[webkit-changes] [WebKit/WebKit] 6b69f5: Cherry-pick fdaaccf6d779. rdar://problem/98335573
MyahCobbs
noreply at github.com
Thu Oct 26 12:09:19 PDT 2023
Branch: refs/heads/safari-7613.4.1.0-branch
Home: https://github.com/WebKit/WebKit
Commit: 6b69f56e4cc972b5c66f05e6fe701cdbe7a7b39d
https://github.com/WebKit/WebKit/commit/6b69f56e4cc972b5c66f05e6fe701cdbe7a7b39d
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2022-08-08 (Mon, 08 Aug 2022)
Changed paths:
A JSTests/stress/map-clear-get.js
A JSTests/stress/set-clear-has.js
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp
M Source/JavaScriptCore/runtime/HashMapImpl.h
M Source/JavaScriptCore/runtime/HashMapImplInlines.h
M Source/JavaScriptCore/runtime/JSMap.h
M Source/JavaScriptCore/runtime/JSModuleLoader.cpp
M Source/JavaScriptCore/runtime/JSSet.h
M Source/JavaScriptCore/runtime/MapConstructor.cpp
M Source/JavaScriptCore/runtime/MapPrototype.cpp
M Source/JavaScriptCore/runtime/SetConstructor.cpp
M Source/JavaScriptCore/runtime/SetPrototype.cpp
M Source/JavaScriptCore/runtime/WeakMapImplInlines.h
M Source/WebCore/bindings/js/JSDOMMapLike.cpp
M Source/WebCore/bindings/js/JSDOMSetLike.cpp
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
Log Message:
-----------
Cherry-pick fdaaccf6d779. rdar://problem/98335573
Cherry-pick 1ed1e4a336e1. rdar://problem/98068082
[JSC] Make JSMap and JSSet construction more simple and efficient
https://bugs.webkit.org/show_bug.cgi?id=243557
rdar://98068082
Reviewed by Mark Lam and Saam Barati.
This patch makes the initial buffer of JSMap / JSSet nullptr so that we can make allocation of them
simpler and efficient for non-using case. It cleans up many code in module loader etc. And it paves
the way to allocating them from DFG and FTL efficiently. It also cleans up SerializedScriptValue
implementation.
* JSTests/stress/map-clear-get.js: Added.
(shouldBe):
(test):
* JSTests/stress/set-clear-has.js: Added.
(shouldBe):
(set clear):
(set shouldBe):
(set new):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp:
(JSC::AbstractModuleRecord::finishCreation):
* Source/JavaScriptCore/runtime/HashMapImpl.h:
(JSC::HashMapBuffer::tryCreate):
(JSC::HashMapImpl::HashMapImpl):
(JSC::HashMapBuffer::create): Deleted.
(JSC::HashMapImpl::shouldRehashAfterAdd const): Deleted.
* Source/JavaScriptCore/runtime/HashMapImplInlines.h:
(JSC::shouldShrink):
(JSC::shouldRehash):
(JSC::nextCapacity):
(JSC::HashMapImpl<HashMapBucketType>::finishCreation):
(JSC::HashMapImpl<HashMapBucketType>::add):
(JSC::HashMapImpl<HashMapBucketType>::addNormalized):
(JSC::HashMapImpl<HashMapBucketType>::remove):
(JSC::HashMapImpl<HashMapBucketType>::clear):
(JSC::HashMapImpl<HashMapBucketType>::setUpHeadAndTail):
(JSC::HashMapImpl<HashMapBucketType>::addNormalizedNonExistingForCloning):
(JSC::HashMapImpl<HashMapBucketType>::addNormalizedNonExistingForCloningInternal):
(JSC::HashMapImpl<HashMapBucketType>::addNormalizedInternal):
(JSC::HashMapImpl<HashMapBucketType>::findBucketAlreadyHashedAndNormalized):
(JSC::HashMapImpl<HashMapBucketType>::rehash):
(JSC::HashMapImpl<HashMapBucketType>::makeAndSetNewBuffer):
(JSC::HashMapImpl<HashMapBucketType>::assertBufferIsEmpty):
(JSC::shouldRehashAfterAdd): Deleted.
(JSC::HashMapImpl<HashMapBucketType>::assertBufferIsEmpty const): Deleted.
* Source/JavaScriptCore/runtime/JSMap.h:
* Source/JavaScriptCore/runtime/JSModuleLoader.cpp:
(JSC::JSModuleLoader::finishCreation):
* Source/JavaScriptCore/runtime/JSSet.h:
* Source/JavaScriptCore/runtime/MapConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/MapPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/SetConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/SetPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/WeakMapImplInlines.h:
(JSC::WeakMapImpl<WeakMapBucket>::shouldRehashAfterAdd const):
* Source/WebCore/bindings/js/JSDOMMapLike.cpp:
(WebCore::getBackingMap):
* Source/WebCore/bindings/js/JSDOMSetLike.cpp:
(WebCore::getBackingSet):
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::deserialize):
Canonical link: https://commits.webkit.org/253133@main
Canonical link: https://commits.webkit.org/245886.832@safari-7613.3.9.0-branch
Canonical link: https://commits.webkit.org/245886.819@safari-7613.4.1.0-branch
Commit: cc1264ff76335cd62a22a57ed1b4a5bf8939f43a
https://github.com/WebKit/WebKit/commit/cc1264ff76335cd62a22a57ed1b4a5bf8939f43a
Author: Alan Coon <alancoon at apple.com>
Date: 2022-08-08 (Mon, 08 Aug 2022)
Changed paths:
M Source/WTF/Scripts/Preferences/WebPreferences.yaml
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebKit/UIProcess/API/C/WKPreferences.cpp
M Source/WebKit/UIProcess/API/C/WKPreferencesRefPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm
M Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h
M Tools/TestWebKitAPI/Tests/mac/LoadWebArchive.mm
Log Message:
-----------
Cherry-pick 3e51b624e5ec. rdar://problem/97275837
Canonical link: https://commits.webkit.org/245886.821@safari-7613.4.1.0-branch
Commit: 4c0398cd5328d5be4f44d06edd73d96b1a9cf687
https://github.com/WebKit/WebKit/commit/4c0398cd5328d5be4f44d06edd73d96b1a9cf687
Author: Eric Carlson <eric.carlson at apple.com>
Date: 2022-08-08 (Mon, 08 Aug 2022)
Changed paths:
M Source/WebCore/PAL/pal/spi/cg/CoreGraphicsSPI.h
M Source/WebCore/page/ActivityState.cpp
M Source/WebCore/page/ActivityState.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewTesting.mm
M Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
M Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebProcessPool.h
M Source/WebKit/UIProcess/WebProcessProxy.h
M Source/WebKit/UIProcess/mac/WindowServerConnection.h
M Source/WebKit/UIProcess/mac/WindowServerConnection.mm
M Tools/TestWebKitAPI/Tests/WebKit/GetUserMedia.mm
Log Message:
-----------
Cherry-pick 6e14685cafbd. rdar://problem/97275137
Mute capture when disconnected from hardware console
rdar://87794804
Reviewed by Brent Fulgham
* Source/WebCore/PAL/pal/spi/cg/CoreGraphicsSPI.h
* Source/WebCore/page/ActivityState.cpp
* Source/WebCore/page/ActivityState.h
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewTesting.mm
* Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
* Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm
* Source/WebKit/UIProcess/WebPageProxy.cpp
* Source/WebKit/UIProcess/WebPageProxy.h
* Source/WebKit/UIProcess/WebProcessPool.h
* Source/WebKit/UIProcess/WebProcessProxy.h
* Source/WebKit/UIProcess/mac/WindowServerConnection.h
* Source/WebKit/UIProcess/mac/WindowServerConnection.mm
* Tools/TestWebKitAPI/Tests/WebKit/GetUserMedia.mm
Canonical link: https://commits.webkit.org/251762@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@295757 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Canonical link: https://commits.webkit.org/245886.822@safari-7613.4.1.0-branch
Commit: 5e1e9e342804bdd1d4df6aed4cef4b326681f658
https://github.com/WebKit/WebKit/commit/5e1e9e342804bdd1d4df6aed4cef4b326681f658
Author: Abigail Fox <abigail_fox at apple.com>
Date: 2022-08-08 (Mon, 08 Aug 2022)
Changed paths:
M Source/WebCore/platform/cocoa/PlaybackSessionModel.h
M Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.mm
M Source/WebCore/platform/ios/PlaybackSessionInterfaceAVKit.mm
M Source/WebCore/platform/ios/VideoFullscreenInterfaceAVKit.mm
M Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm
M Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.h
M Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.messages.in
M Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm
M Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.mm
Log Message:
-----------
Cherry-pick f5f63453c9cd. rdar://problem/97273615
Refactor PlaybackSessionModel::externalPlaybackTargetType to use enum class
rdar://63360025
https://bugs.webkit.org/show_bug.cgi?id=242476
Reviewed by Eric Carlson.
* Source/WebCore/platform/cocoa/PlaybackSessionModel.h:
(): Deleted.
* Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.mm:
(WebCore::PlaybackSessionModelMediaElement::externalPlaybackTargetType const):
* Source/WebCore/platform/ios/PlaybackSessionInterfaceAVKit.mm:
(WebCore::PlaybackSessionInterfaceAVKit::externalPlaybackChanged):
* Source/WebCore/platform/ios/VideoFullscreenInterfaceAVKit.mm:
(VideoFullscreenInterfaceAVKit::~VideoFullscreenInterfaceAVKit):
* Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm:
(VideoFullscreenControllerContext::externalPlaybackTargetType const):
* Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.h:
* Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.messages.in:
* Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm:
(WebKit::PlaybackSessionManagerProxy::externalPlaybackPropertiesChanged):
* Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.mm:
(WebKit::PlaybackSessionManager::externalPlaybackChanged):
Canonical link: https://commits.webkit.org/252247@main
Canonical link: https://commits.webkit.org/245886.823@safari-7613.4.1.0-branch
Commit: 726d1034d700c1b18455de3f56f038960761da83
https://github.com/WebKit/WebKit/commit/726d1034d700c1b18455de3f56f038960761da83
Author: Alan Coon <alancoon at apple.com>
Date: 2022-08-10 (Wed, 10 Aug 2022)
Changed paths:
M Source/WTF/Scripts/Preferences/WebPreferences.yaml
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebKit/UIProcess/API/C/WKPreferences.cpp
M Source/WebKit/UIProcess/API/C/WKPreferencesRefPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm
M Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h
M Tools/TestWebKitAPI/Tests/mac/LoadWebArchive.mm
Log Message:
-----------
Revert 3e51b624e5ec. rdar://problem/97275837
This reverts commit cc1264ff76335cd62a22a57ed1b4a5bf8939f43a.
Canonical link: https://commits.webkit.org/245886.824@safari-7613.4.1.0-branch
Commit: 5d2cc6074b86f0df8892f9683361e9f51e8ab73f
https://github.com/WebKit/WebKit/commit/5d2cc6074b86f0df8892f9683361e9f51e8ab73f
Author: Alan Coon <alancoon at apple.com>
Date: 2022-08-10 (Wed, 10 Aug 2022)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.4.1.0.2
Canonical link: https://commits.webkit.org/245886.825@safari-7613.4.1.0-branch
Commit: 1394b06f39aab790eced1e754b58b1170262f65c
https://github.com/WebKit/WebKit/commit/1394b06f39aab790eced1e754b58b1170262f65c
Author: Alan Coon <alancoon at apple.com>
Date: 2022-08-10 (Wed, 10 Aug 2022)
Changed paths:
M Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.cpp
Log Message:
-----------
Apply patch. rdar://problem/97276205
Canonical link: https://commits.webkit.org/245886.826@safari-7613.4.1.0-branch
Commit: 899003b833b6365ee59af86ee6842efcd607c47a
https://github.com/WebKit/WebKit/commit/899003b833b6365ee59af86ee6842efcd607c47a
Author: Alan Coon <alancoon at apple.com>
Date: 2022-08-10 (Wed, 10 Aug 2022)
Changed paths:
M Source/WTF/Scripts/Preferences/WebPreferences.yaml
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebKit/UIProcess/API/C/WKPreferences.cpp
M Source/WebKit/UIProcess/API/C/WKPreferencesRefPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm
M Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h
M Tools/TestWebKitAPI/Tests/mac/LoadWebArchive.mm
Log Message:
-----------
Cherry-pick 3e51b624e5ec. rdar://problem/97275837
This reverts commit 726d1034d700c1b18455de3f56f038960761da83.
Canonical link: https://commits.webkit.org/245886.827@safari-7613.4.1.0-branch
Commit: 08cc7f2e638ec5264e8832f2e1aeec225e0190cd
https://github.com/WebKit/WebKit/commit/08cc7f2e638ec5264e8832f2e1aeec225e0190cd
Author: Russell Epstein <repstein at apple.com>
Date: 2022-08-11 (Thu, 11 Aug 2022)
Changed paths:
M Source/WTF/Scripts/Preferences/WebPreferences.yaml
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebKit/UIProcess/API/C/WKPreferences.cpp
M Source/WebKit/UIProcess/API/C/WKPreferencesRefPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm
M Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h
M Tools/TestWebKitAPI/Tests/mac/LoadWebArchive.mm
Log Message:
-----------
Revert "Cherry-pick 3e51b624e5ec. rdar://problem/97275837"
This reverts commit 899003b833b6365ee59af86ee6842efcd607c47a.
Canonical link: https://commits.webkit.org/245886.828@safari-7613.4.1.0-branch
Commit: 78772cac166ad953efdfb42fd34fb6a3e4de96de
https://github.com/WebKit/WebKit/commit/78772cac166ad953efdfb42fd34fb6a3e4de96de
Author: Russell Epstein <repstein at apple.com>
Date: 2022-08-11 (Thu, 11 Aug 2022)
Changed paths:
M Source/JavaScriptCore/bytecode/BytecodeDumper.cpp
M Source/JavaScriptCore/bytecode/BytecodeDumper.h
M Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmAirIRGenerator.h
M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmB3IRGenerator.h
M Source/JavaScriptCore/wasm/WasmBBQPlan.cpp
M Source/JavaScriptCore/wasm/WasmBBQPlan.h
M Source/JavaScriptCore/wasm/WasmHandlerInfo.h
M Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h
M Source/JavaScriptCore/wasm/WasmOMGPlan.cpp
M Source/JavaScriptCore/wasm/WasmOMGPlan.h
M Source/JavaScriptCore/wasm/WasmOSREntryPlan.cpp
M Source/JavaScriptCore/wasm/WasmOSREntryPlan.h
M Source/JavaScriptCore/wasm/WasmOperations.cpp
M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp
Log Message:
-----------
Apply patch. rdar://problem/97021541
Canonical link: https://commits.webkit.org/245886.829@safari-7613.4.1.0-branch
Commit: 4434a3007d520b5f199ac307c5029f429a85c956
https://github.com/WebKit/WebKit/commit/4434a3007d520b5f199ac307c5029f429a85c956
Author: Russell Epstein <repstein at apple.com>
Date: 2022-08-11 (Thu, 11 Aug 2022)
Changed paths:
M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp
Log Message:
-----------
Apply patch. rdar://problem/97263817
Canonical link: https://commits.webkit.org/245886.830@safari-7613.4.1.0-branch
Commit: 9eabbe4e332bc5d980370ae957e3a6fa6ac403d3
https://github.com/WebKit/WebKit/commit/9eabbe4e332bc5d980370ae957e3a6fa6ac403d3
Author: Russell Epstein <repstein at apple.com>
Date: 2022-08-11 (Thu, 11 Aug 2022)
Changed paths:
M Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp
M Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp
M Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h
M Source/WebCore/Modules/indexeddb/shared/IDBResultData.cpp
M Source/WebCore/Modules/indexeddb/shared/IDBResultData.h
Log Message:
-----------
Apply patch. rdar://problem/97276161
Canonical link: https://commits.webkit.org/245886.831@safari-7613.4.1.0-branch
Commit: a539633a1b424371cc1a23d9547240b3fa57fc86
https://github.com/WebKit/WebKit/commit/a539633a1b424371cc1a23d9547240b3fa57fc86
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2022-08-15 (Mon, 15 Aug 2022)
Changed paths:
M Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm
Log Message:
-----------
Cherry-pick 02857c1a71fe. rdar://problem/97324281
Make PDF annotation creation more robust
https://bugs.webkit.org/show_bug.cgi?id=242781
rdar://96688395
Reviewed by Aditya Keerthi.
* Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm:
(WebKit::PDFPlugin::createPasswordEntryForm):
(WebKit::PDFPlugin::setActiveAnnotation):
Canonical link: https://commits.webkit.org/252513@main
Canonical link: https://commits.webkit.org/245886.832@safari-7613.4.1.0-branch
Commit: b0bd0f115d5e66aa3ccb375816eb5741a9146b56
https://github.com/WebKit/WebKit/commit/b0bd0f115d5e66aa3ccb375816eb5741a9146b56
Author: Per Arne Vollan <pvollan at apple.com>
Date: 2022-08-15 (Mon, 15 Aug 2022)
Changed paths:
M Source/WebCore/Modules/speech/SpeechRecognitionCaptureSourceImpl.cpp
M Source/WebCore/Modules/webaudio/MediaStreamAudioSourceCocoa.cpp
M Source/WebCore/platform/audio/cocoa/WebAudioBufferList.cpp
M Source/WebCore/platform/audio/cocoa/WebAudioBufferList.h
M Source/WebCore/platform/mock/MockAudioDestinationCocoa.h
Log Message:
-----------
Cherry-pick 659f5b107515. rdar://problem/97689284
Account for larger sample spaces in WebAudioBufferList
https://bugs.webkit.org/show_bug.cgi?id=243181
<rdar://97391151>
Reviewed by Chris Dumez.
Use size_t for sample count to account for larger sample spaces in WebAudioBufferList.
* Source/WebCore/Modules/speech/SpeechRecognitionCaptureSourceImpl.cpp:
(WebCore::SpeechRecognitionCaptureSourceImpl::pullSamplesAndCallDataCallback):
* Source/WebCore/Modules/webaudio/MediaStreamAudioSourceCocoa.cpp:
(WebCore::MediaStreamAudioSource::consumeAudio):
* Source/WebCore/platform/audio/cocoa/WebAudioBufferList.cpp:
(WebCore::WebAudioBufferList::WebAudioBufferList):
(WebCore::computeBufferSizes):
(WebCore::WebAudioBufferList::isSupportedDescription):
(WebCore::WebAudioBufferList::setSampleCount):
* Source/WebCore/platform/audio/cocoa/WebAudioBufferList.h:
* Source/WebCore/platform/mediastream/mac/MockAudioSharedUnit.mm:
* Source/WebCore/platform/mock/MockAudioDestinationCocoa.h:
Canonical link: https://commits.webkit.org/252808@main
Canonical link: https://commits.webkit.org/245886.833@safari-7613.4.1.0-branch
Commit: 0504ebf2768d6d4d28dc8b385103b51317c05191
https://github.com/WebKit/WebKit/commit/0504ebf2768d6d4d28dc8b385103b51317c05191
Author: Alan Coon <alancoon at apple.com>
Date: 2022-08-15 (Mon, 15 Aug 2022)
Changed paths:
M Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm
Log Message:
-----------
Revert 02857c1a71fe. rdar://problem/97324281
This reverts commit a539633a1b424371cc1a23d9547240b3fa57fc86.
Canonical link: https://commits.webkit.org/245886.834@safari-7613.4.1.0-branch
Commit: fd49f1b001dd08d8357087c072054706d95ad208
https://github.com/WebKit/WebKit/commit/fd49f1b001dd08d8357087c072054706d95ad208
Author: Alan Coon <alancoon at apple.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.5.1.0.1
Canonical link: https://commits.webkit.org/245886.835@safari-7613.4.1.0-branch
Commit: 353f9e53dea8066c2b45d771aa198beb0d573c85
https://github.com/WebKit/WebKit/commit/353f9e53dea8066c2b45d771aa198beb0d573c85
Author: Alan Coon <alancoon at apple.com>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.5.1.0.2
Canonical link: https://commits.webkit.org/245886.836@safari-7613.4.1.0-branch
Commit: fb27035017e464208f3b2ae98b3d4a551d8d035b
https://github.com/WebKit/WebKit/commit/fb27035017e464208f3b2ae98b3d4a551d8d035b
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M Source/JavaScriptCore/dfg/DFGGraph.h
M Source/JavaScriptCore/dfg/DFGNode.h
M Source/JavaScriptCore/dfg/DFGNodeFlags.cpp
M Source/JavaScriptCore/dfg/DFGNodeFlags.h
M Source/JavaScriptCore/dfg/DFGNodeType.h
Log Message:
-----------
Cherry-pick ef76e31a2a06. rdar://problem/99203199
[JSC] BakcwardPropagationPhase should carry NaN / Infinity handling
https://bugs.webkit.org/show_bug.cgi?id=242964
rdar://96791603
Reviewed by Mark Lam.
For correctness, we should carry NaN / Infinity handling to make it more clear in the code generation site.
* Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::propagate):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupArithDivInt32):
(JSC::DFG::FixupPhase::fixupArithDiv):
* Source/JavaScriptCore/dfg/DFGGraph.h:
* Source/JavaScriptCore/dfg/DFGNode.h:
* Source/JavaScriptCore/dfg/DFGNodeFlags.cpp:
(JSC::DFG::dumpNodeFlags):
* Source/JavaScriptCore/dfg/DFGNodeFlags.h:
(JSC::DFG::bytecodeCanIgnoreNaNAndInfinity):
(JSC::DFG::nodeCanSpeculateInt32ForDiv):
* Source/JavaScriptCore/dfg/DFGNodeType.h:
Canonical link: https://commits.webkit.org/252675@main
Canonical link: https://commits.webkit.org/245886.837@safari-7613.4.1.0-branch
Commit: ef3bf06da387c8c91a940ab97d0780fe9ed24153
https://github.com/WebKit/WebKit/commit/ef3bf06da387c8c91a940ab97d0780fe9ed24153
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M Source/JavaScriptCore/dfg/DFGGraph.h
M Source/JavaScriptCore/dfg/DFGNode.h
M Source/JavaScriptCore/dfg/DFGNodeFlags.cpp
M Source/JavaScriptCore/dfg/DFGNodeFlags.h
M Source/JavaScriptCore/dfg/DFGNodeType.h
Log Message:
-----------
Cherry-pick 0f4e2b68c124. rdar://problem/99203199
[JSC] Revert 252675 at main and do simple fix for now
https://bugs.webkit.org/show_bug.cgi?id=243697
Reviewed by Mark Lam.
This patch revert 252675 at main, and instead, just always emitting check for div / mod,
because 252675 at main caused JetStream2 regression.
* Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::propagate):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupArithDivInt32):
(JSC::DFG::FixupPhase::fixupArithDiv):
* Source/JavaScriptCore/dfg/DFGGraph.h:
* Source/JavaScriptCore/dfg/DFGNode.h:
* Source/JavaScriptCore/dfg/DFGNodeFlags.cpp:
(JSC::DFG::dumpNodeFlags):
* Source/JavaScriptCore/dfg/DFGNodeFlags.h:
(JSC::DFG::bytecodeCanIgnoreNaNAndInfinity): Deleted.
(JSC::DFG::nodeCanSpeculateInt32ForDiv): Deleted.
* Source/JavaScriptCore/dfg/DFGNodeType.h:
Canonical link: https://commits.webkit.org/253246@main
Canonical link: https://commits.webkit.org/245886.838@safari-7613.4.1.0-branch
Commit: cbf91c03915558ed09255cc753d3f6443ee7f783
https://github.com/WebKit/WebKit/commit/cbf91c03915558ed09255cc753d3f6443ee7f783
Author: Alan Coon <alancoon at apple.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.6.1.0.1
Canonical link: https://commits.webkit.org/245886.839@safari-7613.4.1.0-branch
Commit: 199ebb752dd8e5699ef7b1776cd9db0afe3d7e67
https://github.com/WebKit/WebKit/commit/199ebb752dd8e5699ef7b1776cd9db0afe3d7e67
Author: Alex Christensen <achristensen at webkit.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M Source/WTF/wtf/URLHelpers.cpp
M Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm
Log Message:
-----------
Cherry-pick 16904a9a85c8. rdar://problem/101518562
Punycode all IPA extensions code points in URLs
https://bugs.webkit.org/show_bug.cgi?id=247289
rdar://101429376
Reviewed by Tim Horton.
* Source/WTF/wtf/URLHelpers.cpp:
(WTF::URLHelpers::isLookalikeCharacter):
* Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm:
(TestWebKitAPI::TEST):
Canonical link: https://commits.webkit.org/256267@main
Canonical link: https://commits.webkit.org/245886.839@safari-7613.4.1.0-branch
Commit: 44e845aba9eb42d8118dce5c01c59539d9512ad3
https://github.com/WebKit/WebKit/commit/44e845aba9eb42d8118dce5c01c59539d9512ad3
Author: Alex Christensen <achristensen at webkit.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M Source/WTF/wtf/URLHelpers.cpp
M Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm
Log Message:
-----------
Cherry-pick 85e478aae63c. rdar://problem/100623939
Punycode Arabic diacritics when not preceded by an Arabic code point in a URL host
https://bugs.webkit.org/show_bug.cgi?id=247461
rdar://100426863
Reviewed by Said Abou-Hallawa.
* Source/WTF/wtf/URLHelpers.cpp:
(WTF::URLHelpers::isArabicDiacritic):
(WTF::URLHelpers::isArabicCodePoint):
(WTF::URLHelpers::isLookalikeCharacter):
* Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm:
(TestWebKitAPI::TEST):
Canonical link: https://commits.webkit.org/256332@main
Canonical link: https://commits.webkit.org/245886.840@safari-7613.4.1.0-branch
Commit: 04050e1cb8356bc3902874006bd8c43ffad73d0d
https://github.com/WebKit/WebKit/commit/04050e1cb8356bc3902874006bd8c43ffad73d0d
Author: Alex Christensen <achristensen at webkit.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M LayoutTests/fast/encoding/idn-security-expected.txt
M LayoutTests/fast/encoding/idn-security.html
M Source/WTF/wtf/URLHelpers.cpp
M Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm
Log Message:
-----------
Cherry-pick a6c922ea6f05. rdar://problem/101518569
Punycode U+0E01 when in the context of non-Thai characters
https://bugs.webkit.org/show_bug.cgi?id=247287
rdar://101434628
Reviewed by Tim Horton.
* Source/WTF/wtf/URLHelpers.cpp:
(WTF::URLHelpers::isLookalikeCharacterOfScriptType<USCRIPT_THAI>):
(WTF::URLHelpers::isLookalikeCharacter):
* Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm:
(TestWebKitAPI::TEST):
Canonical link: https://commits.webkit.org/256276@main
Canonical link: https://commits.webkit.org/245886.841@safari-7613.4.1.0-branch
Commit: 34444ef889fb9b8778d7fe2b40c2a16880c36230
https://github.com/WebKit/WebKit/commit/34444ef889fb9b8778d7fe2b40c2a16880c36230
Author: Matt Woodrow <mattwoodrow at apple.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt
M LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt
M LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt
A LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt
A LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
Log Message:
-----------
Cherry-pick ad6383440b73. rdar://problem/101291011
Throw a DataCloneError when attempting to serialize an ImageBitmap without the origin-clean flag.
https://bugs.webkit.org/show_bug.cgi?id=246783
<rdar://100901435>
Reviewed by Youenn Fablet.
The HTML spec expects us to reject serialization/transfer of ImageBitmaps that don't have the origin-clean flag, rather
than tansferring them and tainting any <canvas> elements they get drawn to.
* LayoutTests/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt:
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt:
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt:
* LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt:
* LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt:
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneSerializer::dumpImageBitmap):
(WebCore::SerializedScriptValue::create):
Canonical link: https://commits.webkit.org/255882@main
Canonical link: https://commits.webkit.org/245886.842@safari-7613.4.1.0-branch
Commit: 5ab53f3b7c90100bd9d1eacbc4df091fc67eed95
https://github.com/WebKit/WebKit/commit/5ab53f3b7c90100bd9d1eacbc4df091fc67eed95
Author: Michael Saboff <msaboff at apple.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
A JSTests/stress/regexp-strengthreduce-results-noholes.js
M Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp
Log Message:
-----------
Cherry-pick b0b694fd099f. rdar://problem/100902686
Strength reduction analyzes RegEx.exec incorrectly and generate a hole for the result array
https://bugs.webkit.org/show_bug.cgi?id=245464
rdar://100494428
Reviewed by Mark Lam.
When employing RegExp.exec strength reductions, we need to create "undefined" entries in the result array
instead of null entries per the EcmaScript spec for RegExp.match.
* JSTests/stress/regexp-strengthreduce-results-noholes.js: Added.
(runRegExp):
(assertSameAsFirstResult):
* Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
Canonical link: https://commits.webkit.org/256241@main
Canonical link: https://commits.webkit.org/245886.843@safari-7613.4.1.0-branch
Commit: 203a082fdd7b87e8a2e83f89e7f1b2fdc9eee58e
https://github.com/WebKit/WebKit/commit/203a082fdd7b87e8a2e83f89e7f1b2fdc9eee58e
Author: Kimmo Kinnunen <kkinnunen at apple.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M LayoutTests/fast/canvas/webgl/largeBuffer-expected.txt
M LayoutTests/fast/canvas/webgl/largeBuffer.html
A LayoutTests/platform/gtk/fast/canvas/webgl/largeBuffer-expected.txt
A LayoutTests/webgl/buffer-copysubdata-overlap-no-crash-expected.txt
A LayoutTests/webgl/buffer-copysubdata-overlap-no-crash.html
M LayoutTests/webgl/webgl-allow-shared-expected.txt
M Source/WebCore/html/canvas/WebGL2RenderingContext.cpp
M Source/WebCore/html/canvas/WebGL2RenderingContext.h
M Source/WebCore/html/canvas/WebGLBuffer.cpp
M Source/WebCore/html/canvas/WebGLBuffer.h
M Source/WebCore/html/canvas/WebGLRenderingContext.cpp
M Source/WebCore/html/canvas/WebGLRenderingContext.h
M Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp
M Source/WebCore/html/canvas/WebGLRenderingContextBase.h
Log Message:
-----------
Cherry-pick be0a403feb9d. rdar://problem/101591366
WebGL buffers maintain shadow copy
https://bugs.webkit.org/show_bug.cgi?id=245137
rdar://97453557
Reviewed by Kenneth Russell.
Remove the code caching the WebGL buffer data and size.
The data was used to assert that indices drawn with DrawElements are
in range for other buffers.
Remove the data, it is verified by ANGLE.
The size was used to assert that updates to the buffer are in range.
Since we do not check the success of the updates, we cannot cache the
size. The size is checked by ANGLE.
* LayoutTests/webgl/buffer-copysubdata-overlap-no-crash.html: Added.
* Source/WebCore/html/canvas/WebGL2RenderingContext.cpp:
(WebCore::WebGL2RenderingContext::copyBufferSubData):
(WebCore::WebGL2RenderingContext::getBufferSubData):
(WebCore::WebGL2RenderingContext::validateIndexArrayConservative): Deleted.
* Source/WebCore/html/canvas/WebGL2RenderingContext.h:
* Source/WebCore/html/canvas/WebGLBuffer.cpp:
(WebCore::WebGLBuffer::WebGLBuffer):
(WebCore::WebGLBuffer::associateBufferDataImpl):
(WebCore::WebGLBuffer::associateBufferSubDataImpl):
(WebCore::WebGLBuffer::associateCopyBufferSubData):
* Source/WebCore/html/canvas/WebGLBuffer.h:
* Source/WebCore/html/canvas/WebGLRenderingContext.cpp:
* Source/WebCore/html/canvas/WebGLRenderingContext.h:
* Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::bufferData):
(WebCore::WebGLRenderingContextBase::bufferSubData):
(WebCore::WebGLRenderingContextBase::validateVertexAttributes):
(WebCore::WebGLRenderingContextBase::validateDrawArrays):
(WebCore::WebGLRenderingContextBase::validateDrawElements):
* Source/WebCore/html/canvas/WebGLRenderingContextBase.h:
(WebCore::WebGLRenderingContextBase::getMaxIndex):
Canonical link: https://commits.webkit.org/254544@main
Canonical link: https://commits.webkit.org/245886.844@safari-7613.4.1.0-branch
Commit: 98c314b3d7f961c48123cae443675bdf26454bb1
https://github.com/WebKit/WebKit/commit/98c314b3d7f961c48123cae443675bdf26454bb1
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M Source/JavaScriptCore/dfg/DFGFailedFinalizer.h
M Source/JavaScriptCore/dfg/DFGFinalizer.h
M Source/JavaScriptCore/dfg/DFGJITFinalizer.h
M Source/JavaScriptCore/dfg/DFGPlan.cpp
M Source/JavaScriptCore/ftl/FTLJITFinalizer.h
Log Message:
-----------
Cherry-pick c4c58496ef4a. rdar://problem/101290752
[JSC] Simplify Finalization in DFG / FTL
https://bugs.webkit.org/show_bug.cgi?id=246724
rdar://101165751
Reviewed by Justin Michaud.
This patch simplifies DFG / FTL finalization by early returning failure case.
* Source/JavaScriptCore/dfg/DFGFailedFinalizer.h:
* Source/JavaScriptCore/dfg/DFGFinalizer.h:
* Source/JavaScriptCore/dfg/DFGJITFinalizer.h:
* Source/JavaScriptCore/dfg/DFGPlan.cpp:
(JSC::DFG::Plan::finalize):
* Source/JavaScriptCore/ftl/FTLJITFinalizer.h:
Canonical link: https://commits.webkit.org/255714@main
Canonical link: https://commits.webkit.org/245886.845@safari-7613.4.1.0-branch
Commit: e7eaf1f8634dc7f55ef19ef808ba658bff7e6060
https://github.com/WebKit/WebKit/commit/e7eaf1f8634dc7f55ef19ef808ba658bff7e6060
Author: Yijia Huang <hyjorc1 at gmail.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M Source/JavaScriptCore/dfg/DFGClobberize.h
Log Message:
-----------
Cherry-pick fd57a49d07c9. rdar://problem/100903734
[JSC] Should model BigInt with side effects
https://bugs.webkit.org/show_bug.cgi?id=246291
rdar://100494823
Reviewed by Yusuke Suzuki.
Operations with two BigInt operands have side effects,
which should not be hoisted from loops.
* Source/JavaScriptCore/dfg/DFGClobberize.cpp:
(JSC::DFG::doesWrites):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
Canonical link: https://commits.webkit.org/255368@main
Canonical link: https://commits.webkit.org/245886.846@safari-7613.4.1.0-branch
Commit: 3117d671e8053960f9912b564b94cb4bc0e3a537
https://github.com/WebKit/WebKit/commit/3117d671e8053960f9912b564b94cb4bc0e3a537
Author: Alan Coon <alancoon at apple.com>
Date: 2022-11-15 (Tue, 15 Nov 2022)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.6.1.0.2
Canonical link: https://commits.webkit.org/245886.847@safari-7613.4.1.0-branch
Commit: 60823f4925076fa93d2b2e2758e5317cdf80c46c
https://github.com/WebKit/WebKit/commit/60823f4925076fa93d2b2e2758e5317cdf80c46c
Author: David Degazio <d_degazio at apple.com>
Date: 2022-11-15 (Tue, 15 Nov 2022)
Changed paths:
A JSTests/stress/intl-locale-invalid-hourCycles.js
M Source/JavaScriptCore/runtime/IntlLocale.cpp
Log Message:
-----------
Cherry-pick 86fbeb6fcd63. rdar://problem/102251589
Intl.Locale.prototype.hourCycles leaks empty JSValue to script
https://bugs.webkit.org/show_bug.cgi?id=247562
rdar://102031379
Reviewed by Mark Lam.
We currently don't check if IntlLocale::hourCycles returns a null JSArray, which allows it
to be encoded as an empty JSValue and exposed to user code. This patch throws a TypeError
when udatpg_open returns a failed status.
* JSTests/stress/intl-locale-invalid-hourCycles.js: Added.
(main):
* Source/JavaScriptCore/runtime/IntlLocale.cpp:
(JSC::IntlLocale::hourCycles):
Canonical link: https://commits.webkit.org/256473@main
Canonical link: https://commits.webkit.org/245886.848@safari-7613.4.1.0-branch
Commit: a333f4e99c1e872b6a4cc3527f06b2a985e13c47
https://github.com/WebKit/WebKit/commit/a333f4e99c1e872b6a4cc3527f06b2a985e13c47
Author: Russell Epstein <repstein at apple.com>
Date: 2022-11-28 (Mon, 28 Nov 2022)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.6.1.0.3
Canonical link: https://commits.webkit.org/245886.849@safari-7613.4.1.0-branch
Commit: 9a529fd127ee65b2bf755781b2bb3ea6d13bf0b3
https://github.com/WebKit/WebKit/commit/9a529fd127ee65b2bf755781b2bb3ea6d13bf0b3
Author: Mark Lam <mark.lam at apple.com>
Date: 2022-11-28 (Mon, 28 Nov 2022)
Changed paths:
A JSTests/stress/speculate-real-number-in-object-is.js
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Log Message:
-----------
Cherry-pick 71cdc1c09ef1. rdar://problem/102718559
The provenType filtering in FTL's speculateRealNumber is incorrect.
https://bugs.webkit.org/show_bug.cgi?id=248266
<rdar://problem/102531234>
Reviewed by Justin Michaud.
speculateRealNumber does a doubleEqual compare, which filters out double values which
are not NaN. NaN values will fall through to the `intCase` block. In the `intCase` block,
the isNotInt32() check there was given a proven type that wrongly filters out ~SpecFullDouble.
Consider a scenario where the edge was proven to be { SpecInt32Only, SpecDoubleReal,
SpecDoublePureNaN }. SpecFullDouble is defined as SpecDoubleReal | SpecDoubleNaN, and
SpecDoubleNaN is defined as SpecDoublePureNaN | SpecDoubleImpureNaN. Hence, the filtering
of the proven type with ~SpecFullDouble means that isNotInt32() will effectively be given
a proven type of
{ SpecInt32Only, SpecDoubleReal, SpecDoublePureNaN } - { SpecDoubleReal, SpecDoublePureNaN }
which yields
{ SpecInt32Only }.
As a result, the compiler will think that that isNotIn32() check will always fail. This
is not correct if the actual incoming value for that edge is actually a PureNaN. In this
case, speculateRealNumber should have OSR exited, but it doesn't because it thinks that
the isNotInt32() check will always fail and elide the check altogether.
In this patch, we fix this by replacing the ~SpecFullDouble with ~SpecDoubleReal. We also
rename the `intCase` block to `intOrNaNCase` to document what it actually handles.
* JSTests/stress/speculate-real-number-in-object-is.js: Added.
(test.object_is_opt):
(test):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
Canonical link: https://commits.webkit.org/252432.839@safari-7614-branch
Canonical link: https://commits.webkit.org/245886.850@safari-7613.4.1.0-branch
Commit: 35d68a95bfa561eb979d36a3f35de4baa1f37f95
https://github.com/WebKit/WebKit/commit/35d68a95bfa561eb979d36a3f35de4baa1f37f95
Author: Alan Coon <alancoon at apple.com>
Date: 2022-12-05 (Mon, 05 Dec 2022)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.7.1.0.1
Canonical link: https://commits.webkit.org/245886.851@safari-7613.4.1.0-branch
Commit: fbdc7aab38a999c3ecba6c447e44c84121b43646
https://github.com/WebKit/WebKit/commit/fbdc7aab38a999c3ecba6c447e44c84121b43646
Author: Chris Dumez <cdumez at apple.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
A LayoutTests/svg/use-element-updateUserAgentShadowTree-crash-expected.txt
A LayoutTests/svg/use-element-updateUserAgentShadowTree-crash.html
M Source/WebCore/dom/EventTarget.cpp
Log Message:
-----------
Cherry-pick 0c1b973a7433. rdar://problem/103268389
Assertion hit under EventTarget::fireEventListeners()
https://bugs.webkit.org/show_bug.cgi?id=247580
rdar://98238259
Reviewed by Ryosuke Niwa.
We were hitting the `ScriptDisallowedScope::isScriptAllowedInMainThread()`
assertion under EventTarget::fireEventListeners(). However, the caller is
SVGUseElement::updateUserAgentShadowTree() which has a EventAllowedScope to
allow event dispatch in the shadow root subtree.
I updated the assertion in fireEventListeners() to rely on
isEventDispatchAllowedInSubtree() instead when the EventTarget is a Node,
so that the ScriptDisallowedScope is taken into account.
* LayoutTests/svg/use-element-updateUserAgentShadowTree-crash-expected.txt: Added.
* LayoutTests/svg/use-element-updateUserAgentShadowTree-crash.html: Added.
* Source/WebCore/dom/EventTarget.cpp:
(WebCore::EventTarget::fireEventListeners):
Canonical link: https://commits.webkit.org/256451@main
Canonical link: https://commits.webkit.org/245886.852@safari-7613.4.1.0-branch
Commit: b0b230bfb1d4f20a8bc6897d38a5d3a1055b24ef
https://github.com/WebKit/WebKit/commit/b0b230bfb1d4f20a8bc6897d38a5d3a1055b24ef
Author: Ryosuke Niwa <rniwa at webkit.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
A LayoutTests/editing/selection/modify-extend-iframe-orphan-expected.txt
A LayoutTests/editing/selection/modify-extend-iframe-orphan.html
M Source/WebCore/editing/FrameSelection.cpp
Log Message:
-----------
Cherry-pick fa17c4664715. rdar://problem/103268539
ASSERTION FAILED: !document().selection().selection().isOrphan() in ContainerNode::removeNodeWithScriptAssertion
https://bugs.webkit.org/show_bug.cgi?id=247781
rdar://101497964
Reviewed by Wenson Hsieh, Darin Adler and Geoffrey Garen.
The bug was caused by VisibleSelection::setBase setting selection ends to point to nodes
in a wrong document as a side effect of calling VisibleSelection::validate when m_anchor
isn't cleared due to a node removal when live range selection is disabled.
* LayoutTests/editing/selection/modify-extend-iframe-orphan-expected.txt: Added.
* LayoutTests/editing/selection/modify-extend-iframe-orphan.html: Added.
* Source/WebCore/editing/FrameSelection.cpp:
(WebCore::selectionIsOrphanedOrBelongsToWrongDocument):
(WebCore::FrameSelection::willBeModified):
Canonical link: https://commits.webkit.org/252432.816@safari-7614-branch
Canonical link: https://commits.webkit.org/245886.853@safari-7613.4.1.0-branch
Commit: 439f45e8cc712e2f294635b7820581e248e4a336
https://github.com/WebKit/WebKit/commit/439f45e8cc712e2f294635b7820581e248e4a336
Author: Arunsundar Kannan <arunsundar_kannan at apple.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
A LayoutTests/fast/forms/textfield-input-type-crash-onblur-expected.txt
A LayoutTests/fast/forms/textfield-input-type-crash-onblur.html
M Source/WebCore/html/HTMLInputElement.cpp
M Source/WebCore/html/HTMLOptionElement.cpp
M Source/WebCore/html/TextFieldInputType.cpp
Log Message:
-----------
Cherry-pick 665170902bfa. rdar://problem/103268522
UAF crash occurs during a style update when an older freed HTMLElement is accessed
https://bugs.webkit.org/show_bug.cgi?id=247389
rdar://101420898
Reviewed by Ryosuke Niwa and Ryan Haddad.
* LayoutTests/fast/forms/textfield-input-type-crash-onblur-expected.txt: Added.
* LayoutTests/fast/forms/textfield-input-type-crash-onblur.html: Added.
* Source/WebCore/html/HTMLInputElement.cpp:
(WebCore::HTMLInputElement::dataListMayHaveChanged):
* Source/WebCore/html/HTMLOptionElement.cpp:
(WebCore::HTMLOptionElement::childrenChanged):
* Source/WebCore/html/TextFieldInputType.cpp:
(WebCore::TextFieldInputType::createDataListDropdownIndicator):
(WebCore::TextFieldInputType::dataListMayHaveChanged):
Canonical link: https://commits.webkit.org/252432.838@safari-7614-branch
Canonical link: https://commits.webkit.org/245886.854@safari-7613.4.1.0-branch
Commit: e73e6e8c930f6b832eedd512afb0a3b80275f3b4
https://github.com/WebKit/WebKit/commit/e73e6e8c930f6b832eedd512afb0a3b80275f3b4
Author: Chris Dumez <cdumez at apple.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
A LayoutTests/fast/dom/lazy-loading-iframe-destruction-crash-expected.txt
A LayoutTests/fast/dom/lazy-loading-iframe-destruction-crash.html
M Source/WebCore/dom/Document.cpp
Log Message:
-----------
Cherry-pick a47510d4bcf4. rdar://problem/103268511
Fix potential crash under IntersectionObserver::disconnect()
https://bugs.webkit.org/show_bug.cgi?id=248111
rdar://100355921
Reviewed by Jonathan Bedard and Ryosuke Niwa.
Make sure we protect the intersection observers and resize observers before
calling disconnect() on them in Document::commonTeardown().
This is a speculative fix to address the crash in the radar, which I was
unable to reproduce.
* LayoutTests/fast/dom/lazy-loading-iframe-destruction-crash-expected.txt: Added.
* LayoutTests/fast/dom/lazy-loading-iframe-destruction-crash.html: Added.
Include test from the radar, even though it didn't reproduce the issue for me.
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::commonTeardown):
Canonical link: https://commits.webkit.org/252432.841@safari-7614-branch
Canonical link: https://commits.webkit.org/245886.855@safari-7613.4.1.0-branch
Commit: 6c5bd4c6add5dee12eadeaeccdda7bde1635f7a2
https://github.com/WebKit/WebKit/commit/6c5bd4c6add5dee12eadeaeccdda7bde1635f7a2
Author: Russell Epstein <repstein at apple.com>
Date: 2023-03-09 (Thu, 09 Mar 2023)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.7.1.0.2
Canonical link: https://commits.webkit.org/245886.856@safari-7613.4.1.0-branch
Commit: 8ff7845b649f934040f25cf736b0cd67246e7b1b
https://github.com/WebKit/WebKit/commit/8ff7845b649f934040f25cf736b0cd67246e7b1b
Author: David Degazio <d_degazio at apple.com>
Date: 2023-03-09 (Thu, 09 Mar 2023)
Changed paths:
A JSTests/stress/cell-speculated-array-indexof.js
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
Log Message:
-----------
Cherry-pick 1f4d2fc64a6d. rdar://problem/105801362
Cherry-pick 252432.1031 at safari-7614-branch (9f7e401c42a8). rdar://103852510
Fix use-after-free in DFGFixupPhase for array indexOf
https://bugs.webkit.org/show_bug.cgi?id=250429
rdar://103852510
Reviewed by Jonathan Bedard and Michael Saboff.
During DFG fixup, array indexOf nodes are folded to -1 when the search element is speculated
to be a different type than the array element (for instance, JSCell instead of Int32). When
this happens, a speculation check is inserted, which can cause the DFG graph's varArgChildren
array to reallocate. This invalidates the searchElement Edge reference, which we use
immediately after the check insertion in the fixup phase. This patch fixes this potential
use-after-free by grabbing the searchElement's associated node before inserting any checks,
giving us a persistent pointer to a DFG node rather than a reference into a vector.
* JSTests/stress/cell-speculated-array-indexof.js: Added.
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupArrayIndexOf):
Canonical link: https://commits.webkit.org/252432.1031@safari-7614-branch
Canonical link: https://commits.webkit.org/259548.18@safari-7615-branch
Canonical link: https://commits.webkit.org/245886.857@safari-7613.4.1.0-branch
Commit: e2295297cb5a7a9a7885a8e23bd24396885af926
https://github.com/WebKit/WebKit/commit/e2295297cb5a7a9a7885a8e23bd24396885af926
Author: Patrick Angle <pangle at apple.com>
Date: 2023-03-09 (Thu, 09 Mar 2023)
Changed paths:
A LayoutTests/inspector/console/console-recursive-logging-expected.txt
A LayoutTests/inspector/console/console-recursive-logging.html
M Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.cpp
M Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.h
Log Message:
-----------
Cherry-pick edbb5f895484. rdar://problem/105800838
Cherry-pick 252432.1043 at safari-7614-branch (6633438abd8b). rdar://104083913
Web Inspector: Console messages that log a value that recursively logs crashes
https://bugs.webkit.org/show_bug.cgi?id=251018
rdar://104083913
Reviewed by Jonathan Bedard and Michael Saboff.
Web Inspector normally generates a preview for objects logged in the console when Web Inspector is open. However, it is
possible for authored pages to cause logging to occur when we attempt to generate the preview, as we must invoke getters
to get the values to display. In order to not recursively log messages to the console this patch turns off generating
previews for console messages that are logged while in middle of logging another console message. The user can still
generate a preview later in Web Inspector by using the disclosure triangle next to the message, which will then cause
the getter to be invoked, but the same protection will kick in to prevent recursive logging via generating previews
for objects.
* LayoutTests/inspector/console/console-recursive-logging-expected.txt: Added.
* LayoutTests/inspector/console/console-recursive-logging.html: Added.
* Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.cpp:
(Inspector::InspectorConsoleAgent::addConsoleMessage):
* Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.h:
Canonical link: https://commits.webkit.org/252432.1043@safari-7614-branch
Canonical link: https://commits.webkit.org/259548.28@safari-7615-branch
Canonical link: https://commits.webkit.org/245886.858@safari-7613.4.1.0-branch
Commit: bad5a3ee55c573b994d3edc891f6a6ae080bae41
https://github.com/WebKit/WebKit/commit/bad5a3ee55c573b994d3edc891f6a6ae080bae41
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-03-09 (Thu, 09 Mar 2023)
Changed paths:
M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
Log Message:
-----------
Cherry-pick 1b2eb138ef92. rdar://problem/105521390
[JSC] ToThis object folding should check if AbstractValue is always an object
https://bugs.webkit.org/show_bug.cgi?id=251944
rdar://105175786
Reviewed by Geoffrey Garen and Mark Lam.
ToThis can become Identity for strict mode if it is just primitive values or its object does not have toThis function overriding.
This is correct, but folding ToThis to Undefined etc. (not Identity) needs to check that an input only contains objects.
This patch adds appropriate checks to prevent from converting ToThis(GlobalObject | Int32) to Undefined for example.
* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::isToThisAnIdentity):
Canonical link: https://commits.webkit.org/259548.63@safari-7615-branch
Canonical link: https://commits.webkit.org/245886.859@safari-7613.4.1.0-branch
Commit: 78b5bc92d318f61e87d811ab05a5b676d678c67e
https://github.com/WebKit/WebKit/commit/78b5bc92d318f61e87d811ab05a5b676d678c67e
Author: Youenn Fablet <youennf at gmail.com>
Date: 2023-03-09 (Thu, 09 Mar 2023)
Changed paths:
A LayoutTests/http/wpt/resource-timing/crossorigin-servertiming-expected.txt
A LayoutTests/http/wpt/resource-timing/crossorigin-servertiming.html
A LayoutTests/http/wpt/resource-timing/resources/server-timing.py
M Source/WebCore/loader/ResourceTiming.cpp
M Source/WebCore/loader/ResourceTiming.h
M Source/WebCore/loader/ResourceTimingInformation.cpp
Log Message:
-----------
Cherry-pick b67af69609f3. rdar://problem/105277660
Cherry-pick 260006 at main (b67af69609f3). rdar://problem/104427347
Server-Timing data can be read cross-origin
https://bugs.webkit.org/show_bug.cgi?id=250837
rdar://problem/104427347
Reviewed by Alex Christensen.
For document (iframe, object, embed) loads, the origin of the load is the origin of the URL.
This is same origin by nature.
But the origin we will expose the timing info is the origin of the initiator.
Make sure to recompute the same origin request flag in that case.
* LayoutTests/http/wpt/resource-timing/crossorigin-servertiming-expected.txt: Added.
* LayoutTests/http/wpt/resource-timing/crossorigin-servertiming.html: Added.
* LayoutTests/http/wpt/resource-timing/server-timing.py: Added.
(main):
* Source/WebCore/loader/ResourceTiming.cpp:
(WebCore::ResourceTiming::updateExposure):
* Source/WebCore/loader/ResourceTiming.h:
* Source/WebCore/loader/ResourceTimingInformation.cpp:
(WebCore::ResourceTimingInformation::addResourceTiming):
Canonical link: https://commits.webkit.org/260006@main
Canonical link: https://commits.webkit.org/245886.860@safari-7613.4.1.0-branch
Commit: be65c40f9b68c4ba05a8434d279817243287a693
https://github.com/WebKit/WebKit/commit/be65c40f9b68c4ba05a8434d279817243287a693
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2023-03-09 (Thu, 09 Mar 2023)
Changed paths:
M Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.h
M Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm
M Source/WebKitLegacy/mac/WebView/WebJSPDFDoc.mm
Log Message:
-----------
Cherry-pick d0b789c9fd71. rdar://problem/105800422
Cherry-pick 252432.1017 at safari-7614-branch (94d37ad7d541). rdar://102740487
WebKit`WebKit::PDFPlugin::jsPDFDocPrint - type confusion
https://bugs.webkit.org/show_bug.cgi?id=249169
rdar://102740487
Reviewed by Tim Horton, Yusuke Suzuki and Jonathan Bedard.
When JavaScript is embedded inside a PDF and it invokes the `print()` function,
the `thisObject` parameter in `PDFPlugin::jsPDFDocPrint` is not guaranteed
to be the proper type. Currently, we errenously assume it always is the proper
type, and cast it to `PDFPlugin *`, which results in an object with garbage values.
This PR protects against this by first checking if the `thisObject` is the correct
JavaScript object type, before trying to cast it.
* Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.h:
* Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm:
(WebKit::PDFPlugin::jsPDFDocClass):
(WebKit::PDFPlugin::jsPDFDocPrint):
(WebKit::PDFPlugin::makeJSPDFDoc):
Canonical link: https://commits.webkit.org/252432.1017@safari-7614-branch
Canonical link: https://commits.webkit.org/259548.10@safari-7615-branch
Canonical link: https://commits.webkit.org/245886.861@safari-7613.4.1.0-branch
Commit: 0e93708599ea68f15a24a25e0601b26970652b17
https://github.com/WebKit/WebKit/commit/0e93708599ea68f15a24a25e0601b26970652b17
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-03-10 (Fri, 10 Mar 2023)
Changed paths:
R LayoutTests/http/wpt/resource-timing/crossorigin-servertiming-expected.txt
R LayoutTests/http/wpt/resource-timing/crossorigin-servertiming.html
R LayoutTests/http/wpt/resource-timing/resources/server-timing.py
M Source/WebCore/loader/ResourceTiming.cpp
M Source/WebCore/loader/ResourceTiming.h
M Source/WebCore/loader/ResourceTimingInformation.cpp
Log Message:
-----------
Revert b67af69609f3. rdar://problem/104427347
Canonical link: https://commits.webkit.org/245886.862@safari-7613.4.1.0-branch
Commit: 7b4f7a3d6191b98026a189d410cacfaa56828a57
https://github.com/WebKit/WebKit/commit/7b4f7a3d6191b98026a189d410cacfaa56828a57
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-03-10 (Fri, 10 Mar 2023)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.7.1.0.3
Canonical link: https://commits.webkit.org/245886.863@safari-7613.4.1.0-branch
Commit: 69ecc2db3ddfa37c7e8387076da5761d2a8add3f
https://github.com/WebKit/WebKit/commit/69ecc2db3ddfa37c7e8387076da5761d2a8add3f
Author: Russell Epstein <repstein at apple.com>
Date: 2023-03-13 (Mon, 13 Mar 2023)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.7.1.0.4
Canonical link: https://commits.webkit.org/245886.864@safari-7613.4.1.0-branch
Commit: 316b1d29dcfa9c1d0b2a3e060f32de16508d26a6
https://github.com/WebKit/WebKit/commit/316b1d29dcfa9c1d0b2a3e060f32de16508d26a6
Author: Russell Epstein <repstein at apple.com>
Date: 2023-03-13 (Mon, 13 Mar 2023)
Changed paths:
M Source/WebCore/loader/ResourceTiming.h
Log Message:
-----------
Unreviewed build fix. rdar://106638395
error: use of undeclared identifier 'm_initiatorType'; did you mean 'm_initiator
* Source/WebCore/loader/ResourceTiming.h:
(WebCore::ResourceTiming::overrideInitiatorType): Deleted.
(WebCore::ResourceTiming::isLoadedFromServiceWorker const): Deleted.
Canonical link: https://commits.webkit.org/245886.865@safari-7613.4.1.0-branch
Commit: ce8fb07d505e71648d0734f937a2d806eb25d05b
https://github.com/WebKit/WebKit/commit/ce8fb07d505e71648d0734f937a2d806eb25d05b
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-03-13 (Mon, 13 Mar 2023)
Changed paths:
M Source/WebCore/loader/ResourceTiming.h
Log Message:
-----------
Apply patch. rdar://problem/106657786
Canonical link: https://commits.webkit.org/245886.866@safari-7613.4.1.0-branch
Commit: 57c5ca45c3dd330f528f97daf18e18ea83b8ac72
https://github.com/WebKit/WebKit/commit/57c5ca45c3dd330f528f97daf18e18ea83b8ac72
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-03-13 (Mon, 13 Mar 2023)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.7.1.0.5
Canonical link: https://commits.webkit.org/245886.867@safari-7613.4.1.0-branch
Commit: bb402f886bb8d259aeeca94c032d019b5567cbe9
https://github.com/WebKit/WebKit/commit/bb402f886bb8d259aeeca94c032d019b5567cbe9
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-03-13 (Mon, 13 Mar 2023)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.7.1.0.6
Canonical link: https://commits.webkit.org/245886.868@safari-7613.4.1.0-branch
Commit: 064b9dcb834bb1e0c2f4a4a475165b51dd6ef719
https://github.com/WebKit/WebKit/commit/064b9dcb834bb1e0c2f4a4a475165b51dd6ef719
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-03-31 (Fri, 31 Mar 2023)
Changed paths:
M Source/JavaScriptCore/heap/Heap.cpp
M Source/JavaScriptCore/heap/Heap.h
M Source/JavaScriptCore/heap/HeapInlines.h
M Source/JavaScriptCore/runtime/ArgList.cpp
M Source/JavaScriptCore/runtime/ArgList.h
M Source/WebCore/Modules/webaudio/AudioWorkletProcessor.cpp
M Source/WebCore/Modules/webaudio/AudioWorkletProcessor.h
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
Log Message:
-----------
Apply patch. rdar://problem/107487307
Identifier: 245886.869 at safari-7613.4.1.0-branch
Commit: f6fab214cb2964db175051611f6382e0f73597d3
https://github.com/WebKit/WebKit/commit/f6fab214cb2964db175051611f6382e0f73597d3
Author: JC Alvarado <joncarlo at apple.com>
Date: 2023-04-19 (Wed, 19 Apr 2023)
Changed paths:
A LayoutTests/fast/editing/insert-text-hit-testing-crash-expected.txt
A LayoutTests/fast/editing/insert-text-hit-testing-crash.html
M Source/WebCore/dom/Document.cpp
M Source/WebCore/rendering/HitTestRequest.h
Log Message:
-----------
Cherry-pick 3a1ba44290d8. rdar://problem/107442800
Update layout of child frames before hit testing a document if necessary
https://bugs.webkit.org/show_bug.cgi?id=253615
rdar://105873211
Reviewed by Alan Baradlay.
If hit testing can recurse into a child frame, we should make sure that
layout and style are updated for all children before proceeding with
hit testing.
* LayoutTests/fast/editing/insert-text-hit-testing-crash-expected.txt: Added.
* LayoutTests/fast/editing/insert-text-hit-testing-crash.html: Added.
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::hitTest):
Canonical link: https://commits.webkit.org/259548.435@safari-7615-branch
Identifier: 245886.870 at safari-7613.4.1.0-branch
Commit: bfa4aa719905e2d0ba7a68c326015bec8d6a6d34
https://github.com/WebKit/WebKit/commit/bfa4aa719905e2d0ba7a68c326015bec8d6a6d34
Author: Claudio Saavedra <csaavedra at igalia.com>
Date: 2023-04-19 (Wed, 19 Apr 2023)
Changed paths:
A LayoutTests/fast/css/content/display-contents-on-focus-crash-expected.txt
A LayoutTests/fast/css/content/display-contents-on-focus-crash.html
Log Message:
-----------
Cherry-pick 4f8eae698e45. rdar://problem/107442491
Cherry-pick 260286.12 at webkit-2023.2-embargoed (042db6f5677e). rdar://104813991
Add test for display contents on focus change
https://bugs.webkit.org/show_bug.cgi?id=251380
Reviewed by Antti Koivisto.
Already fixed by #248776, but add this test for
completeness.
* LayoutTests/fast/css/content/display-contents-on-focus-crash-expected.txt: Added.
* LayoutTests/fast/css/content/display-contents-on-focus-crash.html: Added.
Canonical link: https://commits.webkit.org/260286.12@webkit-2023.2-embargoed
Canonical link: https://commits.webkit.org/259548.438@safari-7615-branch
Identifier: 245886.871 at safari-7613.4.1.0-branch
Commit: 652b47ac12910adbd496e6ac0e1485a39cbedc9d
https://github.com/WebKit/WebKit/commit/652b47ac12910adbd496e6ac0e1485a39cbedc9d
Author: Dan Robson <dan_robson at apple.com>
Date: 2023-04-19 (Wed, 19 Apr 2023)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.7.1.0.7
Identifier: 245886.872 at safari-7613.4.1.0-branch
Commit: 191dd7481553ed65eea5baaa82efdb20133310ce
https://github.com/WebKit/WebKit/commit/191dd7481553ed65eea5baaa82efdb20133310ce
Author: Antoine Quint <graouts at webkit.org>
Date: 2023-04-21 (Fri, 21 Apr 2023)
Changed paths:
M Source/WebCore/animation/WebAnimation.cpp
Log Message:
-----------
Cherry-pick 1d6fe184ea53. rdar://problem/108268317
Potential use-after-free in WebAnimation::commitStyles
https://bugs.webkit.org/show_bug.cgi?id=254840
rdar://107444873
Reviewed by Dean Jackson and Darin Adler.
Ensure that the animation's effect and target are kept alive for the duration of this method
since it is possible that calling updateStyleIfNeeded() could call into JavaScript and thus
these two pointers could be changed to a null value using the Web Animations API.
* Source/WebCore/animation/WebAnimation.cpp:
(WebCore::WebAnimation::commitStyles):
Canonical link: https://commits.webkit.org/259548.532@safari-7615-branch
Identifier: 245886.873 at safari-7613.4.1.0-branch
Commit: d821eb321bcb58be3af0d5d5c7c60b668558dea8
https://github.com/WebKit/WebKit/commit/d821eb321bcb58be3af0d5d5c7c60b668558dea8
Author: Michael Saboff <msaboff at apple.com>
Date: 2023-04-21 (Fri, 21 Apr 2023)
Changed paths:
A JSTests/stress/string-replace-regexp-matchBOL-correct-advancing.js
M Source/JavaScriptCore/runtime/StringPrototype.cpp
M Source/JavaScriptCore/yarr/YarrInterpreter.cpp
Log Message:
-----------
Cherry-pick e34edaa74575. rdar://problem/108268269
[JSC] RegExpGlobalData::performMatch issue leading to OOB read
https://bugs.webkit.org/show_bug.cgi?id=254930
rdar://107436732
Reviewed by Alexey Shvayka.
Fixed two issues:
1) In YarrInterpreter.cpp::matchAssertionBOL() we were advancing the string position for non-BMP
characters. Since it is an assertion, we shouldn't advance the character position.
Made the same fix to matchAssertionEOL().
2) In StringPrototype.cpp::replaceUsingRegExpSearch(), we need to advance past both elements of
a non-BMP character for the case where the RegExp match is empty.
* JSTests/stress/string-replace-regexp-matchBOL-correct-advancing.js: New test.
* Source/JavaScriptCore/runtime/StringPrototype.cpp:
(JSC::replaceUsingRegExpSearch):
* Source/JavaScriptCore/yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::InputStream::readCheckedDontAdvance):
(JSC::Yarr::Interpreter::matchAssertionBOL):
(JSC::Yarr::Interpreter::matchAssertionEOL):
Canonical link: https://commits.webkit.org/259548.551@safari-7615-branch
Identifier: 245886.874 at safari-7613.4.1.0-branch
Commit: 1bf221218148312ced767ec053ba76ee3b562548
https://github.com/WebKit/WebKit/commit/1bf221218148312ced767ec053ba76ee3b562548
Author: Russell Epstein <repstein at apple.com>
Date: 2023-04-24 (Mon, 24 Apr 2023)
Changed paths:
M Source/WebCore/animation/WebAnimation.cpp
Log Message:
-----------
Build fix after 245886.873 at safari-7613.4.1.0-branch (191dd748). rdar://108441251
Reviewed by NOBODY (OOPS!).
./animation/WebAnimation.cpp:1434:21: error: use of undeclared identifier 'dynamicDowncast'
Canonical link: https://commits.webkit.org/245886.875@safari-7613.4.1.0-branch
Commit: 55b72b3873735fcc004a51f9a5c46f28de59d433
https://github.com/WebKit/WebKit/commit/55b72b3873735fcc004a51f9a5c46f28de59d433
Author: Russell Epstein <repstein at apple.com>
Date: 2023-04-24 (Mon, 24 Apr 2023)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.7.1.0.8
Canonical link: https://commits.webkit.org/245886.876@safari-7613.4.1.0-branch
Commit: 09d0da3257b960ac36c87c30b32ec0dd34277080
https://github.com/WebKit/WebKit/commit/09d0da3257b960ac36c87c30b32ec0dd34277080
Author: Russell Epstein <repstein at apple.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.7.1.0.9
Canonical link: https://commits.webkit.org/245886.877@safari-7613.4.1.0-branch
Commit: aff18bad2bdac69e0751ae62ad33ab35b47b0b7f
https://github.com/WebKit/WebKit/commit/aff18bad2bdac69e0751ae62ad33ab35b47b0b7f
Author: Russell Epstein <repstein at apple.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
A JSTests/wasm/stress/big-try-simd.js
A JSTests/wasm/stress/big-try.js
A JSTests/wasm/stress/big-tuple-args.js
A JSTests/wasm/stress/big-tuple.js
A JSTests/wasm/stress/simd-big-tuple.js
A JSTests/wasm/stress/tag-return.js
M Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmSectionParser.cpp
Log Message:
-----------
Cherry-pick 50c7aaec2f53. rdar://problem/110417987
Fixup air pointer args if they are not valid in BBQ
https://bugs.webkit.org/show_bug.cgi?id=251890
rdar://105079565
Reviewed by Mark Lam and Yusuke Suzuki.
We are not fixing up air args if their offsets don't fit into the instruction
in a few cases.
Here are some examples:
MoveDouble 28480(%sp), %q16 ; too big
MoveVector 248(%sp), %q16 ; not 16-byte aligned
Let's fix up these arguments. We also fix a missing validation check
when parsing exception tags exposed by this test.
* Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp:
(JSC::Wasm::AirIRGenerator64::addReturn):
* Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h:
(JSC::Wasm::AirIRGeneratorBase::emitPatchpoint):
oops
Canonical link: https://commits.webkit.org/260038@main
Canonical link: https://commits.webkit.org/245886.878@safari-7613.4.1.0-branch
Commit: 4da19b4d18521e2cbc43b5ffd58c8b39ef0c43e8
https://github.com/WebKit/WebKit/commit/4da19b4d18521e2cbc43b5ffd58c8b39ef0c43e8
Author: Russell Epstein <repstein at apple.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
R JSTests/wasm/stress/big-try-simd.js
R JSTests/wasm/stress/big-try.js
R JSTests/wasm/stress/big-tuple-args.js
R JSTests/wasm/stress/big-tuple.js
R JSTests/wasm/stress/simd-big-tuple.js
R JSTests/wasm/stress/tag-return.js
M Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmSectionParser.cpp
Log Message:
-----------
Revert "Cherry-pick 50c7aaec2f53. rdar://problem/110417987"
This reverts commit aff18bad2bdac69e0751ae62ad33ab35b47b0b7f.
Canonical link: https://commits.webkit.org/245886.879@safari-7613.4.1.0-branch
Commit: a3ec65d1dc564b3ee6e0ce7eb0d70332e3a6232c
https://github.com/WebKit/WebKit/commit/a3ec65d1dc564b3ee6e0ce7eb0d70332e3a6232c
Author: Russell Epstein <repstein at apple.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
A JSTests/wasm/stress/big-try-simd.js
A JSTests/wasm/stress/big-try.js
A JSTests/wasm/stress/big-tuple-args.js
A JSTests/wasm/stress/big-tuple.js
A JSTests/wasm/stress/simd-big-tuple.js
A JSTests/wasm/stress/tag-return.js
M Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmSectionParser.cpp
Log Message:
-----------
Cherry-pick 50c7aaec2f53. rdar://problem/110417987
Fixup air pointer args if they are not valid in BBQ
https://bugs.webkit.org/show_bug.cgi?id=251890
rdar://105079565
Reviewed by Mark Lam and Yusuke Suzuki.
We are not fixing up air args if their offsets don't fit into the instruction
in a few cases.
Here are some examples:
MoveDouble 28480(%sp), %q16 ; too big
MoveVector 248(%sp), %q16 ; not 16-byte aligned
Let's fix up these arguments. We also fix a missing validation check
when parsing exception tags exposed by this test.
* Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp:
(JSC::Wasm::AirIRGenerator64::addReturn):
* Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h:
(JSC::Wasm::AirIRGeneratorBase::emitPatchpoint):
oops
Canonical link: https://commits.webkit.org/260038@main
Canonical link: https://commits.webkit.org/245886.880@safari-7613.4.1.0-branch
Commit: 11308106e8d10e3ffa1294190158b140bdffce45
https://github.com/WebKit/WebKit/commit/11308106e8d10e3ffa1294190158b140bdffce45
Author: Russell Epstein <repstein at apple.com>
Date: 2023-06-14 (Wed, 14 Jun 2023)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.7.1.0.10
Canonical link: https://commits.webkit.org/245886.881@safari-7613.4.1.0-branch
Commit: 3c6aa94ff6804fe9880e86192e46d429d450db1d
https://github.com/WebKit/WebKit/commit/3c6aa94ff6804fe9880e86192e46d429d450db1d
Author: David Degazio <d_degazio at apple.com>
Date: 2023-06-14 (Wed, 14 Jun 2023)
Changed paths:
M Source/JavaScriptCore/dfg/DFGClobberize.h
M Source/JavaScriptCore/dfg/DFGHeapLocation.cpp
M Source/JavaScriptCore/dfg/DFGHeapLocation.h
Log Message:
-----------
Cherry-pick 01e86f13952b. rdar://problem/110785576
Backport fix for erroneous CSE of EnumeratorNextUpdateIndexAndMode and HasIndexedProperty
rdar://110785576
Reviewed by Michael Saboff, Justin Michaud and Yusuke Suzuki.
Backports part of https://commits.webkit.org/263909@main, which
prevents erroneous elimination of an EnumeratorNextUpdateIndexAndMode
and HasIndexedProperty node pair if they have the same operands.
The full commit in 263909 at main depends on the existence of DFG tuples,
which haven't yet been brought into the security branch, so those
parts are omitted from this patch.
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGHeapLocation.cpp:
(WTF::printInternal):
* Source/JavaScriptCore/dfg/DFGHeapLocation.h:
Canonical link: https://commits.webkit.org/259548.828@safari-7615-branch
Canonical link: https://commits.webkit.org/245886.882@safari-7613.4.1.0-branch
Commit: 4795348abf733ef068339fb8c2ad779535c90f9e
https://github.com/WebKit/WebKit/commit/4795348abf733ef068339fb8c2ad779535c90f9e
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-06-22 (Thu, 22 Jun 2023)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.7.1.0.11
Identifier: 245886.883 at safari-7613.4.1.0-branch
Commit: fb80de39f95d07e99149c82e386f89db34ba1bd4
https://github.com/WebKit/WebKit/commit/fb80de39f95d07e99149c82e386f89db34ba1bd4
Author: Matthew Finkel <sysrqb at apple.com>
Date: 2023-06-22 (Thu, 22 Jun 2023)
Changed paths:
A LayoutTests/http/tests/mime/resources/.htaccess
A LayoutTests/http/tests/mime/resources/svg-with-html.svg
A LayoutTests/http/tests/mime/resources/xml-with-html.xml
A LayoutTests/http/tests/mime/svg-with-html-expected.txt
A LayoutTests/http/tests/mime/svg-with-html.html
A LayoutTests/http/tests/mime/xml-with-html-expected.txt
A LayoutTests/http/tests/mime/xml-with-html.html
M Source/WebCore/platform/network/ios/WebCoreURLResponseIOS.mm
Log Message:
-----------
Cherry-pick c9d2edfda9b0. rdar://problem/110134509
[ios] Prioritize text/plain MIME type over file extension for XML file types
https://bugs.webkit.org/show_bug.cgi?id=257299
rdar://107379119
Reviewed by David Kilzer.
When we receive a file with a text/plain resource, we try harder to find a
better match for the file content, but this can potentially lead to an issue
with some file types like XML. Therefore, if the server says that a file should
be treated as text/plain, and we decide that it is actually XML or SVG, we
prefer using text/plain.
* LayoutTests/http/tests/mime/resources/.htaccess: Added.
* LayoutTests/http/tests/mime/resources/svg-with-html.svg: Added.
* LayoutTests/http/tests/mime/resources/xml-with-html.xml: Added.
* LayoutTests/http/tests/mime/svg-with-html-expected.txt: Added.
* LayoutTests/http/tests/mime/svg-with-html.html: Added.
* LayoutTests/http/tests/mime/xml-with-html-expected.txt: Added.
* LayoutTests/http/tests/mime/xml-with-html.html: Added.
* Source/WebCore/platform/network/ios/WebCoreURLResponseIOS.mm:
(WebCore::shouldPreferTextPlainMIMEType):
(WebCore::adjustMIMETypeIfNecessary):
Canonical link: https://commits.webkit.org/259548.786@safari-7615-branch
Identifier: 245886.884 at safari-7613.4.1.0-branch
Commit: 1eedcf8bdc6c81fc9df38ae651e51e1a24811271
https://github.com/WebKit/WebKit/commit/1eedcf8bdc6c81fc9df38ae651e51e1a24811271
Author: Mike Wyrzykowski <mwyrzykowski at apple.com>
Date: 2023-06-22 (Thu, 22 Jun 2023)
Changed paths:
M Source/WebKit/GPUProcess/graphics/WebGPU/RemoteBuffer.cpp
Log Message:
-----------
Cherry-pick 54408f5746f2. rdar://problem/109368007
[WebGPU] RemoteBuffer unmap should check the input vector
https://bugs.webkit.org/show_bug.cgi?id=255350
<rdar://107947502>
Reviewed by Myles C. Maxfield.
Ensure data vector passed to unmap is valid for the currently
mapped buffer.
* Source/WebKit/GPUProcess/graphics/WebGPU/RemoteBuffer.cpp:
(WebKit::RemoteBuffer::unmap):
Canonical link: https://commits.webkit.org/262895@main
Identifier: 245886.885 at safari-7613.4.1.0-branch
Commit: 94269f38667c05f4c5b0de31b41c13f45cf4f749
https://github.com/WebKit/WebKit/commit/94269f38667c05f4c5b0de31b41c13f45cf4f749
Author: Youenn Fablet <youennf at gmail.com>
Date: 2023-06-22 (Thu, 22 Jun 2023)
Changed paths:
M Source/ThirdParty/libwebrtc/Source/webrtc/pc/rtc_stats_collector.cc
Log Message:
-----------
Cherry-pick b273da8975a7. rdar://problem/109364379
[WebRTC] oob in RTCStatsCollector::ProduceTransportStats_n
https://bugs.webkit.org/show_bug.cgi?id=256516
rdar://109084778
Reviewed by Eric Carlson.
Cherry-pick libwebrtc 124d7c3fe5bdc79a355c9df02d07f25331631a68, which makes sure to check that the iterator is valid before using it.
* Source/ThirdParty/libwebrtc/Source/webrtc/pc/rtc_stats_collector.cc:
Canonical link: https://commits.webkit.org/259548.747@safari-7615-branch
Identifier: 245886.886 at safari-7613.4.1.0-branch
Commit: 0ecc03977c9905717191a2ddd2ef58dfa642e30f
https://github.com/WebKit/WebKit/commit/0ecc03977c9905717191a2ddd2ef58dfa642e30f
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-06-23 (Fri, 23 Jun 2023)
Changed paths:
M Source/WebCore/loader/DocumentLoader.cpp
Log Message:
-----------
Cherry-pick 3d72c3255b5f. rdar://problem/109364674
Follow-up to 259548.752 at safari-7615-branch to cancel navigations instead of blocking them
https://bugs.webkit.org/show_bug.cgi?id=257161
rdar://108794051
Reviewed by Alex Christensen.
259548.752 at safari-7615-branch added further restrictions to prevent top-frame navigations
by third-party iframes, in particular using redirects. I had decided to block the redirect
with a blockedError(). However, it turns out that Safari shows an error page when doing
so, which results in a bad user experience since the top frame is still being navigated
(to an error page).
To address the issue, I am now cancelling the redirect instead and returning a
cancelledError(). I have verified that Safari doesn't show an error page in this case and
that the top frame is not getting navigated.
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::willSendRequest):
Canonical link: https://commits.webkit.org/259548.773@safari-7615-branch
Identifier: 245886.887 at safari-7613.4.1.0-branch
Commit: 72ad0ccbf2c95c2fe6ac3ccb660b1820a9f31421
https://github.com/WebKit/WebKit/commit/72ad0ccbf2c95c2fe6ac3ccb660b1820a9f31421
Author: Russell Epstein <repstein at apple.com>
Date: 2023-06-29 (Thu, 29 Jun 2023)
Changed paths:
M Source/WebCore/loader/DocumentLoader.cpp
Log Message:
-----------
Revert "Cherry-pick 3d72c3255b5f. rdar://problem/109364674"
This reverts commit 0ecc03977c9905717191a2ddd2ef58dfa642e30f.
Canonical link: https://commits.webkit.org/245886.888@safari-7613.4.1.0-branch
Commit: 75be9e38d797a2ab86c3ad3fcf2e7582c478fd5c
https://github.com/WebKit/WebKit/commit/75be9e38d797a2ab86c3ad3fcf2e7582c478fd5c
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-06-29 (Thu, 29 Jun 2023)
Changed paths:
M LayoutTests/fast/files/null-origin-string-expected.txt
M LayoutTests/fast/files/null-origin-string.html
A LayoutTests/http/tests/security/block-top-level-navigation-to-different-scheme-by-third-party-iframes-expected.txt
A LayoutTests/http/tests/security/block-top-level-navigation-to-different-scheme-by-third-party-iframes.html
A LayoutTests/http/tests/security/block-top-level-navigation-via-redirect-by-third-party-iframes-expected.txt
A LayoutTests/http/tests/security/block-top-level-navigation-via-redirect-by-third-party-iframes.html
A LayoutTests/http/tests/security/resources/navigate-top-level-frame-to-failure-page-different-scheme.html
A LayoutTests/http/tests/security/resources/navigate-top-level-frame-to-failure-page-via-redirect.html
M Source/WebCore/dom/Document.cpp
M Source/WebCore/dom/Document.h
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/NavigationRequester.cpp
M Source/WebCore/loader/NavigationRequester.h
Log Message:
-----------
Cherry-pick a0fa94d1a572. rdar://problem/109364674
Restrict further top-frame navigations by a third-party iframe
https://bugs.webkit.org/show_bug.cgi?id=256549
rdar://108794051
Reviewed by Geoffrey Garen.
Restrict further top-frame navigations by a third-party iframe:
- Block navigations to a different scheme
- Block navigations that start off same-site but redirect to a different site
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::isNavigationBlockedByThirdPartyIFrameRedirectBlocking):
* Source/WebCore/dom/Document.h:
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::willSendRequest):
* Source/WebCore/loader/NavigationRequester.cpp:
(WebCore::NavigationRequester::from):
* Source/WebCore/loader/NavigationRequester.h:
(WebCore::NavigationRequester::encode const):
(WebCore::NavigationRequester::decode):
Canonical link: https://commits.webkit.org/259548.752@safari-7615-branch
Canonical link: https://commits.webkit.org/245886.889@safari-7613.4.1.0-branch
Commit: 91f6449855d7b4c788004236769b3ef4d9d7fb5d
https://github.com/WebKit/WebKit/commit/91f6449855d7b4c788004236769b3ef4d9d7fb5d
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-06-29 (Thu, 29 Jun 2023)
Changed paths:
M Source/WebCore/loader/DocumentLoader.cpp
Log Message:
-----------
Cherry-pick 3d72c3255b5f. rdar://problem/109364674
Follow-up to 259548.752 at safari-7615-branch to cancel navigations instead of blocking them
https://bugs.webkit.org/show_bug.cgi?id=257161
rdar://108794051
Reviewed by Alex Christensen.
259548.752 at safari-7615-branch added further restrictions to prevent top-frame navigations
by third-party iframes, in particular using redirects. I had decided to block the redirect
with a blockedError(). However, it turns out that Safari shows an error page when doing
so, which results in a bad user experience since the top frame is still being navigated
(to an error page).
To address the issue, I am now cancelling the redirect instead and returning a
cancelledError(). I have verified that Safari doesn't show an error page in this case and
that the top frame is not getting navigated.
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::willSendRequest):
Canonical link: https://commits.webkit.org/259548.773@safari-7615-branch
Canonical link: https://commits.webkit.org/245886.890@safari-7613.4.1.0-branch
Commit: b31ad7afb078a495a6ac152efc12c36b8093d75c
https://github.com/WebKit/WebKit/commit/b31ad7afb078a495a6ac152efc12c36b8093d75c
Author: Russell Epstein <repstein at apple.com>
Date: 2023-06-29 (Thu, 29 Jun 2023)
Changed paths:
M Source/WebCore/loader/NavigationRequester.h
Log Message:
-----------
Unreviewed build fix for rdar://109364674
Canonical link: https://commits.webkit.org/245886.891@safari-7613.4.1.0-branch
Commit: 9ec1cb5444b253336b76328637e97bcceff6a30c
https://github.com/WebKit/WebKit/commit/9ec1cb5444b253336b76328637e97bcceff6a30c
Author: Ryan Reno <rreno at apple.com>
Date: 2023-06-29 (Thu, 29 Jun 2023)
Changed paths:
A LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframe-sandboxed-by-own-csp-expected.txt
A LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframe-sandboxed-by-own-csp.html
A LayoutTests/http/tests/security/resources/attempt-top-level-navigation-with-csp.py
M Source/WebCore/dom/Document.cpp
Log Message:
-----------
Cherry-pick 18a05c43972c. rdar://problem/111460456
Third Party IFrame Navigation Block Bypass via Content Security Policy Sandbox
https://bugs.webkit.org/show_bug.cgi?id=257903
rdar://109059471
Reviewed by Brent Fulgham.
If a third-party iframe is unsandboxed we will prevent top navigation
without user interaction with the frame. However, this is bypassable if
the iframe gives itself a sandbox which allows top navigation via CSP.
This change checks to see if the iframe element was unsandboxed and
proceeds with the more strict third-party checks if so.
* LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframe-sandboxed-by-own-csp-expected.txt: Added.
* LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframe-sandboxed-by-own-csp.html: Added.
* LayoutTests/http/tests/security/resources/attempt-top-level-navigation-with-csp.py: Added.
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::isNavigationBlockedByThirdPartyIFrameRedirectBlocking):
Canonical link: https://commits.webkit.org/259548.823@safari-7615-branch
Identifier: 245886.892 at safari-7613.4.1.0-branch
Commit: 4d33406a25a5ef7b45bbcc0e5da94dc728b6de37
https://github.com/WebKit/WebKit/commit/4d33406a25a5ef7b45bbcc0e5da94dc728b6de37
Author: Alex Christensen <achristensen at apple.com>
Date: 2023-06-29 (Thu, 29 Jun 2023)
Changed paths:
M Source/WebCore/editing/markup.cpp
Log Message:
-----------
Cherry-pick 9cd44913c84e. rdar://problem/111460732
Disable link preload when sanitizing web content
https://bugs.webkit.org/show_bug.cgi?id=258100
rdar://109675198
Reviewed by Chris Dumez.
Otherwise we get a request in the network process with an invalid pageID,
and it MESSAGE_CHECKs and terminates the process.
* Source/WebCore/editing/markup.cpp:
(WebCore::createPageForSanitizingWebContent):
Canonical link: https://commits.webkit.org/259548.830@safari-7615-branch
Identifier: 245886.893 at safari-7613.4.1.0-branch
Commit: d1a418452f33f1884d72c08502c519181d81774e
https://github.com/WebKit/WebKit/commit/d1a418452f33f1884d72c08502c519181d81774e
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-06-30 (Fri, 30 Jun 2023)
Changed paths:
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Log Message:
-----------
Apply patch. rdar://problem/109780783
Identifier: 245886.894 at safari-7613.4.1.0-branch
Commit: 07ed7165bda3da710c4392448e728a95b8ab3d26
https://github.com/WebKit/WebKit/commit/07ed7165bda3da710c4392448e728a95b8ab3d26
Author: Patrick Angle <pangle at apple.com>
Date: 2023-06-30 (Fri, 30 Jun 2023)
Changed paths:
A LayoutTests/css3/filters/filter-visited-links-expected.html
A LayoutTests/css3/filters/filter-visited-links.html
M Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.cpp
Log Message:
-----------
Cherry-pick e74d4b07ad38. rdar://problem/109780610
Web Inspector: Deeply nested console logging can cause ConsoleMessage to be destroyed while we are still trying to log it
https://bugs.webkit.org/show_bug.cgi?id=256932
rdar://108063640
Reviewed by Mark Lam.
InspectorConsoleAgent has been incorrectly managing the lifetime of each ConsoleMessage by moving messages into a vector
of messages before we have passed those messages on to the frontend. This means that a console message that causes
another console message to be logged may eventually cause our original message to be dropped from the vector if this
occurs deeply enough. At that point, when we unwind back to the original message, it has been destroyed while we are
trying to send it to the frontend, which results in a bad time because we are still inside a function on the
ConsoleMessage that tries to access its own member variables like m_arguments, and fails because the message object
itself has been destroyed, taking its members with it.
This also fixes a subtle message inversion in the backlog of messages and what is logged to the console when Web
Inspector is open, since the message is sent to the frontend after all other processing, but we were previously adding
the message to the vector of past messages before that processing (which may in turn cause more logging before the
actual logging we called in to perform) to occur.
A second minor issue is that ScriptCallStack is incorrectly asserting in its constructor, which preventing investigation
of this issue initially. The call stack should be less than __or equal to__ the max call stack, not just less than.
* Source/JavaScriptCore/inspector/ConsoleMessage.cpp:
(Inspector::ConsoleMessage::addToFrontend):
* Source/JavaScriptCore/inspector/InjectedScript.cpp:
(Inspector::InjectedScript::wrapObject const):
(Inspector::InjectedScript::wrapTable const):
* Source/JavaScriptCore/inspector/ScriptCallStack.cpp:
(Inspector::ScriptCallStack::ScriptCallStack):
* Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.cpp:
(Inspector::InspectorConsoleAgent::addConsoleMessage):
* Source/WebCore/page/PageConsoleClient.cpp:
(WebCore::PageConsoleClient::messageWithTypeAndLevel):
Canonical link: https://commits.webkit.org/259548.777@safari-7615-branch
Identifier: 245886.895 at safari-7613.4.1.0-branch
Commit: 8c68ef39aa9841447b24b2d960b23df3efaa155d
https://github.com/WebKit/WebKit/commit/8c68ef39aa9841447b24b2d960b23df3efaa155d
Author: Said Abou-Hallawa <said at apple.com>
Date: 2023-06-30 (Fri, 30 Jun 2023)
Changed paths:
M Source/WebCore/rendering/PaintPhase.h
M Source/WebCore/rendering/RenderLayer.cpp
M Source/WebCore/rendering/StyledMarkedText.cpp
M Source/WebCore/rendering/TextDecorationPainter.cpp
M Source/WebCore/rendering/TextDecorationPainter.h
M Source/WebCore/rendering/TextPaintStyle.cpp
M Source/WebCore/rendering/style/RenderStyle.cpp
M Source/WebCore/rendering/style/RenderStyle.h
Log Message:
-----------
Cherry-pick 89399f0f4614. rdar://problem/111116301
Prevent SVG filters from leaking visited hyperlinks
https://bugs.webkit.org/show_bug.cgi?id=257822
rdar://109749006
Reviewed by Simon Fraser.
We should prevent websites from learning which sites have been visited via SVG
filters on hyperlinks, per the attack described in https://arxiv.org/abs/2305.12784.
This can be acheived by ignoring the visited links color when a filter is applied
to the anchor element.
* LayoutTests/css3/filters/filter-visited-links-expected.html: Added.
* LayoutTests/css3/filters/filter-visited-links.html: Added.
* Source/WebCore/rendering/PaintPhase.h:
* Source/WebCore/rendering/RenderLayer.cpp:
(WebCore::RenderLayer::paintLayerContents):
(WebCore::RenderLayer::paintForegroundForFragments):
(WebCore::RenderLayer::calculateClipRects const):
* Source/WebCore/rendering/StyledMarkedText.cpp:
(WebCore::resolveStyleForMarkedText):
(WebCore::StyledMarkedText::computeStyleForUnmarkedMarkedText):
* Source/WebCore/rendering/TextDecorationPainter.cpp:
(WebCore::collectStylesForRenderer):
(WebCore::TextDecorationPainter::decorationColor):
(WebCore::TextDecorationPainter::stylesForRenderer):
* Source/WebCore/rendering/TextDecorationPainter.h:
(WebCore::TextDecorationPainter::decorationColor):
(WebCore::TextDecorationPainter::stylesForRenderer):
* Source/WebCore/rendering/TextPaintStyle.cpp:
(WebCore::computeTextPaintStyle):
* Source/WebCore/rendering/style/RenderStyle.cpp:
(WebCore::RenderStyle::visitedDependentColor const):
(WebCore::RenderStyle::visitedDependentColorWithColorFilter const):
* Source/WebCore/rendering/style/RenderStyle.h:
(WebCore::RenderStyle::visitedDependentColor):
(WebCore::RenderStyle::visitedDependentColorWithColorFilter):
Canonical link: https://commits.webkit.org/259548.820@safari-7615-branch
Identifier: 245886.896 at safari-7613.4.1.0-branch
Commit: 2aed4a9c6b63e758b13a69a0354912ab9a949118
https://github.com/WebKit/WebKit/commit/2aed4a9c6b63e758b13a69a0354912ab9a949118
Author: Ryan Reno <rreno at apple.com>
Date: 2023-06-30 (Fri, 30 Jun 2023)
Changed paths:
A LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation-expected.txt
A LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation.html
A LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation-expected.txt
A LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation.html
M Source/WebCore/loader/FrameLoader.cpp
M Source/WebCore/loader/NavigationRequester.cpp
M Source/WebCore/loader/NavigationRequester.h
Log Message:
-----------
Cherry-pick 47ed6aa2ea88. rdar://problem/110801928
Block sandboxed frames from navigating to javascript URLs without allow-scripts sandbox flag.
https://bugs.webkit.org/show_bug.cgi?id=257824
rdar://108462161
Reviewed by Alex Christensen.
Sandboxed iframes could execute script in a target frame by navigating
the frame to a javascript: URL. For example, the top frame when the
iframe has the sandbox flag "allow-top-navigation". This change checks to see if
the "allow-scripts" flag is set before executing the URL in the target frame.
* LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation-expected.txt: Added.
* LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation.html: Added.
* LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation-expected.txt: Added.
* LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation.html: Added.
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::executeJavaScriptURL):
* Source/WebCore/loader/NavigationRequester.cpp:
(WebCore::NavigationRequester::from):
* Source/WebCore/loader/NavigationRequester.h:
(WebCore::NavigationRequester::encode const):
(WebCore::NavigationRequester::decode):
Canonical link: https://commits.webkit.org/259548.813@safari-7615-branch
Identifier: 245886.897 at safari-7613.4.1.0-branch
Commit: 4d7ef3096d32bcdeefd46940234a15c8973b88bd
https://github.com/WebKit/WebKit/commit/4d7ef3096d32bcdeefd46940234a15c8973b88bd
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-06-30 (Fri, 30 Jun 2023)
Changed paths:
M LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt
M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe.html
A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe.html
M LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked-expected.txt
M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html
M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html
M LayoutTests/http/tests/security/referrer-policy-header-multipart.html
M LayoutTests/http/tests/security/referrer-policy-header-test.js
M LayoutTests/http/tests/security/referrer-policy-header.html
M LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-always.html
M LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-default.html
M LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-never.html
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer.html
M LayoutTests/http/tests/security/referrer-policy-https-origin-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-origin.html
M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url.html
M LayoutTests/http/tests/security/resources/postReferrer.py
M LayoutTests/http/tests/security/resources/referrer-policy-log.py
M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-getCurrentPosition.html
M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-watchPosition.html
M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-meta-tag.py
M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.py
R LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http-expected.txt
R LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html
M LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window-expected.txt
A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/nested-documents-expected.txt
A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/unlock-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
M LayoutTests/platform/win/TestExpectations
M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt
M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt
R LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
M Source/WebCore/Modules/websockets/WebSocket.cpp
M Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp
M Source/WebCore/html/HTMLFormElement.cpp
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/DocumentThreadableLoader.cpp
M Source/WebCore/loader/MixedContentChecker.cpp
M Source/WebCore/loader/MixedContentChecker.h
M Source/WebCore/loader/SubframeLoader.cpp
M Source/WebCore/loader/cache/CachedResourceLoader.cpp
Log Message:
-----------
Cherry-pick bc09b6fca325. rdar://problem/110471649
Identifier: 245886.898 at safari-7613.4.1.0-branch
Commit: 99edce29b194c5bec63fb823ec513a0ce58f5d9d
https://github.com/WebKit/WebKit/commit/99edce29b194c5bec63fb823ec513a0ce58f5d9d
Author: Dan Robson <dan_robson at apple.com>
Date: 2023-06-30 (Fri, 30 Jun 2023)
Changed paths:
M Source/WebCore/loader/NavigationRequester.h
Log Message:
-----------
Apply patch. rdar://problem/110471649
Identifier: 245886.899 at safari-7613.4.1.0-branch
Commit: e20fa9d214e30181b2fbb7ac0c71e00a2b5af9fe
https://github.com/WebKit/WebKit/commit/e20fa9d214e30181b2fbb7ac0c71e00a2b5af9fe
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-07-03 (Mon, 03 Jul 2023)
Changed paths:
M Source/WebCore/rendering/PaintPhase.h
M Source/WebCore/rendering/RenderLayer.cpp
M Source/WebCore/rendering/StyledMarkedText.cpp
M Source/WebCore/rendering/TextDecorationPainter.cpp
M Source/WebCore/rendering/TextDecorationPainter.h
M Source/WebCore/rendering/TextPaintStyle.cpp
M Source/WebCore/rendering/style/RenderStyle.cpp
M Source/WebCore/rendering/style/RenderStyle.h
Log Message:
-----------
Revert "Cherry-pick 89399f0f4614. rdar://problem/111116301"
This reverts commit 8c68ef39aa9841447b24b2d960b23df3efaa155d.
Identifier: 245886.900 at safari-7613.4.1.0-branch
Commit: 4ea83cb14ac5407fca2c88b3791b2c3e7ba81e9b
https://github.com/WebKit/WebKit/commit/4ea83cb14ac5407fca2c88b3791b2c3e7ba81e9b
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-07-03 (Mon, 03 Jul 2023)
Changed paths:
M Source/WebCore/loader/NavigationRequester.cpp
Log Message:
-----------
Unreviewed build fix. rdar://110801928
Commit: 104d1ef5ed804c804c54e15816ce52ea98dbc274
https://github.com/WebKit/WebKit/commit/104d1ef5ed804c804c54e15816ce52ea98dbc274
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-07-03 (Mon, 03 Jul 2023)
Changed paths:
M Source/WebCore/loader/NavigationRequester.h
Log Message:
-----------
Revert "Apply patch. rdar://problem/110471649"
This reverts commit 99edce29b194c5bec63fb823ec513a0ce58f5d9d.
Identifier: 245886.902 at safari-7613.4.1.0-branch
Commit: cf7397266af431f8039256c605b065401d9a20ec
https://github.com/WebKit/WebKit/commit/cf7397266af431f8039256c605b065401d9a20ec
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-07-03 (Mon, 03 Jul 2023)
Changed paths:
M LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt
M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe.html
R LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
R LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe.html
M LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked-expected.txt
M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html
M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html
M LayoutTests/http/tests/security/referrer-policy-header-multipart.html
M LayoutTests/http/tests/security/referrer-policy-header-test.js
M LayoutTests/http/tests/security/referrer-policy-header.html
M LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-always.html
M LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-default.html
M LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-never.html
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer.html
M LayoutTests/http/tests/security/referrer-policy-https-origin-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-origin.html
M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url.html
M LayoutTests/http/tests/security/resources/postReferrer.py
M LayoutTests/http/tests/security/resources/referrer-policy-log.py
M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-getCurrentPosition.html
M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-watchPosition.html
M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-meta-tag.py
M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.py
A LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http-expected.txt
A LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html
M LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window-expected.txt
R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/nested-documents-expected.txt
R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/unlock-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
M LayoutTests/platform/win/TestExpectations
M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt
M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt
A LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
M Source/WebCore/Modules/websockets/WebSocket.cpp
M Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp
M Source/WebCore/html/HTMLFormElement.cpp
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/DocumentThreadableLoader.cpp
M Source/WebCore/loader/MixedContentChecker.cpp
M Source/WebCore/loader/MixedContentChecker.h
M Source/WebCore/loader/SubframeLoader.cpp
M Source/WebCore/loader/cache/CachedResourceLoader.cpp
Log Message:
-----------
Revert "Cherry-pick bc09b6fca325. rdar://problem/110471649"
This reverts commit 4d7ef3096d32bcdeefd46940234a15c8973b88bd.
Identifier: 245886.903 at safari-7613.4.1.0-branch
Commit: 487117eff994d3a7be0ecc9015681df06352aa8a
https://github.com/WebKit/WebKit/commit/487117eff994d3a7be0ecc9015681df06352aa8a
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-07-03 (Mon, 03 Jul 2023)
Changed paths:
M Source/WebCore/loader/NavigationRequester.cpp
Log Message:
-----------
Revert "Unreviewed build fix. rdar://110801928"
This reverts commit 4ea83cb14ac5407fca2c88b3791b2c3e7ba81e9b.
Identifier: 245886.904 at safari-7613.4.1.0-branch
Commit: 9eb9400d761a183538d87d35b06eb2dcf06c54e2
https://github.com/WebKit/WebKit/commit/9eb9400d761a183538d87d35b06eb2dcf06c54e2
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-07-03 (Mon, 03 Jul 2023)
Changed paths:
R LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation-expected.txt
R LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation.html
R LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation-expected.txt
R LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation.html
M Source/WebCore/loader/FrameLoader.cpp
M Source/WebCore/loader/NavigationRequester.cpp
M Source/WebCore/loader/NavigationRequester.h
Log Message:
-----------
Revert "Cherry-pick 47ed6aa2ea88. rdar://problem/110801928"
This reverts commit 2aed4a9c6b63e758b13a69a0354912ab9a949118.
Identifier: 245886.905 at safari-7613.4.1.0-branch
Commit: 43ac5b8e8849102e00d7dd7b2ff3d9a96d3df414
https://github.com/WebKit/WebKit/commit/43ac5b8e8849102e00d7dd7b2ff3d9a96d3df414
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-07-05 (Wed, 05 Jul 2023)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.7.1.0.12
Identifier: 245886.906 at safari-7613.4.1.0-branch
Commit: 2c9836d5695f3e0001ce5f58e6582526d5402403
https://github.com/WebKit/WebKit/commit/2c9836d5695f3e0001ce5f58e6582526d5402403
Author: Ryan Reno <rreno at apple.com>
Date: 2023-07-05 (Wed, 05 Jul 2023)
Changed paths:
A LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation-expected.txt
A LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation.html
A LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation-expected.txt
A LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation.html
M Source/WebCore/loader/FrameLoader.cpp
M Source/WebCore/loader/NavigationRequester.cpp
M Source/WebCore/loader/NavigationRequester.h
Log Message:
-----------
Cherry-pick 47ed6aa2ea88. rdar://problem/110801928
Block sandboxed frames from navigating to javascript URLs without allow-scripts sandbox flag.
https://bugs.webkit.org/show_bug.cgi?id=257824
rdar://108462161
Reviewed by Alex Christensen.
Sandboxed iframes could execute script in a target frame by navigating
the frame to a javascript: URL. For example, the top frame when the
iframe has the sandbox flag "allow-top-navigation". This change checks to see if
the "allow-scripts" flag is set before executing the URL in the target frame.
* LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation-expected.txt: Added.
* LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation.html: Added.
* LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation-expected.txt: Added.
* LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation.html: Added.
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::executeJavaScriptURL):
* Source/WebCore/loader/NavigationRequester.cpp:
(WebCore::NavigationRequester::from):
* Source/WebCore/loader/NavigationRequester.h:
(WebCore::NavigationRequester::encode const):
(WebCore::NavigationRequester::decode):
Canonical link: https://commits.webkit.org/259548.813@safari-7615-branch
Identifier: 245886.907 at safari-7613.4.1.0-branch
Commit: df2c1fdba80152eb4ab298c766df983346840591
https://github.com/WebKit/WebKit/commit/df2c1fdba80152eb4ab298c766df983346840591
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-07-05 (Wed, 05 Jul 2023)
Changed paths:
M LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt
M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe.html
A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe.html
M LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked-expected.txt
M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html
M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html
M LayoutTests/http/tests/security/referrer-policy-header-multipart.html
M LayoutTests/http/tests/security/referrer-policy-header-test.js
M LayoutTests/http/tests/security/referrer-policy-header.html
M LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-always.html
M LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-default.html
M LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-never.html
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer.html
M LayoutTests/http/tests/security/referrer-policy-https-origin-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-origin.html
M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url.html
M LayoutTests/http/tests/security/resources/postReferrer.py
M LayoutTests/http/tests/security/resources/referrer-policy-log.py
M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-getCurrentPosition.html
M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-watchPosition.html
M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-meta-tag.py
M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.py
R LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http-expected.txt
R LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html
M LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window-expected.txt
A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/nested-documents-expected.txt
A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/unlock-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
M LayoutTests/platform/win/TestExpectations
M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt
M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt
R LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
M Source/WebCore/Modules/websockets/WebSocket.cpp
M Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp
M Source/WebCore/html/HTMLFormElement.cpp
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/DocumentThreadableLoader.cpp
M Source/WebCore/loader/MixedContentChecker.cpp
M Source/WebCore/loader/MixedContentChecker.h
M Source/WebCore/loader/SubframeLoader.cpp
M Source/WebCore/loader/cache/CachedResourceLoader.cpp
Log Message:
-----------
Apply patch. rdar://problem/110471649
Identifier: 245886.908 at safari-7613.4.1.0-branch
Commit: 557b7c352c61a4baff617826a31fe8f8b1ee07d3
https://github.com/WebKit/WebKit/commit/557b7c352c61a4baff617826a31fe8f8b1ee07d3
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-07-05 (Wed, 05 Jul 2023)
Changed paths:
M Source/WebCore/loader/NavigationRequester.h
Log Message:
-----------
Apply patch. rdar://problem/110471649
Identifier: 245886.909 at safari-7613.4.1.0-branch
Commit: 79909f9fb603246919a8e46d0381130431f1efaf
https://github.com/WebKit/WebKit/commit/79909f9fb603246919a8e46d0381130431f1efaf
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-07-07 (Fri, 07 Jul 2023)
Changed paths:
M Source/WebCore/loader/MixedContentChecker.cpp
Log Message:
-----------
Apply patch. rdar://problem/110471649
Identifier: 245886.910 at safari-7613.4.1.0-branch
Commit: 0f0b8fe7852e5f3c1541b29e0b3b96411855fba4
https://github.com/WebKit/WebKit/commit/0f0b8fe7852e5f3c1541b29e0b3b96411855fba4
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-07-07 (Fri, 07 Jul 2023)
Changed paths:
R LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation-expected.txt
R LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation.html
R LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation-expected.txt
R LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation.html
M Source/WebCore/loader/FrameLoader.cpp
M Source/WebCore/loader/NavigationRequester.cpp
M Source/WebCore/loader/NavigationRequester.h
Log Message:
-----------
Revert "Cherry-pick 47ed6aa2ea88. rdar://problem/110801928"
This reverts commit 2c9836d5695f3e0001ce5f58e6582526d5402403.
Identifier: 245886.911 at safari-7613.4.1.0-branch
Commit: 177aabaa4e4572e9b0513589f772a728c9ebedb7
https://github.com/WebKit/WebKit/commit/177aabaa4e4572e9b0513589f772a728c9ebedb7
Author: Dan Robson <dan_robson at apple.com>
Date: 2023-07-10 (Mon, 10 Jul 2023)
Changed paths:
M LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt
M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe.html
R LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
R LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe.html
M LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked-expected.txt
M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html
M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html
M LayoutTests/http/tests/security/referrer-policy-header-multipart.html
M LayoutTests/http/tests/security/referrer-policy-header-test.js
M LayoutTests/http/tests/security/referrer-policy-header.html
M LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-always.html
M LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-default.html
M LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-never.html
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer.html
M LayoutTests/http/tests/security/referrer-policy-https-origin-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-origin.html
M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url.html
M LayoutTests/http/tests/security/resources/postReferrer.py
M LayoutTests/http/tests/security/resources/referrer-policy-log.py
M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-getCurrentPosition.html
M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-watchPosition.html
M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-meta-tag.py
M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.py
A LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http-expected.txt
A LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html
M LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window-expected.txt
R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/nested-documents-expected.txt
R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/unlock-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
M LayoutTests/platform/win/TestExpectations
M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt
M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt
A LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/Modules/websockets/WebSocket.cpp
M Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebCore/html/HTMLFormElement.cpp
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/DocumentThreadableLoader.cpp
M Source/WebCore/loader/MixedContentChecker.cpp
M Source/WebCore/loader/MixedContentChecker.h
M Source/WebCore/loader/SubframeLoader.cpp
M Source/WebCore/loader/cache/CachedResourceLoader.cpp
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Revert rdar://110801928
Identifier: 245886.912 at safari-7613.4.1.0-branch
Commit: 57521f7aec18ba94201b6d4dd81563455d1952c2
https://github.com/WebKit/WebKit/commit/57521f7aec18ba94201b6d4dd81563455d1952c2
Author: Justin Michaud <justin_michaud at apple.com>
Date: 2023-07-10 (Mon, 10 Jul 2023)
Changed paths:
A JSTests/stress/putstacksinking-callvarargs.js
A JSTests/stress/putstacksinking-tailcallvarargs.js
M Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h
Log Message:
-----------
Cherry-pick c3d2e3627b45. rdar://problem/111523858
CallVarargs should identify that it can read inline call frame arguments.
rdar://111361499
Reviewed by Yusuke Suzuki.
Call already does this, but CallVarargs has a special case that forgot.
We should not be allowed to push PutStacks below a call of any kind, since
it might access our call frame's arguments via foo.arguments, unless
we are strict.
The only exception is TailCall (but not TailCallForwardVarargsInlinedCaller),
because it will destroy the entire frame.
We do not un-pessimize TailCall yet to reduce risk, but it could be made
to match TailCallForwardVarargs in the future.
* JSTests/stress/putstacksinking-callvarargs.js: Added.
(main.opt.x):
(main.opt.y):
(main.opt.z):
(main.opt):
(main):
* JSTests/stress/putstacksinking-tailcallvarargs.js: Added.
(main.opt.x):
(main.opt.y):
(main.opt.z):
(main.opt):
(main):
* Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h:
(JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
Canonical link: https://commits.webkit.org/259548.856@safari-7615-branch
Identifier: 245886.913 at safari-7613.4.1.0-branch
Commit: 67921fb95566632ecfcab780e1637425226b23d6
https://github.com/WebKit/WebKit/commit/67921fb95566632ecfcab780e1637425226b23d6
Author: Dan Robson <dan_robson at apple.com>
Date: 2023-07-10 (Mon, 10 Jul 2023)
Changed paths:
M Source/WebCore/rendering/PaintPhase.h
M Source/WebCore/rendering/RenderLayer.cpp
M Source/WebCore/rendering/StyledMarkedText.cpp
M Source/WebCore/rendering/TextBoxPainter.cpp
M Source/WebCore/rendering/TextDecorationPainter.cpp
M Source/WebCore/rendering/TextDecorationPainter.h
M Source/WebCore/rendering/TextPaintStyle.cpp
M Source/WebCore/rendering/style/RenderStyle.cpp
M Source/WebCore/rendering/style/RenderStyle.h
Log Message:
-----------
Apply patch. rdar://problem/111116301
Identifier: 245886.914 at safari-7613.4.1.0-branch
Commit: a513eba5c0f5795313bd1d46f96a9becbf03a906
https://github.com/WebKit/WebKit/commit/a513eba5c0f5795313bd1d46f96a9becbf03a906
Author: Dan Robson <dan_robson at apple.com>
Date: 2023-07-10 (Mon, 10 Jul 2023)
Changed paths:
M LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt
M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe.html
A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe.html
M LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked-expected.txt
M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html
M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html
M LayoutTests/http/tests/security/referrer-policy-header-multipart.html
M LayoutTests/http/tests/security/referrer-policy-header-test.js
M LayoutTests/http/tests/security/referrer-policy-header.html
M LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-always.html
M LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-default.html
M LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-never.html
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer.html
M LayoutTests/http/tests/security/referrer-policy-https-origin-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-origin.html
M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url.html
M LayoutTests/http/tests/security/resources/postReferrer.py
M LayoutTests/http/tests/security/resources/referrer-policy-log.py
M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-getCurrentPosition.html
M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-watchPosition.html
M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-meta-tag.py
M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.py
R LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http-expected.txt
R LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html
M LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window-expected.txt
A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/nested-documents-expected.txt
A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/unlock-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
M LayoutTests/platform/win/TestExpectations
M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt
M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt
R LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
M Source/WebCore/Modules/websockets/WebSocket.cpp
M Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp
M Source/WebCore/html/HTMLFormElement.cpp
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/DocumentThreadableLoader.cpp
M Source/WebCore/loader/MixedContentChecker.cpp
M Source/WebCore/loader/MixedContentChecker.h
M Source/WebCore/loader/SubframeLoader.cpp
M Source/WebCore/loader/cache/CachedResourceLoader.cpp
Log Message:
-----------
Apply patch. rdar://problem/110471649
Identifier: 245886.915 at safari-7613.4.1.0-branch
Commit: d19588e4c038b6bd56bf4b43c9a14f9d60e71271
https://github.com/WebKit/WebKit/commit/d19588e4c038b6bd56bf4b43c9a14f9d60e71271
Author: Dan Robson <dan_robson at apple.com>
Date: 2023-07-10 (Mon, 10 Jul 2023)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.7.1.0.12
Identifier: 245886.916 at safari-7613.4.1.0-branch
Commit: 9850fba63aa864fff9fc6d065c8d9355d62c5745
https://github.com/WebKit/WebKit/commit/9850fba63aa864fff9fc6d065c8d9355d62c5745
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-07-11 (Tue, 11 Jul 2023)
Changed paths:
M LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https-expected.txt
M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt
M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe.html
R LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
R LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe.html
M LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked-expected.txt
M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html
M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html
M LayoutTests/http/tests/security/referrer-policy-header-multipart.html
M LayoutTests/http/tests/security/referrer-policy-header-test.js
M LayoutTests/http/tests/security/referrer-policy-header.html
M LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-always.html
M LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-default.html
M LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-never.html
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html
M LayoutTests/http/tests/security/referrer-policy-https-no-referrer.html
M LayoutTests/http/tests/security/referrer-policy-https-origin-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-origin.html
M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url-expected.txt
M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url.html
M LayoutTests/http/tests/security/resources/postReferrer.py
M LayoutTests/http/tests/security/resources/referrer-policy-log.py
M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-getCurrentPosition.html
M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-watchPosition.html
M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-meta-tag.py
M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.py
A LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http-expected.txt
A LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html
M LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window-expected.txt
R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/nested-documents-expected.txt
R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/unlock-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
M LayoutTests/platform/win/TestExpectations
M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt
M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt
A LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
M Source/WebCore/Modules/websockets/WebSocket.cpp
M Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp
M Source/WebCore/html/HTMLFormElement.cpp
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/DocumentThreadableLoader.cpp
M Source/WebCore/loader/MixedContentChecker.cpp
M Source/WebCore/loader/MixedContentChecker.h
M Source/WebCore/loader/SubframeLoader.cpp
M Source/WebCore/loader/cache/CachedResourceLoader.cpp
Log Message:
-----------
Revert "Apply patch. rdar://problem/110471649"
This reverts commit a513eba5c0f5795313bd1d46f96a9becbf03a906.
Identifier: 245886.917 at safari-7613.4.1.0-branch
Commit: 4b6f7229ece73498b5f84e7d5aa646c973539053
https://github.com/WebKit/WebKit/commit/4b6f7229ece73498b5f84e7d5aa646c973539053
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-07-11 (Tue, 11 Jul 2023)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.7.1.0.13
Identifier: 245886.918 at safari-7613.4.1.0-branch
Compare: https://github.com/WebKit/WebKit/compare/6b69f56e4cc9%5E...4b6f7229ece7
More information about the webkit-changes
mailing list