTMLCanvasElement is orphaned causing a HTMLDocument leak on YouTube video pages
https://bugs.webkit.org/show_bug.cgi?id=256262
rdar://108845985
Reviewed by Darin Adler.
CanvasRenderingContext2DBase has a State stack for setting up drawing
state. Two of the fields - strokeStyle and fillStyle - each hold CanvasStyle
objects. These objects may be set with colors or images or gradients. In
the case of a CanvasGradient, the gradient has a strong reference
to the context which creates a reference cycle.
CanvasRenderingContext2DBase -> State -> CanvasStyle -> CanvasGradient -> CanvasRenderingContext(2DBase)
What makes this cycle dangerous is the CanvasRenderingContext will
increase the ref count of an HTMLCanvasElement which, being a Node, will
increment the referencingNodeCount of a Document object. So if a
gradient is set on the context's fillStyle or strokeStyle we can cause a
Document leak if the state is never cleared like on YouTube video pages.
This patch changes the CanvasGradient object to hold a weak reference to
the CanvasRenderingContext instead of a strong reference which breaks the cycle.
* LayoutTests/fast/canvas
Add tests to verify the now-decoupled lifetimes of gradient and
context do not cause crashes.
* LayoutTests/fast/canvas/canvas-gradient-can-outlive-context-expected.txt: Added.
* LayoutTests/fast/canvas/canvas-gradient-can-outlive-context.html: Added.
* LayoutTests/fast/canvas/canvas-state-stack-gradient-expected.txt: Added.
* LayoutTests/fast/canvas/canvas-state-stack-gradient.html: Added.
* LayoutTests/http/tests/canvas
Add a test to verify that setting the style of a 2D canvas context
does not leak Documents.
* LayoutTests/http/tests/canvas/ctx.2d-canvas-style-no-document-leak-expected.txt: Added.
* LayoutTests/http/tests/canvas/ctx.2d-canvas-style-no-document-leak.html: Added.
* LayoutTests/http/tests/canvas/resources/background.png: Added.
* LayoutTests/http/tests/canvas/resources/ctx.2d-fillStyle-color.html: Added.
* LayoutTests/http/tests/canvas/resources/ctx.2d-fillStyle-gradient.html: Added.
* LayoutTests/http/tests/canvas/resources/ctx.2d-fillStyle-pattern.html: Added.
* Source/WebCore/html/canvas/CanvasGradient.cpp:
(WebCore::CanvasGradient::addColorStop):
* Source/WebCore/html/canvas/CanvasGradient.h:
* Source/WebCore/html/canvas/CanvasStyle.cpp:
(WebCore::parseColor):
Since the gradient can outlive the context that created it, we need
to be able to parse colors without having a CSSParserContext
reference. This overload calls CSSParser::parseColorWithoutContext
in that case.
* Source/WebCore/html/canvas/CanvasStyle.h:
(WebCore::CanvasStyle::canvasGradient const):
Canonical link: https://commits.webkit.org/263774@main
Identifier: 259548.807 at safari-7615-branch
Commit: 068e12f25f61d2d6cf02ea29bc248ade66155150
https://github.com/WebKit/WebKit/commit/068e12f25f61d2d6cf02ea29bc248ade66155150
Author: Matt Woodrow <mattwoodrow at apple.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M Source/WebCore/rendering/RenderLayerBacking.cpp
Log Message:
-----------
Cherry-pick 282f60810467. rdar://problem/108866016
Canvas will intermittently come up blurry and remain so.
https://bugs.webkit.org/show_bug.cgi?id=256260
Reviewed by Simon Fraser.
The unscaled bitmap optimization uses backing stores that don't have device scaling applied, when the result would be identical.
We need to make sure it gets re-evaluated if the size of the canvas backing store changes, this patch makes sure we schedule a compositing layer update for that to happen.
I haven't found a way to test this yet, capturing the layer tree as text (as other tests of this feature do) implicitly forces a compositing layer update, hiding the bug.
* Source/WebCore/rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::contentChanged):
Canonical link: https://commits.webkit.org/264699@main
Identifier: 259548.808 at safari-7615-branch
Commit: 0a592f3136fa459665929997bec6630f702ba524
https://github.com/WebKit/WebKit/commit/0a592f3136fa459665929997bec6630f702ba524
Author: Tim Nguyen <ntim at apple.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
A LayoutTests/fullscreen/event-listener-prefixed-unprefixed-document-expected.html
A LayoutTests/fullscreen/event-listener-prefixed-unprefixed-document.html
M Source/WebCore/dom/FullscreenManager.cpp
Log Message:
-----------
Cherry-pick fced3c933266. rdar://problem/109373298
REGRESSION(257658 at main): Unable to exit fullscreen from video controls on bleacherreport.com
https://bugs.webkit.org/show_bug.cgi?id=257616
rdar://109373298
Reviewed by Jer Noble.
The website was using an event listener for both prefixed & unprefixed APIs on the document object, causing the
library's event listener to fire twice and wrongly track the fullscreen state.
To fix this, extend the check from 260651 at main to cover document event listners as well.
* LayoutTests/fullscreen/event-listener-prefixed-unprefixed-document-expected.html: Added.
* LayoutTests/fullscreen/event-listener-prefixed-unprefixed-document.html: Added.
* Source/WebCore/dom/FullscreenManager.cpp:
(WebCore::FullscreenManager::dispatchEventForNode):
Canonical link: https://commits.webkit.org/264814@main
Identifier: 259548.809 at safari-7615-branch
Commit: 84e53d91960d61e72da415bb67cc1f842c7e3e93
https://github.com/WebKit/WebKit/commit/84e53d91960d61e72da415bb67cc1f842c7e3e93
Author: Ryan Reno <rreno at apple.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
A LayoutTests/media/media-session/actionHandler-lifetime-expected.txt
A LayoutTests/media/media-session/actionHandler-lifetime.html
M Source/WebCore/Modules/mediasession/MediaSession.cpp
M Source/WebCore/Modules/mediasession/MediaSession.h
M Source/WebCore/Modules/mediasession/MediaSession.idl
M Source/WebCore/Modules/mediasession/MediaSessionActionHandler.h
M Source/WebCore/Sources.txt
M Source/WebCore/WebCore.xcodeproj/project.pbxproj
A Source/WebCore/bindings/js/JSMediaSessionCustom.cpp
Log Message:
-----------
Cherry-pick e938617efad6. rdar://problem/105112595
Cherry-pick 263868 at main (e938617efad6). rdar://105112595
The Document object is leaked on some pages using media (like YouTube.com)
https://bugs.webkit.org/show_bug.cgi?id=251835
rdar://105112595
Reviewed by Chris Dumez.
Re-land of 263660 at main (and 263715 at main) fixing crashes due to
prematurely garbage collected MediaSessionActionHandler JS wrappers.
By default a callback holds a Strong<> reference to the JS Function
object. This has the effect of making the callback a GC root. Another
option is to annotate the callback with the IsWeakCallback extended
attribute which will hold the callback object as a Weak reference and
keep it alive via the visitJSFunction mechanism instead of making it a
root.
In the case of MediaSessionActionHandler the strong reference will
prevent an HTMLDocument from being garbage collected even after
navigating away and clearing the caches (after a low memory warning, for
example). This change adds the IsWeakCallback attribute and the
necessary virtual function to the MediaSessionActionHandler base class
and makes changes to allow the MediaSession to mark any action handlers
that have been added to it.
LayoutTests:
Add a test to check that action handlers installed by the page are
not leaked. Use an iframe to install and exercise the action
handlers before the iframe is navigated away and a garbage
collection is triggered (repeatedly). If after 500 attempts at GC
the document containing the action handlers still exists we consider
the document leaked.
Also add a test to check that action handlers survive garbage
collection and can be called when appropriate.
* LayoutTests/media/media-session/actionHandler-lifetime-expected.txt: Added.
* LayoutTests/media/media-session/actionHandler-lifetime.html: Added.
* LayoutTests/media/media-session/actionHandler-no-document-leak-expected.txt: Added.
* LayoutTests/media/media-session/actionHandler-no-document-leak.html: Added.
* LayoutTests/media/media-session/resources/media-session-action-handler-document-leak-frame.html: Added.
* Source/WebCore/Modules/mediasession/MediaSession.cpp:
(WebCore::MediaSession::virtualHasPendingActivity const):
(WebCore::MediaSession::setActionHandler):
(WebCore::MediaSession::callActionHandler):
* Source/WebCore/Modules/mediasession/MediaSession.h:
(WebCore::MediaSession::hasActiveActionHandlers const):
(WebCore::MediaSession::visitActionHandlers const):
* Source/WebCore/Modules/mediasession/MediaSession.idl:
* Source/WebCore/Modules/mediasession/MediaSessionActionHandler.h:
* Source/WebCore/Modules/mediasession/MediaSessionActionHandler.idl:
* Source/WebCore/Sources.txt:
* Source/WebCore/WebCore.xcodeproj/project.pbxproj:
* Source/WebCore/bindings/js/JSMediaSessionCustom.cpp: Added.
(WebCore::JSMediaSession::visitAdditionalChildren):
Canonical link: https://commits.webkit.org/263868@main
Identifier: 259548.810 at safari-7615-branch
Commit: b401793c232bc65be6f29979d1d1c90820a054d3
https://github.com/WebKit/WebKit/commit/b401793c232bc65be6f29979d1d1c90820a054d3
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
R LayoutTests/fast/canvas/canvas-gradient-can-outlive-context-expected.txt
R LayoutTests/fast/canvas/canvas-gradient-can-outlive-context.html
R LayoutTests/fast/canvas/canvas-state-stack-gradient-expected.txt
R LayoutTests/fast/canvas/canvas-state-stack-gradient.html
R LayoutTests/http/tests/canvas/ctx.2d-canvas-style-no-document-leak-expected.txt
R LayoutTests/http/tests/canvas/ctx.2d-canvas-style-no-document-leak.html
R LayoutTests/http/tests/canvas/resources/background.png
R LayoutTests/http/tests/canvas/resources/ctx.2d-fillStyle-color.html
R LayoutTests/http/tests/canvas/resources/ctx.2d-fillStyle-gradient.html
R LayoutTests/http/tests/canvas/resources/ctx.2d-fillStyle-pattern.html
M Source/WebCore/html/canvas/CanvasGradient.cpp
M Source/WebCore/html/canvas/CanvasGradient.h
M Source/WebCore/html/canvas/CanvasStyle.cpp
M Source/WebCore/html/canvas/CanvasStyle.h
Log Message:
-----------
Revert ade36a33611 rdar://108845985
* LayoutTests/fast/canvas/canvas-gradient-can-outlive-context-expected.txt: Removed.
* LayoutTests/fast/canvas/canvas-gradient-can-outlive-context.html: Removed.
* LayoutTests/fast/canvas/canvas-state-stack-gradient-expected.txt: Removed.
* LayoutTests/fast/canvas/canvas-state-stack-gradient.html: Removed.
* LayoutTests/http/tests/canvas/ctx.2d-canvas-style-no-document-leak-expected.txt: Removed.
* LayoutTests/http/tests/canvas/ctx.2d-canvas-style-no-document-leak.html: Removed.
* LayoutTests/http/tests/canvas/resources/background.png: Removed.
* LayoutTests/http/tests/canvas/resources/ctx.2d-fillStyle-color.html: Removed.
* LayoutTests/http/tests/canvas/resources/ctx.2d-fillStyle-gradient.html: Removed.
* LayoutTests/http/tests/canvas/resources/ctx.2d-fillStyle-pattern.html: Removed.
* Source/WebCore/html/canvas/CanvasGradient.cpp:
(WebCore::CanvasGradient::addColorStop):
* Source/WebCore/html/canvas/CanvasGradient.h:
* Source/WebCore/html/canvas/CanvasStyle.cpp:
* Source/WebCore/html/canvas/CanvasStyle.h:
Identifier: 259548.811 at safari-7615-branch
Commit: 5e250c9fb3d77d69f886a3d512197601f4b4f4a5
https://github.com/WebKit/WebKit/commit/5e250c9fb3d77d69f886a3d512197601f4b4f4a5
Author: Charlie Wolfe <charliew at apple.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M Source/WebKit/UIProcess/API/C/WKPage.cpp
M Source/WebKit/UIProcess/API/C/WKPage.h
M Source/WebKit/UIProcess/WebProcessProxy.cpp
M Source/WebKit/UIProcess/WebProcessProxy.h
M Tools/WebKitTestRunner/TestController.cpp
Log Message:
-----------
REGRESSION(259548.792 at safari-7615-branch) http/tests/contentextensions/block-everything-unless-domain-redirect.py & http/tests/loading/preload-append-scan.py are failing
https://bugs.webkit.org/show_bug.cgi?id=257833
rdar://110350341
Reviewed by Alex Christensen.
259548.792 at safari-7615-branch made a change where we will swap processes when navigating from about:blank when
the current process has made a provisional load to a URL that was not about:*. This state was not reset between
tests, and since about:blank is loaded between each test, we would process swap in cases where we previously
hadn’t when running tests. Let’s fix this by clearing this state on `WebProcessProxy` between each test run.
* Source/WebKit/UIProcess/API/C/WKPage.cpp:
(WKPageResetProcessState):
* Source/WebKit/UIProcess/API/C/WKPage.h:
* Source/WebKit/UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::resetState):
* Source/WebKit/UIProcess/WebProcessProxy.h:
* Tools/WebKitTestRunner/TestController.cpp:
(WTR::TestController::resetStateToConsistentValues):
Canonical link: https://commits.webkit.org/259548.812@safari-7615-branch
Commit: 47ed6aa2ea8881708815815e4749fd6cc5c6d90d
https://github.com/WebKit/WebKit/commit/47ed6aa2ea8881708815815e4749fd6cc5c6d90d
Author: Ryan Reno <rreno at apple.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
A LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation-expected.txt
A LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation.html
A LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation-expected.txt
A LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation.html
M Source/WebCore/loader/FrameLoader.cpp
M Source/WebCore/loader/NavigationRequester.cpp
M Source/WebCore/loader/NavigationRequester.h
Log Message:
-----------
Block sandboxed frames from navigating to javascript URLs without allow-scripts sandbox flag.
https://bugs.webkit.org/show_bug.cgi?id=257824
rdar://108462161
Reviewed by Alex Christensen.
Sandboxed iframes could execute script in a target frame by navigating
the frame to a javascript: URL. For example, the top frame when the
iframe has the sandbox flag "allow-top-navigation". This change checks to see if
the "allow-scripts" flag is set before executing the URL in the target frame.
* LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation-expected.txt: Added.
* LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation.html: Added.
* LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation-expected.txt: Added.
* LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation.html: Added.
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::executeJavaScriptURL):
* Source/WebCore/loader/NavigationRequester.cpp:
(WebCore::NavigationRequester::from):
* Source/WebCore/loader/NavigationRequester.h:
(WebCore::NavigationRequester::encode const):
(WebCore::NavigationRequester::decode):
Canonical link: https://commits.webkit.org/259548.813@safari-7615-branch
Commit: 7751cb1beada0f0a1833161c446b5e29eb872911
https://github.com/WebKit/WebKit/commit/7751cb1beada0f0a1833161c446b5e29eb872911
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M Source/WebCore/html/canvas/CanvasRenderingContext.h
Log Message:
-----------
Cherry-pick ade36a336 and Apply patch. rdar://problem/108845985
Identifier: 259548.814 at safari-7615-branch
Commit: 7b6d48342b8277129dd365d80e234413bfa964da
https://github.com/WebKit/WebKit/commit/7b6d48342b8277129dd365d80e234413bfa964da
Author: Andy Estes <aestes at apple.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M Source/WebKit/GPUProcess/media/RemoteMediaPlayerManagerProxy.cpp
M Source/WebKit/GPUProcess/media/RemoteMediaPlayerManagerProxy.h
M Source/WebKit/GPUProcess/media/RemoteMediaPlayerManagerProxy.messages.in
M Source/WebKit/WebProcess/GPU/media/RemoteMediaPlayerManager.cpp
M Source/WebKit/WebProcess/GPU/media/RemoteMediaPlayerManager.h
Log Message:
-----------
WebContent process can create files at arbitrary locations by calling RemoteMediaPlayerManagerProxy::OriginsInMediaCache
https://bugs.webkit.org/show_bug.cgi?id=257875
rdar://107931180
Reviewed by Eric Carlson.
MediaPlayerPrivateAVFoundationObjC implements cache management by creating an AVAssetCache at a
specified path, and AVAssetCache creates an empty directory at this path if one doesn't exist. When
MediaPlayer's installedMediaEngines() are accessed from the WebContent process and the GPU process
is in use, RemoteMediaPlayerManager creates media player factories that proxy cache management calls
to the GPU process via RemoteMediaPlayerManagerProxy IPC messages, passing the media cache directory
specified by the website data store as an argument. If a compromised WebContent process were to send
these messages with a path of its choosing, it could convince the GPU process to create a directory
at an arbitrary location within the GPU process sandbox.
Fixed this by removing the cache management IPC messages (OriginsInMediaCache, ClearMediaCache, and
ClearMediaCacheForOrigins) from RemoteMediaPlayerManagerProxy and calling ASSERT_NOT_REACHED() if
the WebContent process attempts to perform MediaPlayer cache management while the GPU process is in
use. This is OK because the cache management subset of MediaPlayerFactory's interface is exclusively
called from WebsiteDataStore in the UI process where media engines are accessed directly rather than
via RemoteMediaPlayerManagerProxy.
* Source/WebKit/GPUProcess/media/RemoteMediaPlayerManagerProxy.cpp:
(WebKit::RemoteMediaPlayerManagerProxy::originsInMediaCache): Deleted.
(WebKit::RemoteMediaPlayerManagerProxy::clearMediaCache): Deleted.
(WebKit::RemoteMediaPlayerManagerProxy::clearMediaCacheForOrigins): Deleted.
* Source/WebKit/GPUProcess/media/RemoteMediaPlayerManagerProxy.h:
* Source/WebKit/GPUProcess/media/RemoteMediaPlayerManagerProxy.messages.in:
* Source/WebKit/WebProcess/GPU/media/RemoteMediaPlayerManager.cpp:
(WebKit::RemoteMediaPlayerManager::originsInMediaCache): Deleted.
(WebKit::RemoteMediaPlayerManager::clearMediaCache): Deleted.
(WebKit::RemoteMediaPlayerManager::clearMediaCacheForOrigins): Deleted.
* Source/WebKit/WebProcess/GPU/media/RemoteMediaPlayerManager.h:
Canonical link: https://commits.webkit.org/259548.815@safari-7615-branch
Commit: 8437c2302b67ecd10705fb0cde46524895de5139
https://github.com/WebKit/WebKit/commit/8437c2302b67ecd10705fb0cde46524895de5139
Author: Marcos Caceres <marcosc at apple.com>
Date: 2023-06-09 (Fri, 09 Jun 2023)
Changed paths:
M LayoutTests/TestExpectations
A LayoutTests/http/wpt/content-security-policy/manifest.json
A LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked-cross-origin.sub-expected.txt
A LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked-cross-origin.sub.html
A LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked-cross-origin.sub.html.headers
A LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked-expected.txt
A LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked.html
A LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked.html.headers
M LayoutTests/platform/ios-wk2/TestExpectations
M LayoutTests/platform/mac-wk2/TestExpectations
M Source/WebCore/loader/ApplicationManifestLoader.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/ApplicationManifest.mm
Log Message:
-----------
Incorrect CORS mode for ApplicationManifest
https://bugs.webkit.org/show_bug.cgi?id=256686
rdar://109154572
Reviewed by Brent Fulgham.
* LayoutTests/TestExpectations:
* LayoutTests/http/wpt/content-security-policy/manifest.json: Added.
* LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked-cross-origin.sub-expected.txt: Added.
* LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked-cross-origin.sub.html: Added.
* LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked-cross-origin.sub.html.headers: Added.
* LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked-expected.txt: Added.
* LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked.html: Added.
* LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked.html.headers: Added.
* LayoutTests/platform/ios-wk2/TestExpectations:
* LayoutTests/platform/mac-wk2/TestExpectations:
* Source/WebCore/loader/ApplicationManifestLoader.cpp:
(WebCore::ApplicationManifestLoader::startLoading):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/ApplicationManifest.mm:
(TestWebKitAPI::TEST):
Canonical link: https://commits.webkit.org/259548.816@safari-7615-branch
Commit: 9abef45e45a6243ebbc4c6d3a3975f74fe3bf028
https://github.com/WebKit/WebKit/commit/9abef45e45a6243ebbc4c6d3a3975f74fe3bf028
Author: Simon Fraser <simon.fraser at apple.com>
Date: 2023-06-09 (Fri, 09 Jun 2023)
Changed paths:
M Source/WebCore/page/mac/ServicesOverlayController.mm
M Source/WebCore/platform/mac/DataDetectorHighlight.h
M Source/WebCore/platform/mac/DataDetectorHighlight.mm
Log Message:
-----------
Crash in GraphicsLayerCA::computeVisibleAndCoverageRect() caused by data detector highlights
https://bugs.webkit.org/show_bug.cgi?id=257684
rdar://105900355
Reviewed by Aditya Keerthi.
It was possible for ServicesOverlayController to delete a DataDetectorHighlight, but leave its GraphicsLayer
parented in the page overlay, so the GraphicsLayer client() was deleted.
Fix by having the DataDetectorHighlight's destructor call invalidate(), which unparents the layer. The
ServicesOverlayController destructor no longer needs to explicitly call invalidate().
I attempted for several hours to make an API test for this, but was unable.
* Source/WebCore/page/mac/ServicesOverlayController.mm:
(WebCore::ServicesOverlayController::~ServicesOverlayController): Deleted.
* Source/WebCore/platform/mac/DataDetectorHighlight.h:
* Source/WebCore/platform/mac/DataDetectorHighlight.mm:
(WebCore::DataDetectorHighlight::~DataDetectorHighlight):
Canonical link: https://commits.webkit.org/259548.817@safari-7615-branch
Commit: 9fe8826eb6a364856a3ed6149e48201edb141c34
https://github.com/WebKit/WebKit/commit/9fe8826eb6a364856a3ed6149e48201edb141c34
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-06-09 (Fri, 09 Jun 2023)
Changed paths:
A LayoutTests/fast/editing/document-leak-altered-text-field-expected.txt
A LayoutTests/fast/editing/document-leak-altered-text-field.html
A LayoutTests/fast/editing/resources/document-leak-altered-text-field-popup.html
A LayoutTests/fast/editing/resources/simple.html
M Source/WebCore/editing/Editor.cpp
M Source/WebCore/editing/Editor.h
M Source/WebCore/page/EditorClient.h
M Source/WebCore/page/Page.cpp
M Source/WebCore/page/Page.h
M Source/WebKitLegacy/mac/WebCoreSupport/WebEditorClient.h
M Source/WebKitLegacy/mac/WebCoreSupport/WebEditorClient.mm
Log Message:
-----------
Cherry-pick b9a32bf41135. rdar://problem/110483637
Document leak on pages with text input forms such as google.com
https://bugs.webkit.org/show_bug.cgi?id=256404
rdar://108975202
Reviewed by Wenson Hsieh and Ryosuke Niwa.
When typing test in a text input field and then navigating away, the
text field's document would leak. It would be kept alive via a
WebUndoStep stored in the WebPage::m_undoStepMap map.
FrameLoader::closeURL() was calling Editor::clearUndoRedoOperations()
to clear those WebUndoSteps on the WebPage. However, it ended up being
a no-op because Editor::client() would return null because the document
was already detached from the frame and the EditorClient is stored on
the Page. This happens in particular when the previous page was put in
the back/forward cache.
To address the issue, I updated Editor to store a WeakPtr to the
EditorClient object so that it is always able to tell the client to
clear operations if the Page/EditorClient are still alive.
* Source/WebCore/editing/Editor.cpp:
(WebCore::Editor::client const):
(WebCore::Editor::Editor):
* Source/WebCore/editing/Editor.h:
Canonical link: https://commits.webkit.org/264022@main
Canonical link: https://commits.webkit.org/259548.818@safari-7615-branch
Commit: 91ae9f7be76aee4ed415bd8fc3ecafc0da9b54fa
https://github.com/WebKit/WebKit/commit/91ae9f7be76aee4ed415bd8fc3ecafc0da9b54fa
Author: Dan Robson <dan_robson at apple.com>
Date: 2023-06-09 (Fri, 09 Jun 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7615.3.8
Identifier: 259548.819 at safari-7615-branch
Commit: 89399f0f461425ce4c5f47e035edc04c3ba9e81f
https://github.com/WebKit/WebKit/commit/89399f0f461425ce4c5f47e035edc04c3ba9e81f
Author: Said Abou-Hallawa <said at apple.com>
Date: 2023-06-09 (Fri, 09 Jun 2023)
Changed paths:
A LayoutTests/css3/filters/filter-visited-links-expected.html
A LayoutTests/css3/filters/filter-visited-links.html
M Source/WebCore/rendering/PaintPhase.h
M Source/WebCore/rendering/RenderLayer.cpp
M Source/WebCore/rendering/StyledMarkedText.cpp
M Source/WebCore/rendering/TextDecorationPainter.cpp
M Source/WebCore/rendering/TextDecorationPainter.h
M Source/WebCore/rendering/TextPaintStyle.cpp
M Source/WebCore/rendering/style/RenderStyle.cpp
M Source/WebCore/rendering/style/RenderStyle.h
Log Message:
-----------
Prevent SVG filters from leaking visited hyperlinks
https://bugs.webkit.org/show_bug.cgi?id=257822
rdar://109749006
Reviewed by Simon Fraser.
We should prevent websites from learning which sites have been visited via SVG
filters on hyperlinks, per the attack described in https://arxiv.org/abs/2305.12784.
This can be acheived by ignoring the visited links color when a filter is applied
to the anchor element.
* LayoutTests/css3/filters/filter-visited-links-expected.html: Added.
* LayoutTests/css3/filters/filter-visited-links.html: Added.
* Source/WebCore/rendering/PaintPhase.h:
* Source/WebCore/rendering/RenderLayer.cpp:
(WebCore::RenderLayer::paintLayerContents):
(WebCore::RenderLayer::paintForegroundForFragments):
(WebCore::RenderLayer::calculateClipRects const):
* Source/WebCore/rendering/StyledMarkedText.cpp:
(WebCore::resolveStyleForMarkedText):
(WebCore::StyledMarkedText::computeStyleForUnmarkedMarkedText):
* Source/WebCore/rendering/TextDecorationPainter.cpp:
(WebCore::collectStylesForRenderer):
(WebCore::TextDecorationPainter::decorationColor):
(WebCore::TextDecorationPainter::stylesForRenderer):
* Source/WebCore/rendering/TextDecorationPainter.h:
(WebCore::TextDecorationPainter::decorationColor):
(WebCore::TextDecorationPainter::stylesForRenderer):
* Source/WebCore/rendering/TextPaintStyle.cpp:
(WebCore::computeTextPaintStyle):
* Source/WebCore/rendering/style/RenderStyle.cpp:
(WebCore::RenderStyle::visitedDependentColor const):
(WebCore::RenderStyle::visitedDependentColorWithColorFilter const):
* Source/WebCore/rendering/style/RenderStyle.h:
(WebCore::RenderStyle::visitedDependentColor):
(WebCore::RenderStyle::visitedDependentColorWithColorFilter):
Canonical link: https://commits.webkit.org/259548.820@safari-7615-branch
Commit: 8a8217bf0a7b4fc83261acf51ec4b7b41198f50e
https://github.com/WebKit/WebKit/commit/8a8217bf0a7b4fc83261acf51ec4b7b41198f50e
Author: Matthieu Dubet <m_dubet at apple.com>
Date: 2023-06-09 (Fri, 09 Jun 2023)
Changed paths:
A LayoutTests/fast/css/rule-selector-nesting-overflow-expected.txt
A LayoutTests/fast/css/rule-selector-nesting-overflow.html
M Source/WebCore/css/CSSGroupingRule.cpp
M Source/WebCore/css/CSSStyleRule.cpp
M Source/WebCore/css/StyleRule.h
M Source/WebCore/css/StyleSheetContents.cpp
M Source/WebCore/css/parser/CSSParserImpl.cpp
M Source/WebCore/style/RuleFeature.h
M Source/WebCore/style/RuleSetBuilder.cpp
M Source/WebCore/style/RuleSetBuilder.h
M Source/WebCore/style/StyleInvalidator.cpp
M Source/WebCore/style/StyleScopeRuleSets.cpp
Log Message:
-----------
Cherry-pick f347660f0196. rdar://problem/109254000
[CSS] StyleRuleWithNesting is a StyleRule (through inheritance)
https://bugs.webkit.org/show_bug.cgi?id=256693
rdar://109254000
Reviewed by Antti Koivisto.
StyleRuleWithNesting should be treated like a StyleRule
in the codebase.
* LayoutTests/fast/css/rule-selector-nesting-overflow-expected.txt: Added.
* LayoutTests/fast/css/rule-selector-nesting-overflow.html: Added.
* Source/WebCore/css/CSSGroupingRule.cpp:
(WebCore::CSSGroupingRule::insertRule):
* Source/WebCore/css/CSSStyleRule.cpp:
(WebCore::CSSStyleRule::insertRule):
* Source/WebCore/css/StyleRule.h:
(WebCore::StyleRuleBase::isStyleRule const):
(isType):
* Source/WebCore/css/StyleSheetContents.cpp:
(WebCore::StyleSheetContents::parserAppendRule):
(WebCore::traverseRulesInVector):
* Source/WebCore/css/parser/CSSParserImpl.cpp:
(WebCore::CSSParserImpl::consumeDeclarationListOrStyleBlockHelper):
* Source/WebCore/style/RuleFeature.h:
* Source/WebCore/style/RuleSetBuilder.cpp:
(WebCore::Style::RuleSetBuilder::RuleSetBuilder):
(WebCore::Style::m_shouldResolveNesting):
Invalidation selectors assume that the RuleSet doesn't mutate.
We need to be careful not to resolve the nesting selector more than once.
(WebCore::Style::RuleSetBuilder::addStyleRule):
* Source/WebCore/style/RuleSetBuilder.h:
* Source/WebCore/style/StyleInvalidator.cpp:
(WebCore::Style::shouldDirtyAllStyle):
* Source/WebCore/style/StyleScope.cpp:
(WebCore::Style::Scope::updateActiveStyleSheets):
* Source/WebCore/style/StyleScopeRuleSets.cpp:
(WebCore::Style::ScopeRuleSets::appendAuthorStyleSheets):
Canonical link: https://commits.webkit.org/265028@main
Identifier: 259548.821 at safari-7615-branch
Commit: 3282e8c968c765c7a892212162651ea3b834e11a
https://github.com/WebKit/WebKit/commit/3282e8c968c765c7a892212162651ea3b834e11a
Author: Youenn Fablet <youennf at gmail.com>
Date: 2023-06-09 (Fri, 09 Jun 2023)
Changed paths:
A LayoutTests/fast/mediastream/mediarecorder-close-expected.txt
A LayoutTests/fast/mediastream/mediarecorder-close.html
M Source/WebCore/platform/mediarecorder/MediaRecorderPrivateAVFImpl.cpp
M Source/WebCore/platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.h
M Source/WebCore/platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm
M Source/WebKit/GPUProcess/webrtc/RemoteMediaRecorder.cpp
Log Message:
-----------
jsc_fuz/wktr: *flaky* RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(!retainedPointer || !m_controlBlock->objectHasBeenDeleted()); in MediaRecorderPrivateWriter::compressedVideoOutputBufferCallback MediaRecorderPrivateWriterCocoa.mm:107
https://bugs.webkit.org/show_bug.cgi?id=257780
rdar://109659987
Reviewed by Eric Carlson.
After the introduction of ThreadSafeRefCountedAndCanMakeThreadSafeWeakPtr,
we are now lazily creating our weak pointer on various threads, and this can happen while destroying the object in main thread.
To make sure we do not end up in that situation, we are now closing MediaRecorderPrivateWriter before destroying it.
In closing, we destroy the compressors which are the ones calling the callbacks that can create the weak pointers.
* LayoutTests/fast/mediastream/mediarecorder-close-expected.txt: Added.
* LayoutTests/fast/mediastream/mediarecorder-close.html: Added.
* Source/WebCore/platform/mediarecorder/MediaRecorderPrivateAVFImpl.cpp:
(WebCore::MediaRecorderPrivateAVFImpl::MediaRecorderPrivateAVFImpl):
* Source/WebCore/platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.h:
* Source/WebCore/platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:
(WebCore::MediaRecorderPrivateWriter::~MediaRecorderPrivateWriter):
(WebCore::MediaRecorderPrivateWriter::close):
* Source/WebKit/GPUProcess/webrtc/RemoteMediaRecorder.cpp:
(WebKit::RemoteMediaRecorder::~RemoteMediaRecorder):
Canonical link: https://commits.webkit.org/259548.822@safari-7615-branch
Commit: 18a05c43972c866180a74be0a748b65a1307227e
https://github.com/WebKit/WebKit/commit/18a05c43972c866180a74be0a748b65a1307227e
Author: Ryan Reno <rreno at apple.com>
Date: 2023-06-09 (Fri, 09 Jun 2023)
Changed paths:
A LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframe-sandboxed-by-own-csp-expected.txt
A LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframe-sandboxed-by-own-csp.html
A LayoutTests/http/tests/security/resources/attempt-top-level-navigation-with-csp.py
M Source/WebCore/dom/Document.cpp
Log Message:
-----------
Third Party IFrame Navigation Block Bypass via Content Security Policy Sandbox
https://bugs.webkit.org/show_bug.cgi?id=257903
rdar://109059471
Reviewed by Brent Fulgham.
If a third-party iframe is unsandboxed we will prevent top navigation
without user interaction with the frame. However, this is bypassable if
the iframe gives itself a sandbox which allows top navigation via CSP.
This change checks to see if the iframe element was unsandboxed and
proceeds with the more strict third-party checks if so.
* LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframe-sandboxed-by-own-csp-expected.txt: Added.
* LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframe-sandboxed-by-own-csp.html: Added.
* LayoutTests/http/tests/security/resources/attempt-top-level-navigation-with-csp.py: Added.
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::isNavigationBlockedByThirdPartyIFrameRedirectBlocking):
Canonical link: https://commits.webkit.org/259548.823@safari-7615-branch
Commit: cff01e3a9ba54dcf614dc9ea59007ae44a07d415
https://github.com/WebKit/WebKit/commit/cff01e3a9ba54dcf614dc9ea59007ae44a07d415
Author: J Pascoe <j_pascoe at apple.com>
Date: 2023-06-12 (Mon, 12 Jun 2023)
Changed paths:
M Source/WebCore/page/DOMWindow.cpp
M Source/WebCore/page/Quirks.cpp
M Source/WebCore/page/Quirks.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
Log Message:
-----------
https://bugs.webkit.org/show_bug.cgi?id=257352
rdar://106974958
Reviewed by John Wilander and Brent Fulgham.
This quirk is no longer nessesary to get favorites and recents to show up
in the radio player, which is why it was added in the first place. Therefore
it can be removed.
* Source/WebCore/page/DOMWindow.cpp:
(WebCore::DOMWindow::open):
* Source/WebCore/page/Quirks.cpp:
(WebCore::Quirks::triggerOptionalStorageAccessQuirk const):
(WebCore::Quirks::BBCRadioPlayerURLString): Deleted.
(WebCore::Quirks::staticRadioPlayerURLString): Deleted.
(WebCore::isBBCDomain): Deleted.
(WebCore::isBBCPopUpPlayerElement): Deleted.
* Source/WebCore/page/Quirks.h:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::createNewPage):
Canonical link: https://commits.webkit.org/259548.824@safari-7615-branch
Commit: 9b3d228ec2cb2900c3b21f070720b439c8b40cab
https://github.com/WebKit/WebKit/commit/9b3d228ec2cb2900c3b21f070720b439c8b40cab
Author: Sihui Liu <sihui_liu at apple.com>
Date: 2023-06-13 (Tue, 13 Jun 2023)
Changed paths:
A LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-expected.txt
A LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-private-expected.txt
A LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-private.html
A LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event.html
A LayoutTests/storage/indexeddb/modern/resources/request-dispatch-untrusted-event.js
M Source/WebCore/Modules/indexeddb/IDBRequest.cpp
Log Message:
-----------
jsc_fuz/wktr: null ptr deref in WebCore::IDBRequest::dispatchEvent(WebCore::Event&)
rdar://110459666
Reviewed by Brady Eidson.
Make sure untrusted event does not change the internal state of IDBRequest. Also, move the assert that request must have
pending activity when event is being dispatched to a later point, because IDBRequest::dispatchEvent might be invoked
from JavaScript code (i.e. request does not actually have pending activity).
Test: storage/indexeddb/modern/request-dispatch-untrusted-event.html
storage/indexeddb/modern/request-dispatch-untrusted-event-private.html
* LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-expected.txt: Added.
* LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-private-expected.txt: Added.
* LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-private.html: Added.
* LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event.html: Added.
* LayoutTests/storage/indexeddb/modern/resources/request-dispatch-untrusted-event.js: Added.
(loadImage):
(openDatabase):
* Source/WebCore/Modules/indexeddb/IDBRequest.cpp:
(WebCore::IDBRequest::dispatchEvent):
Canonical link: https://commits.webkit.org/259548.825@safari-7615-branch
Commit: cad37dce2389b518c1e60eea5f71f19c38fbab08
https://github.com/WebKit/WebKit/commit/cad37dce2389b518c1e60eea5f71f19c38fbab08
Author: Dan Robson <dan_robson at apple.com>
Date: 2023-06-13 (Tue, 13 Jun 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7615.3.9
Identifier: 259548.826 at safari-7615-branch
Commit: 43a9f4f9ac1c7589ec86e4fc7f2c59192aa46cba
https://github.com/WebKit/WebKit/commit/43a9f4f9ac1c7589ec86e4fc7f2c59192aa46cba
Author: Chirag M Shah <chirag_m_shah at apple.com>
Date: 2023-06-13 (Tue, 13 Jun 2023)
Changed paths:
M LayoutTests/fast/css/calc-parsing-expected.txt
M LayoutTests/fast/css/calc-parsing.html
A LayoutTests/fast/css/calc-with-round-crash-expected.txt
A LayoutTests/fast/css/calc-with-round-crash.html
M Source/WebCore/css/calc/CSSCalcValue.cpp
Log Message:
-----------
Cherry-pick 569bdcf08cfa. rdar://problem/109503971
Ensure we don't crash with calc(round())
https://bugs.webkit.org/show_bug.cgi?id=257157
rdar://109503971
Reviewed by Darin Adler.
This change fixes the crash which happens due to us discarding the
children in case of a round to nearest operation.
* LayoutTests/fast/css/calc-parsing-expected.txt:
* LayoutTests/fast/css/calc-parsing.html:
* LayoutTests/fast/css/calc-with-round-crash-expected.txt: Added.
* LayoutTests/fast/css/calc-with-round-crash.html: Added.
* Source/WebCore/css/calc/CSSCalcValue.cpp:
(WebCore::createCSS):
Canonical link: https://commits.webkit.org/264863@main
Identifier: 259548.827 at safari-7615-branch
Commit: 01e86f13952b6a477dceb66bcebb123834f8e1b2
https://github.com/WebKit/WebKit/commit/01e86f13952b6a477dceb66bcebb123834f8e1b2
Author: David Degazio <d_degazio at apple.com>
Date: 2023-06-14 (Wed, 14 Jun 2023)
Changed paths:
M Source/JavaScriptCore/dfg/DFGClobberize.h
M Source/JavaScriptCore/dfg/DFGHeapLocation.cpp
M Source/JavaScriptCore/dfg/DFGHeapLocation.h
Log Message:
-----------
Backport fix for erroneous CSE of EnumeratorNextUpdateIndexAndMode and HasIndexedProperty
rdar://110785576
Reviewed by Michael Saboff, Justin Michaud and Yusuke Suzuki.
Backports part of https://commits.webkit.org/263909@main, which
prevents erroneous elimination of an EnumeratorNextUpdateIndexAndMode
and HasIndexedProperty node pair if they have the same operands.
The full commit in 263909 at main depends on the existence of DFG tuples,
which haven't yet been brought into the security branch, so those
parts are omitted from this patch.
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGHeapLocation.cpp:
(WTF::printInternal):
* Source/JavaScriptCore/dfg/DFGHeapLocation.h:
Canonical link: https://commits.webkit.org/259548.828@safari-7615-branch
Commit: fb695673fd232b563af185a11652d8feb7871e2c
https://github.com/WebKit/WebKit/commit/fb695673fd232b563af185a11652d8feb7871e2c
Author: Russell Epstein <repstein at apple.com>
Date: 2023-06-14 (Wed, 14 Jun 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7615.3.8.1
Identifier: 259548.829 at safari-7615-branch
Commit: 9cd44913c84ee5fbab1ea6db6ae62bf36005e7ba
https://github.com/WebKit/WebKit/commit/9cd44913c84ee5fbab1ea6db6ae62bf36005e7ba
Author: Alex Christensen <achristensen at apple.com>
Date: 2023-06-14 (Wed, 14 Jun 2023)
Changed paths:
M Source/WebCore/editing/markup.cpp
Log Message:
-----------
Disable link preload when sanitizing web content
https://bugs.webkit.org/show_bug.cgi?id=258100
rdar://109675198
Reviewed by Chris Dumez.
Otherwise we get a request in the network process with an invalid pageID,
and it MESSAGE_CHECKs and terminates the process.
* Source/WebCore/editing/markup.cpp:
(WebCore::createPageForSanitizingWebContent):
Canonical link: https://commits.webkit.org/259548.830@safari-7615-branch
Commit: d263e8a08a93795b187308bff49c8961daaa01df
https://github.com/WebKit/WebKit/commit/d263e8a08a93795b187308bff49c8961daaa01df
Author: Youenn Fablet <youennf at gmail.com>
Date: 2023-06-15 (Thu, 15 Jun 2023)
Changed paths:
A LayoutTests/http/wpt/webcodecs/videoFrame-negative-timestamp-expected.txt
A LayoutTests/http/wpt/webcodecs/videoFrame-negative-timestamp.html
M Source/WebKit/WebProcess/GPU/media/RemoteVideoCodecFactory.cpp
Log Message:
-----------
RemoteVideoEncoderCallbacks and RemoteVideoDecoderCallbacks HashMaps could be corrupted by JS
https://bugs.webkit.org/show_bug.cgi?id=258123
rdar://110777506
Reviewed by Eric Carlson.
JS can provide signed timestamps, which are used as keys in RemoteVideoDecoderCallbacks and RemoteVideoEncoderCallbacks maps.
Move to StdUnorderedMap to support all keys.
* LayoutTests/http/wpt/webcodecs/videoFrame-negative-timestamp-expected.txt: Added.
* LayoutTests/http/wpt/webcodecs/videoFrame-negative-timestamp.html: Added.
* Source/WebKit/WebProcess/GPU/media/RemoteVideoCodecFactory.cpp:
(WebKit::RemoteVideoDecoderCallbacks::addDuration):
(WebKit::RemoteVideoEncoderCallbacks::addDuration):
(WebKit::RemoteVideoDecoderCallbacks::notifyDecodingResult):
(WebKit::RemoteVideoEncoderCallbacks::notifyEncodedChunk):
Canonical link: https://commits.webkit.org/259548.831@safari-7615-branch
Commit: aecf4d579f39edebcb784b0fefa5b2978ea5226e
https://github.com/WebKit/WebKit/commit/aecf4d579f39edebcb784b0fefa5b2978ea5226e
Author: Alex Christensen <achristensen at apple.com>
Date: 2023-06-15 (Thu, 15 Jun 2023)
Changed paths:
M Source/WTF/wtf/URLHelpers.cpp
M Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm
Log Message:
-----------
Expand list of URL spoofing characters
https://bugs.webkit.org/show_bug.cgi?id=256813
rdar://109105078, rdar://109056841, and rdar://109056217
Reviewed by Tim Horton.
U+1E9C and U+1E9D are Medievalist characters, which means they haven't been used much
in the last several centuries. They look kind of like 'f' and other browsers punycode
encode them when seen in URL hosts, so let's do the same. Same with U+1EFE and U+1EFF.
Deseret has been used much more recently, but still not much since the late 1800's.
There is a sign in a restaurant in the Salt Lake City airport that uses it, but it
seems to be a historical reference. Classify Deseret like we do the International
Phonetic Alphabet and punycode encode it if seen in URL hosts.
* Source/WTF/wtf/URLHelpers.cpp:
(WTF::URLHelpers::isLookalikeCharacter):
* Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm:
(TestWebKitAPI::TEST):
Canonical link: https://commits.webkit.org/259548.832@safari-7615-branch
Commit: c60c40574fc54fcf65b867b297ad9da3da015bed
https://github.com/WebKit/WebKit/commit/c60c40574fc54fcf65b867b297ad9da3da015bed
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-06-15 (Thu, 15 Jun 2023)
Changed paths:
A LayoutTests/fast/workers/pending-requestAnimationFrame-upon-destruction-expected.txt
A LayoutTests/fast/workers/pending-requestAnimationFrame-upon-destruction.html
A LayoutTests/fast/workers/resources/pending-requestAnimationFrame-upon-destruction-popup.html
M Source/WebCore/workers/WorkerAnimationController.cpp
Log Message:
-----------
Crash under WebCore::JSRequestAnimationFrameCallback::~JSRequestAnimationFrameCallback()
https://bugs.webkit.org/show_bug.cgi?id=258058
rdar://110530772
Reviewed by Ryosuke Niwa.
JSRequestAnimationFrameCallback were outliving the VM and thus using the VM
after-free in their destructor. JS Wrapper should never outlive the VM.
JSRequestAnimationFrameCallback are subclasses of RequestAnimationFrameCallback,
which were being kept alive by the WorkerAnimationController via its
m_animationCallbacks vector.
To address the issue, WorkerAnimationController now clears m_animationCallbacks
in stop(), which gets called when the global scope (and thus the VM) are about
to go away.
* LayoutTests/fast/workers/pending-requestAnimationFrame-upon-destruction-expected.txt: Added.
* LayoutTests/fast/workers/pending-requestAnimationFrame-upon-destruction.html: Added.
* LayoutTests/fast/workers/resources/pending-requestAnimationFrame-upon-destruction-popup.html: Added.
* Source/WebCore/workers/WorkerAnimationController.cpp:
(WebCore::WorkerAnimationController::stop):
Canonical link: https://commits.webkit.org/259548.833@safari-7615-branch
Commit: 5989e11996a71dec09cae9f0dc863a94e726ca66
https://github.com/WebKit/WebKit/commit/5989e11996a71dec09cae9f0dc863a94e726ca66
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-06-15 (Thu, 15 Jun 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7615.3.9
Identifier: 259548.834 at safari-7615-branch
Commit: b63d456498913cbc8bc70757cca2a74a2c854b8d
https://github.com/WebKit/WebKit/commit/b63d456498913cbc8bc70757cca2a74a2c854b8d
Author: Brandon Stewart <brandonstewart at apple.com>
Date: 2023-06-15 (Thu, 15 Jun 2023)
Changed paths:
A LayoutTests/fast/css-grid-layout/baseline-masonry-crash-expected.html
A LayoutTests/fast/css-grid-layout/baseline-masonry-crash.html
M Source/WebCore/rendering/RenderGrid.cpp
Log Message:
-----------
Crash in GridBaselineAlignment::baselineGroupForChild
https://bugs.webkit.org/show_bug.cgi?id=257509
rdar://110027455
Reviewed by Alan Baradlay.
Certain baseline properties are not properly handled in CSS Masonry.
We will just disable these calculations for now and then remove this in the future.
* LayoutTests/fast/css-grid-layout/baseline-masonry-crash-expected.html: Added.
* LayoutTests/fast/css-grid-layout/baseline-masonry-crash.html: Added.
* Source/WebCore/rendering/RenderGrid.cpp:
(WebCore::RenderGrid::columnAxisBaselineOffsetForChild const):
(WebCore::RenderGrid::rowAxisBaselineOffsetForChild const):
Canonical link: https://commits.webkit.org/259548.835@safari-7615-branch
Commit: 8b5bb60ce55dd5afc4909c4030f8fdcd73033951
https://github.com/WebKit/WebKit/commit/8b5bb60ce55dd5afc4909c4030f8fdcd73033951
Author: Matthieu Dubet <m_dubet at apple.com>
Date: 2023-06-16 (Fri, 16 Jun 2023)
Changed paths:
A LayoutTests/fast/css/cssom-mutation-stylerule-expected.html
A LayoutTests/fast/css/cssom-mutation-stylerule.html
M Source/WebCore/css/CSSStyleRule.cpp
Log Message:
-----------
Cherry-pick 36514195098d. rdar://problem/110629287
[CSSOM] Fix insertion of rule into orphaned style rule
https://bugs.webkit.org/show_bug.cgi?id=258017
rdar://110629287
Reviewed by Antti Koivisto.
When a StyleRule is orphaned, we don't need any specific mechanism (such as RuleMutationScope)
and convert it directly to a StyleRuleWithNesting.
* LayoutTests/fast/css/cssom-mutation-stylerule-expected.html: Added.
* LayoutTests/fast/css/cssom-mutation-stylerule.html: Added.
* Source/WebCore/css/CSSStyleRule.cpp:
(WebCore::CSSStyleRule::insertRule):
Canonical link: https://commits.webkit.org/265154@main
Identifier: 259548.836 at safari-7615-branch
Commit: 85ad52c2d1fedc6a0a5de32aacbb2f520035baca
https://github.com/WebKit/WebKit/commit/85ad52c2d1fedc6a0a5de32aacbb2f520035baca
Author: Dan Robson <dan_robson at apple.com>
Date: 2023-06-20 (Tue, 20 Jun 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7615.3.10
Identifier: 259548.837 at safari-7615-branch
Commit: 4d21adaefda64eac79e8008588e7ee1dd55f6543
https://github.com/WebKit/WebKit/commit/4d21adaefda64eac79e8008588e7ee1dd55f6543
Author: Brady Eidson <beidson at apple.com>
Date: 2023-06-20 (Tue, 20 Jun 2023)
Changed paths:
M Source/WebCore/Modules/notifications/NotificationDataCocoa.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/PushAPI.mm
Log Message:
-----------
Cherry-pick b2b22d7e5d2c. rdar://problem/111052083
Make the NotificationData NSDictionary representation property list serializable
https://bugs.webkit.org/show_bug.cgi?id=257339
rdar://109734742
Reviewed by Tim Horton.
Only put the silent value in the dictionary if it exists.
* Source/WebCore/Modules/notifications/NotificationDataCocoa.mm:
(WebCore::NotificationData::dictionaryRepresentation const):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/PushAPI.mm:
Canonical link: https://commits.webkit.org/264548@main
Identifier: 259548.838 at safari-7615-branch
Commit: 103894675a8bab09d55d64f51c196e4eec0af2c2
https://github.com/WebKit/WebKit/commit/103894675a8bab09d55d64f51c196e4eec0af2c2
Author: Dawn Flores <dawn_flores at apple.com>
Date: 2023-06-20 (Tue, 20 Jun 2023)
Changed paths:
M LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/fetch/content-length/api-and-duplicate-headers.any-expected.txt
M LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/fetch/content-length/api-and-duplicate-headers.any.worker-expected.txt
Log Message:
-----------
[ Gardening ]([ Branch ] [ Rebasline ] 2X imported/w3c/web-platform-tests/fetch/content-length/api-and-duplicate* (layout-tests) are constant failures)
rdar://110026683
Unreviewed test gardening.
Rebaline of tests.
* LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/fetch/content-length/api-and-duplicate-headers.any-expected.txt:
* LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/fetch/content-length/api-and-duplicate-headers.any.worker-expected.txt:
Canonical link: https://commits.webkit.org/259548.839@safari-7615-branch
Commit: 259842c7afc200bb914c85d2dc4719dcce5d4dec
https://github.com/WebKit/WebKit/commit/259842c7afc200bb914c85d2dc4719dcce5d4dec
Author: Brady Eidson <beidson at apple.com>
Date: 2023-06-21 (Wed, 21 Jun 2023)
Changed paths:
M Source/WTF/wtf/cocoa/RuntimeApplicationChecksCocoa.h
M Source/WebCore/bindings/js/ScriptController.cpp
M Source/WebCore/dom/UserGestureIndicator.cpp
M Source/WebCore/dom/UserGestureIndicator.h
M Tools/TestWebKitAPI/Tests/WebKitCocoa/AsyncFunction.mm
Log Message:
-----------
Cherry-pick 265168 at main (8e5ddea16577). rdar://110919134
evaluateJavaScript: and callAsyncJavaScript: should not leave behind transient activation
https://bugs.webkit.org/show_bug.cgi?id=258037
rdar://107102031
Reviewed by Ben Nham.
JavaScript evaluated by the client app is executed as if from a user gesture, which is fine for now.
But before this change, such JS left behind transient user activation for (currently) 5 seconds, which is not fine.
Let's remove that sticky side effect.
* Source/WTF/wtf/cocoa/RuntimeApplicationChecksCocoa.cpp:
(WTF::computeSDKAlignedBehaviors):
* Source/WTF/wtf/cocoa/RuntimeApplicationChecksCocoa.h:
* Source/WebCore/bindings/js/ScriptController.cpp:
(WebCore::ScriptController::executeScriptInWorld):
(WebCore::ScriptController::executeAsynchronousUserAgentScriptInWorld):
* Source/WebCore/dom/UserGestureIndicator.cpp:
(WebCore::UserGestureToken::forEachImpactedDocument):
* Source/WebCore/dom/UserGestureIndicator.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/AsyncFunction.mm:
(TestWebKitAPI::TEST):
Canonical link: https://commits.webkit.org/265168@main
Canonical link: https://commits.webkit.org/259548.840@safari-7615-branch
Commit: 74f32c21189a2f98be012bf9a3c731a4cf1dbd10
https://github.com/WebKit/WebKit/commit/74f32c21189a2f98be012bf9a3c731a4cf1dbd10
Author: Ryan Reno <rreno at apple.com>
Date: 2023-06-21 (Wed, 21 Jun 2023)
Changed paths:
M Source/WebCore/loader/MixedContentChecker.cpp
Log Message:
-----------
Remove unnecessary release assertion from mixed content checker.
https://bugs.webkit.org/show_bug.cgi?id=258303
<rdar://110766912>
Reviewed by Brent Fulgham.
We now check the entire frame tree for mixed content checks for all
resources loads. An assertion that a document has a frame is no
longer valid in general. This assertion was originally added in
215749 at main in an attempt to cover an untestable case. This replaces
the assert with a null check.
* Source/WebCore/loader/MixedContentChecker.cpp:
(WebCore::foundMixedContentInFrameTree):
Canonical link: https://commits.webkit.org/259548.841@safari-7615-branch
Commit: e6347f30ecf114598c9057a18bbeb5b8e633d412
https://github.com/WebKit/WebKit/commit/e6347f30ecf114598c9057a18bbeb5b8e633d412
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-06-21 (Wed, 21 Jun 2023)
Changed paths:
M Source/WebKit/UIProcess/WebPageProxy.cpp
Log Message:
-----------
[IPC][Hardening] Validate URLs sent by the WebProcess via the WebPageProxy::DidFailProvisionalLoad IPC
https://bugs.webkit.org/show_bug.cgi?id=258322
rdar://111059792
Reviewed by Brent Fulgham.
Validate URLs sent by the WebProcess via the WebPageProxy::DidFailProvisionalLoad IPC.
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::didFailProvisionalLoadForFrameShared):
Canonical link: https://commits.webkit.org/259548.842@safari-7615-branch
Commit: de1eae9dc949ff8967e2e10f1d96357104403e82
https://github.com/WebKit/WebKit/commit/de1eae9dc949ff8967e2e10f1d96357104403e82
Author: David Degazio <d_degazio at apple.com>
Date: 2023-06-21 (Wed, 21 Jun 2023)
Changed paths:
A JSTests/wasm/stress/simd-select.js
M Source/JavaScriptCore/b3/B3LowerToAir.cpp
Log Message:
-----------
Cherry-pick c4e675b3afdd. rdar://problem/111066972
B3 Select instruction truncates vector operands
https://bugs.webkit.org/show_bug.cgi?id=257842
rdar://108643371
Reviewed by Mark Lam, Justin Michaud and Yusuke Suzuki.
Fixes a bug where we would generate a double-precision conditional
move when lowering the Select B3 instruction on vector operands.
Since vector-sized conditional move isn't widely supported, we
transform the Select into a branch and moves during Air lowering
when the operands are vectors.
* JSTests/wasm/stress/simd-select.js: Added.
* Source/JavaScriptCore/b3/B3LowerToAir.cpp:
Canonical link: https://commits.webkit.org/264996@main
Identifier: 259548.843 at safari-7615-branch
Commit: 2e29306082aebd4d74cfffa82e953b2d3bfde691
https://github.com/WebKit/WebKit/commit/2e29306082aebd4d74cfffa82e953b2d3bfde691
Author: David Degazio <d_degazio at apple.com>
Date: 2023-06-22 (Thu, 22 Jun 2023)
Changed paths:
A JSTests/wasm/stress/phi-live-across-rethrow.js
A JSTests/wasm/stress/phi-live-across-throw.js
M Source/JavaScriptCore/b3/B3DuplicateTails.cpp
M Source/JavaScriptCore/b3/B3Kind.cpp
M Source/JavaScriptCore/b3/B3Kind.h
M Source/JavaScriptCore/b3/B3PatchpointValue.cpp
M Source/JavaScriptCore/b3/B3PatchpointValue.h
M Source/JavaScriptCore/b3/B3ValueInlines.h
M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
Log Message:
-----------
Prevent duplication of WASM throw and rethrow patchpoints in B3
https://bugs.webkit.org/show_bug.cgi?id=258408
rdar://110634913
Reviewed by Yusuke Suzuki.
Adds a cloningForbidden property to B3Kind, used to prevent a B3 value
from being cloned during optimizations, and applies it to the patchpoints
generated for the WASM throw and rethrow opcodes in WasmB3IRGenerator.
This prevents a problem where these patchpoints could be duplicated, still
share a stackmap/callsite index, but have conflicting live value
locations.
* JSTests/wasm/stress/phi-live-across-rethrow.js: Added.
(async test):
* JSTests/wasm/stress/phi-live-across-throw.js: Added.
(async test):
* Source/JavaScriptCore/b3/B3DuplicateTails.cpp:
* Source/JavaScriptCore/b3/B3Kind.cpp:
(JSC::B3::Kind::dump const):
* Source/JavaScriptCore/b3/B3Kind.h:
(JSC::B3::Kind::hasCloningForbidden):
(JSC::B3::Kind::hasCloningForbidden const):
(JSC::B3::Kind::isCloningForbidden const):
(JSC::B3::Kind::setIsCloningForbidden):
(JSC::B3::Kind::operator== const):
(JSC::B3::Kind::hash const):
(JSC::B3::cloningForbidden):
* Source/JavaScriptCore/b3/B3PatchpointValue.cpp:
(JSC::B3::PatchpointValue::PatchpointValue):
* Source/JavaScriptCore/b3/B3PatchpointValue.h:
* Source/JavaScriptCore/b3/B3ValueInlines.h:
(JSC::B3::Value::cloneImpl const):
* Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::addThrow):
(JSC::Wasm::B3IRGenerator::addRethrow):
Canonical link: https://commits.webkit.org/259548.844@safari-7615-branch
Commit: ecc32372e8709f68bd1616e1944ae3bde044d5d5
https://github.com/WebKit/WebKit/commit/ecc32372e8709f68bd1616e1944ae3bde044d5d5
Author: Brent Fulgham <bfulgham at apple.com>
Date: 2023-06-23 (Fri, 23 Jun 2023)
Changed paths:
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm
Log Message:
-----------
Cherry-pick a09166e3759c. rdar://problem/111223197
Revert 257885 at main: Broke too many sites in Lockdown Mode
https://bugs.webkit.org/show_bug.cgi?id=256665
<rdar://109177509>
Unreviewed revert of 257886 at main.
We have determined that disabling Service Workers in Lockdown Mode is not
viable with acceptable levels of Website Compatibility.
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::adjustSettingsForLockdownMode):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
Canonical link: https://commits.webkit.org/263986@main
Identifier: 259548.845 at safari-7615-branch
Commit: 9151fc84ffddd20b3ba31b93470506e6dc69386e
https://github.com/WebKit/WebKit/commit/9151fc84ffddd20b3ba31b93470506e6dc69386e
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-06-23 (Fri, 23 Jun 2023)
Changed paths:
M Source/WebKit/UIProcess/API/APIPageConfiguration.cpp
M Source/WebKit/UIProcess/API/APIPageConfiguration.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h
M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
M Source/WebKit/UIProcess/PageClient.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm
M Source/WebKit/UIProcess/mac/PageClientImplMac.h
Log Message:
-----------
Cherry-pick 985a124eb978c. rdar://problem/107383904
Identifier: 259548.846 at safari-7615-branch
Commit: b8259d818b89e428d3395a81ce2364e343198992
https://github.com/WebKit/WebKit/commit/b8259d818b89e428d3395a81ce2364e343198992
Author: Russell Epstein <repstein at apple.com>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7615.3.11
Canonical link: https://commits.webkit.org/259548.847@safari-7615-branch
Commit: 77eb72570a8bf4f6954b9c2ec7e0eeaf25324d65
https://github.com/WebKit/WebKit/commit/77eb72570a8bf4f6954b9c2ec7e0eeaf25324d65
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
M Tools/Scripts/libraries/webkitcorepy/setup.py
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/autoinstall.py
Log Message:
-----------
Cherry-pick 264590 at main (92f9f829efb5). rdar://109891019
[webkitcorepy] Make packaging a prerequisite of the autoinstaller
https://bugs.webkit.org/show_bug.cgi?id=257382
rdar://109891019
Reviewed by Alexey Proskuryakov.
* Tools/Scripts/libraries/webkitcorepy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/autoinstall.py:
(Package.install): Add packaging as prerequisite.
Canonical link: https://commits.webkit.org/264590@main
Canonical link: https://commits.webkit.org/259548.848@safari-7615-branch
Commit: 08c11ebeed8a09d46be35b35fda8fe280b42a9d1
https://github.com/WebKit/WebKit/commit/08c11ebeed8a09d46be35b35fda8fe280b42a9d1
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
M Tools/Scripts/libraries/webkitbugspy/setup.py
M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/__init__.py
M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/bugzilla.py
M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/github.py
M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/issue.py
M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/user.py
M Tools/Scripts/libraries/webkitcorepy/setup.py
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/call_by_need.py
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/commit.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/commit_classifier.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/local/git.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/local/scm.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/local/git.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/local/svn.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/remote/svn.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/install_git_lfs.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pickable.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/pull_request.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/bitbucket.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/git_hub.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/scm.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/svn.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/scm_base.py
Log Message:
-----------
Cherry-pick 265377 at main (5f9e420cedb1). rdar://111120365
[webkitpy] Avoid autoinstalling libraries in init
https://bugs.webkit.org/show_bug.cgi?id=258366
rdar://111120365
Reviewed by Elliott Williams.
Re-organize webkitscmpy and webkitbugspy to avoid invoking the autoinstaller
in webkitpy's __init__.py.
* Tools/Scripts/libraries/webkitbugspy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitbugspy/webkitbugspy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitbugspy/webkitbugspy/bugzilla.py:
Lazy-evaluate requests import.
* Tools/Scripts/libraries/webkitbugspy/webkitbugspy/github.py: Ditto.
* Tools/Scripts/libraries/webkitbugspy/webkitbugspy/issue.py: Ditto.
* Tools/Scripts/libraries/webkitbugspy/webkitbugspy/user.py:
Use webkitcorepy instead of six.
* Tools/Scripts/libraries/webkitcorepy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/call_by_need.py:
(CallByNeed.__getattribute__): Attempt to use underlying object's attributes
when no type is defined.
(CallByNeed.__call__): If the value is callable, call it.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/commit.py:
Use webkitcorepy instead of six.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/commit_classifier.py:
(CommitClassifier.LineFilter.fuzzy): Move rapidfuzz import into function call.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/local/git.py:
Use webkitcorepy instead of six.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/local/scm.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/local/git.py:
Move mock import into function call.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/local/svn.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/remote/svn.py:
Move xmldict import into function call.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/install_git_lfs.py:
Lazy import requests.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pickable.py:
(Pickable.Filters.fuzzy): Move rapidfuzz import into function call.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/setup.py:
Lazy import requests.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/pull_request.py:
Use webkitcorepy instead of six.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/bitbucket.py:
Use webkitcorepy instead of six, lazy import requests.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/git_hub.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/scm.py:
Use webkitcorepy instead of six.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/svn.py:
Lazy import requests and xmltodict.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/scm_base.py:
Use webkitcorepy instead of six.
Canonical link: https://commits.webkit.org/265377@main
Canonical link: https://commits.webkit.org/259548.849@safari-7615-branch
Commit: 53b81354246a375d894dc4830ac9372140e9469e
https://github.com/WebKit/WebKit/commit/53b81354246a375d894dc4830ac9372140e9469e
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
M Tools/Scripts/libraries/webkitbugspy/setup.py
M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/__init__.py
M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/__init__.py
M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/data.py
M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/radar.py
M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/radar.py
M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/radar_unittest.py
M Tools/Scripts/libraries/webkitscmpy/setup.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/__init__.py
A Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/clone.py
A Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/clone_unittest.py
Log Message:
-----------
Cherry-pick 265475 at main (1463644b7ce9). rdar://107320897
[git-webkit] Add clone command
https://bugs.webkit.org/show_bug.cgi?id=254599
rdar://107320897
Reviewed by Dewei Zhu.
Add a command to quickly clone a radar from a commit or Bugzilla.
* Tools/Scripts/libraries/webkitbugspy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitbugspy/webkitbugspy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/__init__.py: Import mock milestones.
* Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/data.py: Add mock milestones.
* Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/radar.py:
(AppleDirectoryQuery.member_dsid_list_for_group_name): Add.
(RadarModel.Milestone): Add mock Milestone object.
(RadarModel.Category): Add mock Category object.
(RadarModel.Event): Add mock Event object.
(RadarModel.Tentpole): Add mock Tentpole object.
(RadarModel.MilestoneAssociations): Add mock MilestoneAssociations object.
(RadarModel.commit_changes): Commit milestone, category, event and tentpole.
(RadarModel.milestone_associations): List MilestoneAssociations object from Milestone object.
(RadarClient.milestones_for_component): List all mock milestones.
(RadarClient.clone_radar): Mock implementation of Radarclient's clone_radar.
(Radar.__init__):
* Tools/Scripts/libraries/webkitbugspy/webkitbugspy/radar.py:
(Tracker.create): Handle empty project.
(Tracker.clone): Clone radar with specified reason.
* Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/radar_unittest.py:
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/__init__.py:
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/clone.py: Added.
(Clone.parser): User must specify problem, reason and optionally milestone
to clone radar into.
(Clone.main): Resolve the provided argument to a radar and then clone the
specified radar. Attempt to copy as much of the original radar as possible
after moving the cloned radar into the specified milestone.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/clone_unittest.py: Added.
(TestClone):
Canonical link: https://commits.webkit.org/265475@main
Canonical link: https://commits.webkit.org/259548.850@safari-7615-branch
Commit: 6992bf7efc47426ddebd245cd4283fc789feac52
https://github.com/WebKit/WebKit/commit/6992bf7efc47426ddebd245cd4283fc789feac52
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
A Tools/Scripts/libraries/webkitcorepy/run-tests
M Tools/Scripts/libraries/webkitcorepy/setup.py
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/terminal.py
R Tools/Scripts/libraries/webkitcorepy/webkitcorepy/testing.py
A Tools/Scripts/libraries/webkitcorepy/webkitcorepy/testing/__init__.py
A Tools/Scripts/libraries/webkitcorepy/webkitcorepy/testing/path_test_case.py
A Tools/Scripts/libraries/webkitcorepy/webkitcorepy/testing/python_test_runner.py
A Tools/Scripts/libraries/webkitcorepy/webkitcorepy/testing/test_runner.py
Log Message:
-----------
Cherry-pick 265519 at main (41ea5f4983d4). rdar://111220802
[webkitcorepy] Add generic test runner
https://bugs.webkit.org/show_bug.cgi?id=258464
rdar://111220802
Reviewed by Aakash Jain.
* Tools/Scripts/libraries/webkitcorepy/run-tests: Added.
* Tools/Scripts/libraries/webkitcorepy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/terminal.py:
(Terminal.size): Compute size of current terminal.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/testing/__init__.py: Added.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/testing/path_test_case.py:
Renamed from Tools/Scripts/libraries/webkitcorepy/webkitcorepy/testing.py.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/testing/python_test_runner.py: Added.
(PythonTestRunner.recurse): List all tests in a suite.
(PythonTestRunner.__init__): Discover all tests in provided modules.
(PythonTestRunner.tests): List all tests to be run, given a set of arguments.
(PythonTestRunner.run_test): Attempt to run a test with a name.
(PythonTestRunner.id): Convert a test to a name.
(PythonTestRunner.run): Trigger autoinstall before running tests.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/testing/test_runner.py: Added.
(TestRunner.combine): Combine two test result objects.
(TestRunner.__init__):
(TestRunner.tests): Subclass to implement.
(TestRunner.run_test): Ditto.
(TestRunner.id): Pass-through unless subclass implements.
(TestRunner.run): Run all tests.
(TestRunner.main): Parse arguments and run tests.
Canonical link: https://commits.webkit.org/265519@main
Canonical link: https://commits.webkit.org/259548.851@safari-7615-branch
Commit: dd5e1fd6fd44e1deb99ff9b21942090382252b75
https://github.com/WebKit/WebKit/commit/dd5e1fd6fd44e1deb99ff9b21942090382252b75
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
M Tools/Scripts/libraries/webkitcorepy/setup.py
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/autoinstall.py
Log Message:
-----------
Cherry-pick 265530 at main (96c42fec959c). rdar://111347997
[webkitcorepy] Stop using deprecated urlopen API
https://bugs.webkit.org/show_bug.cgi?id=258530
rdar://111347997
Reviewed by Aakash Jain.
* Tools/Scripts/libraries/webkitcorepy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/autoinstall.py:
(AutoInstall._request): Use an SSL context to define the cafile.
Canonical link: https://commits.webkit.org/265530@main
Canonical link: https://commits.webkit.org/259548.852@safari-7615-branch
Commit: bb70e32b88ed08a2cf98dd6cd7ead6d690ad3100
https://github.com/WebKit/WebKit/commit/bb70e32b88ed08a2cf98dd6cd7ead6d690ad3100
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
M Source/WebCore/platform/mac/PlatformPasteboardMac.mm
Log Message:
-----------
[IPC][Hardening] Update isFilePasteboardType() to also check for kUTTypeFileURL
https://bugs.webkit.org/show_bug.cgi?id=258519
rdar://111187390
Reviewed by Wenson Hsieh.
* Source/WebCore/platform/mac/PlatformPasteboardMac.mm:
(WebCore::isFilePasteboardType):
Canonical link: https://commits.webkit.org/259548.853@safari-7615-branch
Commit: 465b681115e692be58dd12ec6744c77d6d51a67a
https://github.com/WebKit/WebKit/commit/465b681115e692be58dd12ec6744c77d6d51a67a
Author: Brady Eidson <beidson at apple.com>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
M Source/WebCore/bindings/js/RunJavaScriptParameters.h
M Source/WebCore/bindings/js/ScriptController.cpp
M Source/WebKit/Shared/Cocoa/DefaultWebBrowserChecks.h
M Source/WebKit/Shared/Cocoa/DefaultWebBrowserChecks.mm
M Source/WebKit/UIProcess/API/C/WKPage.cpp
M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
M Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp
M Source/WebKit/UIProcess/Inspector/socket/RemoteInspectorProtocolHandler.cpp
Log Message:
-----------
User agent JavaScript from full web browsers should clear transient activation.
rdar://104748908
https://bugs.webkit.org/show_bug.cgi?id=251276
Reviewed by Brent Fulgham.
Take the solution from https://commits.webkit.org/265168@main and extend it to full web browsers now.
* Source/WebCore/bindings/js/RunJavaScriptParameters.h:
(WebCore::RunJavaScriptParameters::RunJavaScriptParameters):
(WebCore::RunJavaScriptParameters::encode const):
(WebCore::RunJavaScriptParameters::decode):
* Source/WebCore/bindings/js/ScriptController.cpp:
(WebCore::ScriptController::executeScriptInWorldIgnoringException):
(WebCore::ScriptController::executeScriptInWorld):
(WebCore::ScriptController::executeUserAgentScriptInWorld):
* Source/WebKit/Shared/Cocoa/DefaultWebBrowserChecks.h:
* Source/WebKit/Shared/Cocoa/DefaultWebBrowserChecks.mm:
(WebKit::shouldEvaluateJavaScriptWithoutTransientActivation):
* Source/WebKit/UIProcess/API/C/WKPage.cpp:
(WKPageRunJavaScriptInMainFrame):
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _evaluateJavaScript:asAsyncFunction:withSourceURL:withArguments:forceUserGesture:inFrame:inWorld:completionHandler:]):
Canonical link: https://commits.webkit.org/259548.854@safari-7615-branch
Commit: 7f4ad44e742144641699be6b98b578add94fc71a
https://github.com/WebKit/WebKit/commit/7f4ad44e742144641699be6b98b578add94fc71a
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-06-28 (Wed, 28 Jun 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
Identifier: 259548.855 at safari-7615-branch
Commit: c3d2e3627b45699577876022441428a6130547b4
https://github.com/WebKit/WebKit/commit/c3d2e3627b45699577876022441428a6130547b4
Author: Justin Michaud <justin_michaud at apple.com>
Date: 2023-06-28 (Wed, 28 Jun 2023)
Changed paths:
A JSTests/stress/putstacksinking-callvarargs.js
A JSTests/stress/putstacksinking-tailcallvarargs.js
M Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h
Log Message:
-----------
CallVarargs should identify that it can read inline call frame arguments.
rdar://111361499
Reviewed by Yusuke Suzuki.
Call already does this, but CallVarargs has a special case that forgot.
We should not be allowed to push PutStacks below a call of any kind, since
it might access our call frame's arguments via foo.arguments, unless
we are strict.
The only exception is TailCall (but not TailCallForwardVarargsInlinedCaller),
because it will destroy the entire frame.
We do not un-pessimize TailCall yet to reduce risk, but it could be made
to match TailCallForwardVarargs in the future.
* JSTests/stress/putstacksinking-callvarargs.js: Added.
(main.opt.x):
(main.opt.y):
(main.opt.z):
(main.opt):
(main):
* JSTests/stress/putstacksinking-tailcallvarargs.js: Added.
(main.opt.x):
(main.opt.y):
(main.opt.z):
(main.opt):
(main):
* Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h:
(JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
Canonical link: https://commits.webkit.org/259548.856@safari-7615-branch
Commit: 115fef229108c074ebbfd0d6ac7ac5ae0b920874
https://github.com/WebKit/WebKit/commit/115fef229108c074ebbfd0d6ac7ac5ae0b920874
Author: Youenn Fablet <youennf at gmail.com>
Date: 2023-06-28 (Wed, 28 Jun 2023)
Changed paths:
M Source/WebCore/platform/mediastream/ios/AVAudioSessionCaptureDeviceManager.mm
Log Message:
-----------
Cherry-pick 53bd19405878. rdar://problem/107871881
[iOS 16.x] WebRTC call not switching when connect with EarPods with Lightning Connector
https://bugs.webkit.org/show_bug.cgi?id=254978
rdar://107871881
Reviewed by Eric Carlson.
We are using the default route to select the default microphone on iOS.
When headphones are plugged in, the route is the builtin route, but the subtype is different to differentiate
iPhone speakers from headset.
To take this into account on microphones, we keep the same logic to know the default route.
But we do a first iteration to check whether there is a head set microphone available.
If so, we consider this should be the default microphone if the default route is the builtin route.
Manually tested.
* Source/WebCore/platform/mediastream/ios/AVAudioSessionCaptureDeviceManager.mm:
(SOFT_LINK_CONSTANT):
(WebCore::AVAudioSessionCaptureDeviceManager::retrieveAudioSessionCaptureDevices const):
Canonical link: https://commits.webkit.org/264070@main
Identifier: 259548.857 at safari-7615-branch
Commit: 9ec0db86a3230696b3ee4ee09b0f2971d9553df7
https://github.com/WebKit/WebKit/commit/9ec0db86a3230696b3ee4ee09b0f2971d9553df7
Author: Youenn Fablet <youennf at gmail.com>
Date: 2023-06-28 (Wed, 28 Jun 2023)
Changed paths:
M Source/ThirdParty/libwebrtc/Source/webrtc/sdk/objc/components/video_frame_buffer/RTCCVPixelBuffer.mm
M Source/ThirdParty/libwebrtc/Source/webrtc/sdk/objc/native/src/objc_frame_buffer.mm
Log Message:
-----------
Cherry-pick ebb91ef51ed3. rdar://problem/108377764
Add a bounds check in [RTCCVPixelBuffer toI420]
https://bugs.webkit.org/show_bug.cgi?id=257479
rdar://108377764
Reviewed by Jean-Yves Avenard.
Add a width/height check to toI420 for extra safety.
Update ObjCFrameBuffer::wrapped_frame_buffer to always use a mutex.
* Source/ThirdParty/libwebrtc/Source/webrtc/sdk/objc/components/video_frame_buffer/RTCCVPixelBuffer.mm:
(-[RTCCVPixelBuffer toI420]):
* Source/ThirdParty/libwebrtc/Source/webrtc/sdk/objc/native/src/objc_frame_buffer.mm:
(webrtc::ObjCFrameBuffer::wrapped_frame_buffer const):
Canonical link: https://commits.webkit.org/264670@main
Identifier: 259548.858 at safari-7615-branch
Commit: bb38f117eeef60f90918313b37e9ed7751a2d9b6
https://github.com/WebKit/WebKit/commit/bb38f117eeef60f90918313b37e9ed7751a2d9b6
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-06-28 (Wed, 28 Jun 2023)
Changed paths:
M Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm
M Source/WebKit/UIProcess/Cocoa/XPCConnectionTerminationWatchdog.h
M Source/WebKit/UIProcess/Cocoa/XPCConnectionTerminationWatchdog.mm
Log Message:
-----------
Cherry-pick 256bf3a7dde7. rdar://problem/108805025
Use the XPCConnectionTerminationWatchdog on macOS too
https://bugs.webkit.org/show_bug.cgi?id=256096
Reviewed by Ben Nham.
Use the XPCConnectionTerminationWatchdog on macOS too now that process
suspension is no longer specific to iOS.
* Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm:
(WebKit::AuxiliaryProcessProxy::platformStartConnectionTerminationWatchdog):
* Source/WebKit/UIProcess/Cocoa/XPCConnectionTerminationWatchdog.h:
* Source/WebKit/UIProcess/Cocoa/XPCConnectionTerminationWatchdog.mm:
(WebKit::XPCConnectionTerminationWatchdog::XPCConnectionTerminationWatchdog):
Canonical link: https://commits.webkit.org/263514@main
Identifier: 259548.859 at safari-7615-branch
Commit: 383d4ade9f18a53d6af95218ab9949569a45fbc4
https://github.com/WebKit/WebKit/commit/383d4ade9f18a53d6af95218ab9949569a45fbc4
Author: Jean-Yves Avenard <jya at apple.com>
Date: 2023-06-28 (Wed, 28 Jun 2023)
Changed paths:
M Source/WebCore/dom/FullscreenManager.cpp
M Source/WebCore/page/Quirks.cpp
M Source/WebCore/page/Quirks.h
Log Message:
-----------
Cherry-pick ba3971672860. rdar://problem/108304377
bbc.co.uk: Video goes black with only audio playing when exiting PiP mode
https://bugs.webkit.org/show_bug.cgi?id=257711
rdar://108304377
Reviewed by Jer Noble.
Only fire the fullscreen change event once we did enter fullscreen.
This gives time for the UI process to complete exiting PiP in the UI process.
The process for exiting PiP and go back into fullscreen is a complicated
(and unnecessary) dance between the content and the UI process.
didStopPictureInPicture (UI) -> requestRestoreFullScreen (CP) -> EnterFullScreen (UI)
-> WillEnterFullscreen (CP) -> beganEnterFullScreen (UI) -> didEnterFullScreen (UI)
-> didEnterFullScreen (CP)
Previously, the events `fullscreenchange` was fired in WillEnterFullscreen.
if a JS event listener was set, and attempted to exit PiP then (as BBC website is doing)
it would have left VideoFullscreenInterfaceAVKit in a broken state
once it received `beganEnterFullScreen` as it's not an handled chained of event.
By letting the UI process complete the exit of PiP back to fullscreen,
we can avoid the problem from occurring alltogether, and this is simply
done by firing the events and resolving the promise in didEnterFullScreen.
We limit this behaviour to BBC.com
This entire code is in serious need of a rewrite.
Manually tested under all possible interface scenarios:
- Entering PiP, Exiting PiP using BBC main player control.
- Entering PiP, Exiting PiP using PiP controller button.
- Entering fullscreen via BBC control, entering PiP using PiP button, exiting PiP using BBC main player control
- As above but using PiP controller button as last step.
- Going into Auto-Pip by swiping home and exiting PiP.
- Entering PiP, quitting PiP (X button)
* Source/WebCore/dom/FullscreenManager.cpp:
(WebCore::FullscreenManager::willEnterFullscreen):
(WebCore::FullscreenManager::didEnterFullscreen):
* Source/WebCore/page/Quirks.cpp:
(WebCore::Quirks::shouldDelayFullscreenEventWhenExitingPictureInPictureQuirk const):
* Source/WebCore/page/Quirks.h:
Canonical link: https://commits.webkit.org/264974@main
Identifier: 259548.860 at safari-7615-branch
Commit: 3f5f0f1ba3d7aec5f3f4ba57d55b1f4b0524d8d1
https://github.com/WebKit/WebKit/commit/3f5f0f1ba3d7aec5f3f4ba57d55b1f4b0524d8d1
Author: Darin Adler <darin at apple.com>
Date: 2023-06-28 (Wed, 28 Jun 2023)
Changed paths:
M LayoutTests/fast/css/background-position-serialize-expected.txt
M LayoutTests/fast/css/background-position-serialize.html
M LayoutTests/fast/masking/parsing-webkit-mask-expected.txt
M LayoutTests/fast/masking/parsing-webkit-mask.html
M LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/parsing/background-position-valid-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/parsing/background-position-valid.html
M LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/parsing/background-valid.html
M LayoutTests/imported/w3c/web-platform-tests/css/css-masking/parsing/mask-position-valid-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/css/css-masking/parsing/mask-position-valid.html
M LayoutTests/imported/w3c/web-platform-tests/css/css-masking/parsing/mask-valid.sub.html
M Source/WebCore/css/ShorthandSerializer.cpp
Log Message:
-----------
Cherry-pick 82228ed93559. rdar://problem/109380755
REGRESSION (Safari 16.4, 258767 at main): Carcassonne game on boardgamearena.com unplayable (serialization bug affecting background-position)
https://bugs.webkit.org/show_bug.cgi?id=256814
rdar://109380755
Reviewed by Tim Nguyen.
The code to serialize background-position and mask-position did not correctly handle the case
where the Y value was 0%. Rearranged the code slightly to resolve this.
* LayoutTests/fast/css/background-position-serialize-expected.txt: Added test cases.
* LayoutTests/fast/css/background-position-serialize.html: Ditto.
* LayoutTests/fast/masking/parsing-webkit-mask-expected.txt: Ditto.
* LayoutTests/fast/masking/parsing-webkit-mask.html: Ditto.
* LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/parsing/background-position-valid-expected.txt: Ditto.
* LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/parsing/background-position-valid.html: Ditto.
* LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/parsing/background-valid.html:
Updated expectations since initial value of background-position is "0% 0%", not "0% center".
* LayoutTests/imported/w3c/web-platform-tests/css/css-masking/parsing/mask-position-valid-expected.txt: Added test cases.
* LayoutTests/imported/w3c/web-platform-tests/css/css-masking/parsing/mask-position-valid.html: Ditto.
* LayoutTests/imported/w3c/web-platform-tests/css/css-masking/parsing/mask-valid.sub.html:
Updated expectations since initial value of mask-position is "0% 0%", not "0% center".
* Source/WebCore/css/ShorthandSerializer.cpp:
(WebCore::ShorthandSerializer::serializeLayered const): Rearrange the code to correctly serialize
background-position-y and mask-position-y as part of a shorthand.
Canonical link: https://commits.webkit.org/265056@main
Identifier: 259548.861 at safari-7615-branch
Commit: fa3d4fa011859597f09586418714bc12c10f647c
https://github.com/WebKit/WebKit/commit/fa3d4fa011859597f09586418714bc12c10f647c
Author: Eric Carlson <eric.carlson at apple.com>
Date: 2023-06-28 (Wed, 28 Jun 2023)
Changed paths:
M Source/WebCore/platform/mac/WebPlaybackControlsManager.mm
Log Message:
-----------
Cherry-pick ca484addbacd. rdar://problem/111456370
[Cocoa] Playback is paused after scrubbing with touch bar
https://bugs.webkit.org/show_bug.cgi?id=257177
rdar://109523926
Reviewed by Jer Noble.
* Source/WebCore/platform/mac/WebPlaybackControlsManager.mm:
(-[WebPlaybackControlsManager setPlaying:]): Don't send a remote playback command to the
model if is already in the correct state.
Canonical link: https://commits.webkit.org/264400@main
Identifier: 259548.862 at safari-7615-branch
Commit: 08761da690e52511272f7f745ce8d92f20c97e04
https://github.com/WebKit/WebKit/commit/08761da690e52511272f7f745ce8d92f20c97e04
Author: Youenn Fablet <youennf at gmail.com>
Date: 2023-06-28 (Wed, 28 Jun 2023)
Changed paths:
M Source/WebCore/workers/service/ServiceWorkerGlobalScope.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/ServiceWorkerBasic.mm
Log Message:
-----------
Cherry-pick d3783956a151. rdar://problem/111456704
ServiceWorkerGlobalScope::notifyServiceWorkerPageOfCreationIfNecessary should limit itself to normalWorld
https://bugs.webkit.org/show_bug.cgi?id=258339
rdar://105387315
Reviewed by Chris Dumez.
Page::serviceWorkerGlobalObject is only supporting normal worlds and is checking this with a RELEASE_ASSERT.
ServiceWorkerGlobalScope::notifyServiceWorkerPageOfCreationIfNecessary calls LocalFrameLoaderClient::dispatchServiceWorkerGlobalObjectAvailable on all worlds.
This puts the burden on implementors of LocalFrameLoaderClient::dispatchServiceWorkerGlobalObjectAvailable to check that the world is a normal world.
Instead of hitting the RELEASE_ASSERT, we are limiting LocalFrameLoaderClient::dispatchServiceWorkerGlobalObjectAvailable call to normal worlds.
Updated test is adding a world in a test that is using service worker.
It hits the RELEASE_ASSERT without the change in ServiceWorkerGlobalScope::notifyServiceWorkerPageOfCreationIfNecessary.
* Source/WebCore/workers/service/ServiceWorkerGlobalScope.cpp:
(WebCore::ServiceWorkerGlobalScope::notifyServiceWorkerPageOfCreationIfNecessary):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/ServiceWorkerBasic.mm:
Canonical link: https://commits.webkit.org/265358@main
Identifier: 259548.863 at safari-7615-branch
Compare: https://github.com/WebKit/WebKit/compare/f0589f652bac...08761da690e5
More information about the webkit-changes
mailing list