[webkit-changes] [WebKit/WebKit] af0115: Versioning.
Charlie Wolfe
noreply at github.com
Tue Oct 29 16:27:38 PDT 2024
Branch: refs/heads/safari-7619-branch
Home: https://github.com/WebKit/WebKit
Commit: af0115561cc960eba143acafe9486ed0e2dbe3f0
https://github.com/WebKit/WebKit/commit/af0115561cc960eba143acafe9486ed0e2dbe3f0
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2024-07-30 (Tue, 30 Jul 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7619.2.1
Canonical link: https://commits.webkit.org/280938.162@safari-7619-branch
Commit: 2f8cc6f1cecc7a5ac6c2ef6dd1c6d23023049610
https://github.com/WebKit/WebKit/commit/2f8cc6f1cecc7a5ac6c2ef6dd1c6d23023049610
Author: Nisha Jain <nisha_jain at apple.com>
Date: 2024-07-30 (Tue, 30 Jul 2024)
Changed paths:
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
M Tools/TestWebKitAPI/Tests/WebCore/SerializedScriptValue.cpp
Log Message:
-----------
Cherry-pick 272448.964 at safari-7618-branch (d3e1795539b0). rdar://131877278
"Fuzz blocker for WebCore-SerializedScriptValue-Deserialize-fuzzer in readTerminal() | case RegExpTag"
https://bugs.webkit.org/show_bug.cgi?id=272692
rdar://126142587
Reviewed by Chris Dumez.
During deserialization of IDBValueToJSValue based on RegExpTag, pointer to regExp is returned as NULL which causes ASSERT.
In order to avoid this issue for Release build checking the validity of reFlags.
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::readTerminal):
Canonical link: https://commits.webkit.org/272448.964@safari-7618-branch
Canonical link: https://commits.webkit.org/280938.163@safari-7619-branch
Commit: 77609a2b6f6614be14a8dabd5b651aadd5c5c7c3
https://github.com/WebKit/WebKit/commit/77609a2b6f6614be14a8dabd5b651aadd5c5c7c3
Author: Tyler Wilcock <tyler_w at apple.com>
Date: 2024-07-30 (Tue, 30 Jul 2024)
Changed paths:
M Source/WebCore/accessibility/AccessibilityObject.cpp
M Source/WebCore/accessibility/AccessibilityObject.h
M Source/WebCore/accessibility/cocoa/AccessibilityObjectCocoa.mm
M Source/WebCore/accessibility/ios/AccessibilityObjectIOS.mm
M Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp
M Source/WebCore/accessibility/mac/AccessibilityObjectMac.mm
M Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperBase.h
Log Message:
-----------
Cherry-pick 272448.996 at safari-7618-branch (50eaa40540f2). rdar://131875816
In AXIsolatedTree::resolveAppends(), m_unresolvedPendingAppends can be added to while being iterated, potentially causing memory safety issues
rdar://127694319
Reviewed by Andres Gonzalez.
Avoid this using std::exchange to put the HashMap on the stack before iterating over it. Anything subsequently added
to m_unresolvedPendingAppends will be processed in the next go-around of resolveAppends().
This patch also fixes several nullptr crashes found by ASAN in various tests.
* Source/WebCore/accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::anchorElementForNode):
* Source/WebCore/accessibility/AccessibilityObject.h:
* Source/WebCore/accessibility/cocoa/AccessibilityObjectCocoa.mm:
(WebCore::AccessibilityObject::contentForRange const):
* Source/WebCore/accessibility/ios/AccessibilityObjectIOS.mm:
(WebCore::attributedStringCreate):
* Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp:
(WebCore::AXIsolatedTree::resolveAppends):
* Source/WebCore/accessibility/mac/AccessibilityObjectMac.mm:
(WebCore::attributedStringSetHeadingLevel):
(WebCore::attributedStringSetBlockquoteLevel):
(WebCore::attributedStringSetExpandedText):
(WebCore::shouldHaveAnySpellCheckAttribute):
(WebCore::attributedStringCreate):
* Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperBase.h:
Canonical link: https://commits.webkit.org/272448.996@safari-7618-branch
Canonical link: https://commits.webkit.org/280938.164@safari-7619-branch
Commit: db72e4bebb80d994421c5b77ac8371c8d210eea4
https://github.com/WebKit/WebKit/commit/db72e4bebb80d994421c5b77ac8371c8d210eea4
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-07-30 (Tue, 30 Jul 2024)
Changed paths:
M Source/WebCore/platform/graphics/GraphicsContext.cpp
M Source/WebCore/platform/graphics/GraphicsContext.h
M Source/WebCore/platform/graphics/controls/ControlFactory.cpp
M Source/WebCore/platform/graphics/controls/ControlFactory.h
M Source/WebCore/platform/graphics/controls/ControlPart.cpp
M Source/WebCore/platform/graphics/controls/ControlPart.h
M Source/WebCore/platform/graphics/displaylists/DisplayListItem.cpp
M Source/WebCore/platform/graphics/displaylists/DisplayListItem.h
M Source/WebCore/platform/graphics/displaylists/DisplayListItems.cpp
M Source/WebCore/platform/graphics/displaylists/DisplayListItems.h
M Source/WebCore/platform/graphics/displaylists/DisplayListRecorder.cpp
M Source/WebCore/platform/graphics/displaylists/DisplayListRecorder.h
M Source/WebCore/platform/graphics/displaylists/DisplayListReplayer.cpp
M Source/WebCore/platform/graphics/displaylists/DisplayListReplayer.h
M Source/WebCore/platform/graphics/ios/controls/ControlFactoryIOS.mm
M Source/WebCore/platform/graphics/mac/controls/ControlFactoryMac.h
M Source/WebCore/platform/graphics/mac/controls/ControlFactoryMac.mm
M Source/WebCore/platform/graphics/mac/controls/ImageControlsButtonMac.mm
M Source/WebCore/rendering/TextPainter.cpp
M Source/WebKit/GPUProcess/graphics/RemoteDisplayListRecorder.cpp
M Source/WebKit/GPUProcess/graphics/RemoteDisplayListRecorder.h
M Tools/TestWebKitAPI/Tests/WebCore/cg/DisplayListTestsCG.cpp
Log Message:
-----------
Cherry-pick 272448.998 at safari-7618-branch (dac0ebcb77d8). rdar://131875719
[CoreIPC] -[NSButtonCell isKindOfClass:]: message sent to deallocated instance in WebCore::ControlMac::drawCellInternal
https://bugs.webkit.org/show_bug.cgi?id=273788
rdar://126071623
Reviewed by Said Abou-Hallawa.
`ControlFactory` is not a thread-safe object, and the shared factory should
only ever be used on the main thread. The shared factory is used by
`ControlPart` if one is not already assigned.
Currently, an attempt at ensuring thread-safety is made by avoiding use of
the shared factory on `RemoteRenderingBackend` work queues, by creating and
assigning a thread-specific `ControlFactory` to a `ControlPart` in
`RemoteDisplayListRecorder::drawControlPart`. However, this logic does not
account for the fact that the `DrawControlPart` display list item can also be
applied as a result of applying `DrawDisplayListItems`. In this scenario, the
`ControlPart` will have a null `ControlFactory`, and will simply fall back to
using the shared factory.
Fix by ensuring the creation of a `ControlFactory` in
`RemoteDisplayListRecorder::drawDisplayListItems`, and adding the necessary
plumbing to ensure `ControlPart`s drawn as a result of applying
`DrawDisplayListItems` use a thread-specific factory.
* Source/WebCore/platform/graphics/GraphicsContext.cpp:
(WebCore::GraphicsContext::drawDisplayListItems):
* Source/WebCore/platform/graphics/GraphicsContext.h:
* Source/WebCore/platform/graphics/controls/ControlFactory.cpp:
(WebCore::ControlFactory::create):
(WebCore::ControlFactory::shared):
Use `MainThreadNeverDestroyed`, as the shared factory is not thread-safe.
(WebCore::ControlFactory::createControlFactory): Deleted.
(WebCore::ControlFactory::sharedControlFactory): Deleted.
* Source/WebCore/platform/graphics/controls/ControlFactory.h:
Make `ControlFactory` ref-counted to avoid raw pointer usage in member variables.
Rename static methods to match WebKit convention.
* Source/WebCore/platform/graphics/controls/ControlPart.cpp:
(WebCore::ControlPart::controlFactory const):
* Source/WebCore/platform/graphics/controls/ControlPart.h:
(WebCore::ControlPart::setControlFactory):
(): Deleted.
* Source/WebCore/platform/graphics/displaylists/DisplayListItem.cpp:
(WebCore::DisplayList::applyItem):
* Source/WebCore/platform/graphics/displaylists/DisplayListItem.h:
* Source/WebCore/platform/graphics/displaylists/DisplayListItems.cpp:
(WebCore::DisplayList::DrawDisplayListItems::apply const):
(WebCore::DisplayList::DrawControlPart::apply const):
* Source/WebCore/platform/graphics/displaylists/DisplayListItems.h:
* Source/WebCore/platform/graphics/displaylists/DisplayListRecorder.cpp:
(WebCore::DisplayList::Recorder::drawDisplayListItems):
* Source/WebCore/platform/graphics/displaylists/DisplayListRecorder.h:
* Source/WebCore/platform/graphics/displaylists/DisplayListReplayer.cpp:
(WebCore::DisplayList::Replayer::Replayer):
(WebCore::DisplayList::Replayer::replay):
* Source/WebCore/platform/graphics/displaylists/DisplayListReplayer.h:
* Source/WebCore/platform/graphics/ios/controls/ControlFactoryIOS.mm:
(WebCore::ControlFactory::create):
(WebCore::ControlFactory::createControlFactory): Deleted.
* Source/WebCore/platform/graphics/mac/controls/ControlFactoryMac.h:
* Source/WebCore/platform/graphics/mac/controls/ControlFactoryMac.mm:
(WebCore::ControlFactory::create):
(WebCore::ControlFactoryMac::shared):
(WebCore::ControlFactory::createControlFactory): Deleted.
(WebCore::ControlFactoryMac::sharedControlFactory): Deleted.
* Source/WebCore/platform/graphics/mac/controls/ImageControlsButtonMac.mm:
(WebCore::ImageControlsButtonMac::servicesRolloverButtonCellSize):
* Source/WebCore/rendering/TextPainter.cpp:
(WebCore::TextPainter::paintTextOrEmphasisMarks):
* Source/WebKit/GPUProcess/graphics/RemoteDisplayListRecorder.cpp:
(WebKit::RemoteDisplayListRecorder::controlFactory):
(WebKit::RemoteDisplayListRecorder::drawDisplayListItems):
This is the important part of the fix. A thread-specific `ControlFactory` must
be specified for `DrawDisplayListItems`, so that contained `DrawControlPart`
items do not use the shared factory.
(WebKit::RemoteDisplayListRecorder::drawControlPart):
* Source/WebKit/GPUProcess/graphics/RemoteDisplayListRecorder.h:
* Tools/TestWebKitAPI/Tests/WebCore/cg/DisplayListTestsCG.cpp:
(TestWebKitAPI::TEST):
Canonical link: https://commits.webkit.org/272448.998@safari-7618-branch
Canonical link: https://commits.webkit.org/280938.165@safari-7619-branch
Commit: 5d7b5c4ec28886d44068763329001906c4e3cbcd
https://github.com/WebKit/WebKit/commit/5d7b5c4ec28886d44068763329001906c4e3cbcd
Author: Youenn Fablet <youenn at apple.com>
Date: 2024-07-30 (Tue, 30 Jul 2024)
Changed paths:
M Source/WebKit/NetworkProcess/webrtc/NetworkRTCProvider.cpp
M Source/WebKit/NetworkProcess/webrtc/NetworkRTCProvider.h
M Source/WebKit/NetworkProcess/webrtc/NetworkRTCTCPSocketCocoa.h
M Source/WebKit/NetworkProcess/webrtc/NetworkRTCTCPSocketCocoa.mm
M Source/WebKit/NetworkProcess/webrtc/NetworkRTCUDPSocketCocoa.h
M Source/WebKit/NetworkProcess/webrtc/NetworkRTCUDPSocketCocoa.mm
Log Message:
-----------
Cherry-pick 272448.1028 at safari-7618-branch (5cec99ca58dc). rdar://131874792
out-of-bounds memory access in rtc::SocketAddress::SetPort
rdar://126281456
Reviewed by Alex Christensen.
Creating two sockets with the same identifier will destroy the second one without closing it properly.
We exit early in case we detect redundant identifiers, we do not use MESSAGE_CHECK as we are processing the messages in a RTC thread.
We add some additional ASSERTS to ensure the model is right.
We fix the underlying weakness of not calling close in NetworkRTCUDPSocketCocoa by making NetworkRTCUDPSocketCocoaConnections a threadsafe weak ptr and using this weak pointer for setting the port.
Test that covers the change is in the attached patch to rdar://126281456.
It does not run on the beanch since the branch does not have all the test infra.
* LayoutTests/ipc/network-rtc-provider-crash-expected.txt: Added.
* LayoutTests/ipc/network-rtc-provider-crash.html: Added.
* Source/WebKit/NetworkProcess/webrtc/NetworkRTCProvider.cpp:
(WebKit::NetworkRTCProvider::createUDPSocket):
(WebKit::NetworkRTCProvider::createClientTCPSocket):
(WebKit::NetworkRTCProvider::addSocket):
(WebKit::NetworkRTCProvider::doSocketTaskOnRTCNetworkThread): Deleted.
* Source/WebKit/NetworkProcess/webrtc/NetworkRTCProvider.h:
* Source/WebKit/NetworkProcess/webrtc/NetworkRTCTCPSocketCocoa.h:
* Source/WebKit/NetworkProcess/webrtc/NetworkRTCTCPSocketCocoa.mm:
(WebKit::NetworkRTCTCPSocketCocoa::~NetworkRTCTCPSocketCocoa):
(WebKit::NetworkRTCTCPSocketCocoa::close):
* Source/WebKit/NetworkProcess/webrtc/NetworkRTCUDPSocketCocoa.h:
* Source/WebKit/NetworkProcess/webrtc/NetworkRTCUDPSocketCocoa.mm:
(WebKit::NetworkRTCUDPSocketCocoaConnections::NetworkRTCUDPSocketCocoaConnections):
(WebKit::NetworkRTCUDPSocketCocoaConnections::~NetworkRTCUDPSocketCocoaConnections):
(WebKit::NetworkRTCUDPSocketCocoa::setListeningPort): Deleted.
Canonical link: https://commits.webkit.org/272448.1028@safari-7618-branch
Canonical link: https://commits.webkit.org/280938.166@safari-7619-branch
Commit: 2a55ea094cf38c5307e1ddd02f1e2e92cb3207ad
https://github.com/WebKit/WebKit/commit/2a55ea094cf38c5307e1ddd02f1e2e92cb3207ad
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-07-30 (Tue, 30 Jul 2024)
Changed paths:
A LayoutTests/fast/css/container-query-listbox-expected.html
A LayoutTests/fast/css/container-query-listbox.html
A LayoutTests/fast/forms/select-multiple-changed-with-containment-crash-expected.txt
A LayoutTests/fast/forms/select-multiple-changed-with-containment-crash.html
M LayoutTests/platform/ios/TestExpectations
M Source/WebCore/rendering/RenderListBox.cpp
M Source/WebCore/rendering/RenderMenuList.cpp
Log Message:
-----------
Cherry-pick 272448.982 at safari-7618-branch (c4b6c7757697). rdar://131876352
heap-use-after-free | WebCore::RenderMenuList::setTextFromOption; WebCore::HTMLSelectElement::selectOption; WebCore::Element::didAddAttribute
https://bugs.webkit.org/show_bug.cgi?id=272882
rdar://126279123
Reviewed by Antti Koivisto.
On macOS, `<select>` and `<select multiple>` use `RenderMenuList` and
`RenderMenuList` as their respective renderers. Consequently, whenever the
`multiple` attribute is added, `invalidateStyleAndRenderersForSubtree` is
called and the `RenderMenuList` is marked for destruction.
Additionally, for interoperability, the selected index must be updated when the
`multiple` attribute is added or removed. This update will also trigger an
update on the renderer, in this case, via `RenderMenuList::updateFromElement`.
At this point, the element is `<select multiple>`, but still has a `RenderMenuList`.
Eventually, the update gets into `RenderMenuList::setTextFromOption`, which
calls `computedStyle()` on an `<option>` element. Following 267786 at main, when
using containment, this triggers a render tree update, as `Document::resolveStyle`
is called, and `resolver.hasUnresolvedQueryContainers()` is true. The
`RenderMenuList` is then destroyed, as it was previously invalidated, while
inside one of its own methods. Use-after-free is then encountered due to attempted
member variable access.
To fix, take a similar approach as the crash fix in 272334 at main and elide a full
style update when a query container with invalid style is encountered.
`fast/css/container-query-listbox.html` has been added to ensure <option>
styling continues to work with container queries. Finally, adopt `CheckedPtr` as
a hardening measure.
Alternatives considered:
1. Call `updateStyleIfNeeded()` in `HTMLSelectElement` prior to entering the
renderer. This approach was rejected as there are too many entry points, and
it would be fragile to new entry points.
2. Pass `<option>` style down from `HTMLSelectElement` into the renderer. Again,
there are too many entry points (including outside of the element). Additionally,
it is not sufficient to store a single style (for the selected option), as every
`<option>` participates in width determination.
3. Use `existingComputedStyle()` instead of `computedStyle()`. This resulted in
paint time regressions where the existing computed style was empty.
* LayoutTests/fast/css/container-query-listbox-expected.html: Added.
* LayoutTests/fast/css/container-query-listbox.html: Added.
* LayoutTests/fast/forms/select-multiple-changed-with-containment-crash-expected.txt: Added.
* LayoutTests/fast/forms/select-multiple-changed-with-containment-crash.html: Added.
* LayoutTests/platform/ios/TestExpectations:
* Source/WebCore/html/HTMLSelectElement.cpp:
(WebCore::HTMLSelectElement::optionSelectedByUser):
(WebCore::HTMLSelectElement::selectOption):
* Source/WebCore/rendering/RenderListBox.cpp:
(WebCore::RenderListBox::paintItemForeground):
(WebCore::RenderListBox::paintItemBackground):
* Source/WebCore/rendering/RenderMenuList.cpp:
(RenderMenuList::updateOptionsWidth):
(RenderMenuList::setTextFromOption):
(RenderMenuList::itemStyle const):
(RenderMenuList::getItemBackgroundColor const):
Canonical link: https://commits.webkit.org/272448.982@safari-7618-branch
Canonical link: https://commits.webkit.org/280938.167@safari-7619-branch
Commit: d7d6398be1a73aa5acda0ff7ef12aa1af663ed76
https://github.com/WebKit/WebKit/commit/d7d6398be1a73aa5acda0ff7ef12aa1af663ed76
Author: Youenn Fablet <youenn at apple.com>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/test/encode_api_test.cc
M Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp8/encoder/ratectrl.c
Log Message:
-----------
Potential 'overflow' issue commited to upstream libwebrtc: vp8,calc_iframe_target_size: clamp kf_boost
rdar://132548845
Reviewed by Chris Dumez.
* Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/test/encode_api_test.cc:
* Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp8/encoder/ratectrl.c:
(calc_iframe_target_size):
Canonical link: https://commits.webkit.org/280938.168@safari-7619-branch
Commit: d33c904941070fad30671d1d14cd8d61ceee5298
https://github.com/WebKit/WebKit/commit/d33c904941070fad30671d1d14cd8d61ceee5298
Author: Alex Christensen <achristensen at apple.com>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M Source/WebCore/PAL/pal/text/TextCodecLatin1.cpp
M Source/WebCore/PAL/pal/text/TextCodecUTF8.cpp
Log Message:
-----------
Cherry-pick dfa712ddc5a1. rdar://131879057
Integer truncation in TextCodecUTF8::decode leading to OOB writes
rdar://130946877
Reviewed by Darin Adler.
If the length plus the length of the previously attempted partial UTF-8 sequence
is greater than can fit into an unsigned, we will truncate the length and write
the long length, which isn't ideal.
The Latin-1 codec appears to have a similar issue but it doesn't keep state, so
I think it's unreachable. To make it more clear in code inspection that it is
unreachable, I added a check to be extra safe.
* LayoutTests/security/decode-buffer-size-expected.txt: Added.
* LayoutTests/security/decode-buffer-size.html: Added.
* Source/WebCore/PAL/pal/text/TextCodecLatin1.cpp:
(PAL::TextCodecLatin1::decode):
* Source/WebCore/PAL/pal/text/TextCodecUTF8.cpp:
(PAL::TextCodecUTF8::decode):
Canonical link: https://commits.webkit.org/272448.1108@safari-7618-branch
Canonical link: https://commits.webkit.org/280938.169@safari-7619-branch
Commit: 0a5567294fbaa3ddb4488c0022d1bca0e7b399cc
https://github.com/WebKit/WebKit/commit/0a5567294fbaa3ddb4488c0022d1bca0e7b399cc
Author: Nisha Jain <nisha_jain at apple.com>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
M Tools/TestWebKitAPI/Tests/WebCore/SerializedScriptValue.cpp
Log Message:
-----------
Cherry-pick 272448.988 at safari-7618-branch (d4a726f1404c). rdar://131875993
"Fuzz blocker for WebCore-SerializedScriptValue-Deserialize-fuzzer in readTerminal() | case ImageDataTag"
https://bugs.webkit.org/show_bug.cgi?id=272707
rdar://126132273
Reviewed by Chris Dumez.
ASSERT gets triggered due to overflow of 'IntSize().area()' during deserialization of IDBValueToJSValue based on 'ImageDataTag'.
To avoid this crash added overflow check for 'IntSize().area() * 4' value.
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::readTerminal):
* Tools/TestWebKitAPI/Tests/WebCore/SerializedScriptValue.cpp:
(TestWebKitAPI::TEST):
Canonical link: https://commits.webkit.org/272448.988@safari-7618-branch
Canonical link: https://commits.webkit.org/280938.170@safari-7619-branch
Commit: 6fc69ba54d9215f6a341a71a41177992d5129220
https://github.com/WebKit/WebKit/commit/6fc69ba54d9215f6a341a71a41177992d5129220
Author: Chris Dumez <cdumez at apple.com>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M Source/JavaScriptCore/runtime/JSGlobalObjectDebuggable.cpp
M Source/JavaScriptCore/runtime/JSGlobalObjectDebuggable.h
Log Message:
-----------
Regression(280938.63 at safari-7619-branch) WeChat may hang in callOnGlobalObjectRunLoopAndWait()
https://bugs.webkit.org/show_bug.cgi?id=277435
rdar://132773444
Reviewed by Ryosuke Niwa.
Just doing a partial revert of 280938.63 at safari-7619-branch for now to resolve the issue.
We no longer try to dispatch to the JSGlobalObject's runloop before using the JSGlobalObject.
This should restore shipping behavior.
Based on initial investigation, the app seems to sometimes create a JSGlobalObject on thread
A, then later use that JSGlobalObject on the main thread. This causes us to call
`callOnGlobalObjectRunLoopAndWait()`, which tries to dispatch on thread A's runloop, and waits
on a BinarySemaphore until the task has been processed on the other runloop. However, this task
is sometimes not executed and we just hang on the BinarySemaphore. I suspect thread A may have
exited. Since `callOnGlobalObjectRunLoopAndWait()` seems unreliable, we now stop using it.
* Source/JavaScriptCore/runtime/JSGlobalObjectDebuggable.cpp:
(JSC::JSGlobalObjectDebuggable::JSGlobalObjectDebuggable):
(JSC::JSGlobalObjectDebuggable::name const):
(JSC::JSGlobalObjectDebuggable::connect):
(JSC::JSGlobalObjectDebuggable::disconnect):
(JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemote):
(JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection):
(JSC::JSGlobalObjectDebuggable::callOnGlobalObjectRunLoopAndWait const): Deleted.
* Source/JavaScriptCore/runtime/JSGlobalObjectDebuggable.h:
Canonical link: https://commits.webkit.org/280938.171@safari-7619-branch
Commit: 1ce10cfde4f8892f8e1f98e3e30cd1ab295e429a
https://github.com/WebKit/WebKit/commit/1ce10cfde4f8892f8e1f98e3e30cd1ab295e429a
Author: Frédéric Wang <fwang at igalia.com>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
A LayoutTests/fast/block/crash-when-style-and-renderer-invalidated-for-floating-object-element-expected.txt
A LayoutTests/fast/block/crash-when-style-and-renderer-invalidated-for-floating-object-element.html
Log Message:
-----------
Cherry-pick 277198.3 at webkit-2024.4-embargoed (547a9b1a997a). rdar://132934624
Add test case for floating object element
https://bugs.webkit.org/show_bug.cgi?id=272687
Reviewed by Alan Baradlay.
This is a reduced crash test for bug 272687 (and its duplicate bug
272296), which is fixed by the patch for bug 272488.
* LayoutTests/fast/block/crash-when-style-and-renderer-invalidated-for-floating-object-element-expected.txt: Added.
* LayoutTests/fast/block/crash-when-style-and-renderer-invalidated-for-floating-object-element.html: Added.
Canonical link: https://commits.webkit.org/277198.3@webkit-2024.4-embargoed
Canonical link: https://commits.webkit.org/280938.172@safari-7619-branch
Commit: 9734dd92b02a9e70ff899bf6cf805a8873875fcd
https://github.com/WebKit/WebKit/commit/9734dd92b02a9e70ff899bf6cf805a8873875fcd
Author: Nisha Jain <nisha_jain at apple.com>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M Tools/TestWebKitAPI/Tests/WebCore/SerializedScriptValue.cpp
Log Message:
-----------
Cherry-pick 272448.1081 at safari-7618-branch (402db5ae0c62). rdar://132940407
ASAN_BUS | WebCore::CloneDeserializer::readTerminal; WebCore::CloneDeserializer::deserialize; WebCore::SerializedScriptValue::deserialize
https://bugs.webkit.org/show_bug.cgi?id=275262
rdar://129348869
Reviewed by Yusuke Suzuki.
Signed comparison in MarkedVector (JSC) class.
Changed Signed class objects to Unsigned types.
* Source/JavaScriptCore/runtime/ArgList.cpp:
(JSC::ArgList::getSlice const):
(JSC::MarkedVectorBase::markLists):
(JSC::MarkedVectorBase::expandCapacity):
* Source/JavaScriptCore/runtime/ArgList.h:
(JSC::MarkedVector::at const):
(JSC::ArgList::ArgList):
(JSC::ArgList::at const):
* Tools/TestWebKitAPI/Tests/WebCore/SerializedScriptValue.cpp:
(TestWebKitAPI::TEST):
Canonical link: https://commits.webkit.org/272448.1081@safari-7618-branch
Canonical link: https://commits.webkit.org/280938.173@safari-7619-branch
Commit: a0ce245292a5d226a8f9e457b129309bc60320f6
https://github.com/WebKit/WebKit/commit/a0ce245292a5d226a8f9e457b129309bc60320f6
Author: Matthieu Dubet <m_dubet at apple.com>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
A LayoutTests/fast/css/cssom-insertrule-crash-expected.html
A LayoutTests/fast/css/cssom-insertrule-crash.html
M Source/WebCore/css/CSSGroupingRule.cpp
M Source/WebCore/css/CSSStyleRule.cpp
M Source/WebCore/css/CSSStyleSheet.cpp
M Source/WebCore/css/CSSStyleSheet.h
M Source/WebCore/css/StyleSheetContents.cpp
M Source/WebCore/css/StyleSheetContents.h
M Source/WebCore/css/parser/CSSParserImpl.cpp
Log Message:
-----------
Cherry-pick 272448.1086 at safari-7618-branch (d3f4fe14288c). rdar://132942648
[CSSOM] Fix insertion of rule inside non nested style rule
https://bugs.webkit.org/show_bug.cgi?id=275129
rdar://126112807
Reviewed by Antti Koivisto.
The CSS parser should not change the "hasNestingRules" status
of a stylesheet (which makes the CoW mechanism fails and a bunch of other issues).
This patch changes when the CoW will copy the rules to allow mutation
and makes the cache mechanism internal to StyleSheetContent class.
* LayoutTests/fast/css/cssom-insertrule-crash-expected.html: Added.
* LayoutTests/fast/css/cssom-insertrule-crash.html: Added.
* Source/WebCore/css/CSSGroupingRule.cpp:
(WebCore::CSSGroupingRule::prepareChildStyleRuleForNesting):
* Source/WebCore/css/CSSStyleRule.cpp:
(WebCore::CSSStyleRule::insertRule):
* Source/WebCore/css/CSSStyleSheet.cpp:
(WebCore::CSSStyleSheet::prepareChildStyleRuleForNesting):
* Source/WebCore/css/CSSStyleSheet.h:
* Source/WebCore/css/StyleSheetContents.cpp:
(WebCore::StyleSheetContents::StyleSheetContents):
(WebCore::StyleSheetContents::isCacheable const):
(WebCore::StyleSheetContents::hasNestingRules):
* Source/WebCore/css/StyleSheetContents.h:
* Source/WebCore/css/parser/CSSParserImpl.cpp:
(WebCore::CSSParserImpl::consumeNestedGroupRules):
(WebCore::CSSParserImpl::consumeStyleRule):
Canonical link: https://commits.webkit.org/272448.1086@safari-7618-branch
Canonical link: https://commits.webkit.org/280938.174@safari-7619-branch
Commit: 907b790766cee23bd5678e9033c6a70cd42ed1c9
https://github.com/WebKit/WebKit/commit/907b790766cee23bd5678e9033c6a70cd42ed1c9
Author: Youenn Fablet <youenn at apple.com>
Date: 2024-08-01 (Thu, 01 Aug 2024)
Changed paths:
M Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/test/encode_api_test.cc
M Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/test/test-data.mk
M Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/test/test-data.sha1
M Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp8/encoder/mcomp.c
M Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp8/encoder/pickinter.c
M Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp8/encoder/rdopt.c
Log Message:
-----------
Cherry-pick libvpx cdf8da4c03cf53f2c31a9a5f4c84880ca128c608
https://bugs.webkit.org/show_bug.cgi?id=277350
rdar://132736239
Reviewed by Chris Dumez.
This fixes an OOB issue.
* Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/test/encode_api_test.cc:
* Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/test/test-data.mk:
* Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/test/test-data.sha1:
* Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp8/encoder/mcomp.c:
(vp8_find_best_sub_pixel_step_iteratively):
(vp8_find_best_sub_pixel_step):
(vp8_find_best_half_pixel_step):
(vp8_diamond_search_sad_c):
(vp8_diamond_search_sadx4):
(vp8_full_search_sad):
(vp8_refining_search_sad_c):
(vp8_refining_search_sadx4):
* Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp8/encoder/pickinter.c:
(vp8_skip_fractional_mv_step):
(update_mvcount):
* Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp8/encoder/rdopt.c:
(rd_update_mvcount):
Canonical link: https://commits.webkit.org/280938.175@safari-7619-branch
Commit: dd204be75d92aef015cef10c69668e3d3111d426
https://github.com/WebKit/WebKit/commit/dd204be75d92aef015cef10c69668e3d3111d426
Author: Timothy Hatcher <timothy at apple.com>
Date: 2024-08-02 (Fri, 02 Aug 2024)
Changed paths:
M Source/WTF/wtf/WeakObjCPtr.h
Log Message:
-----------
Cherry-pick 9619df3a01b1. rdar://132755490
REGRESSION (280925 at main): [ macOS iOS ] TestWebKitAPI.WebKit2_WeakObjCPtr.LogicalNegation is a constant failure.
https://webkit.org/b/277285
rdar://problem/132755490
Reviewed by Brian Weinstein.
Revert the WeakObjCPtr changes of 280925 at main. The autorelease pool was retaining the object past the
scope of the WeakObjCPtr in the LogicalNegation test, keeping it non-nil longer than expected.
* Source/WTF/wtf/WeakObjCPtr.h:
(WTF::WeakObjCPtr::operator! const): Switch back to get().
(WTF::WeakObjCPtr::operator bool const): Ditto.
Canonical link: https://commits.webkit.org/281582@main
Canonical link: https://commits.webkit.org/280938.176@safari-7619-branch
Commit: 417d191bc53724a9d80142627574a423b723c656
https://github.com/WebKit/WebKit/commit/417d191bc53724a9d80142627574a423b723c656
Author: Chris Dumez <cdumez at apple.com>
Date: 2024-08-04 (Sun, 04 Aug 2024)
Changed paths:
M Source/WTF/wtf/text/StringImpl.h
Log Message:
-----------
Guard against constructing Strings with a length greater than MaxLength from a StringBuffer.
https://bugs.webkit.org/show_bug.cgi?id=277596
rdar://132984553
Reviewed by Darin Adler.
* Source/WTF/wtf/text/StringImpl.cpp:
(WTF::StringImpl::adopt):
Canonical link: https://commits.webkit.org/280938.177@safari-7619-branch
Commit: 1ee8d37433d57ecfb5fdb7af522fe2638afe5738
https://github.com/WebKit/WebKit/commit/1ee8d37433d57ecfb5fdb7af522fe2638afe5738
Author: Elika Etemad <fantasai.bugs at inkedblade.net>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
M LayoutTests/fast/css/font-face-multiple-faces.html
M LayoutTests/fast/text/postscript-bold-expected.html
M LayoutTests/fast/text/postscript-bold.html
M LayoutTests/platform/glib/fast/css/font-face-multiple-faces-expected.txt
M LayoutTests/platform/gtk/fast/css/font-face-multiple-faces-expected.png
M LayoutTests/platform/mac/fast/css/font-face-multiple-faces-expected.png
M LayoutTests/platform/mac/fast/css/font-face-multiple-faces-expected.txt
M Source/WebCore/css/CSSFontFaceSource.cpp
M Source/WebCore/platform/graphics/FontCache.cpp
M Source/WebCore/platform/graphics/FontCache.h
M Source/WebCore/platform/graphics/cocoa/FontCacheCoreText.cpp
M Source/WebCore/platform/graphics/cocoa/FontCacheCoreText.h
M Source/WebCore/platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp
M Source/WebCore/platform/graphics/freetype/FontCacheFreeType.cpp
M Source/WebCore/platform/graphics/skia/FontCacheSkia.cpp
M Source/WebCore/platform/graphics/win/cairo/FontCacheWinCairo.cpp
Log Message:
-----------
Cherry-pick 21695ca97d99. rdar://130226958
Don't tweak boldness of local @font-face fonts already described as bold
https://bugs.webkit.org/show_bug.cgi?id=277170
rdar://130226958
Reviewed by Vitor Roriz.
This fixes two problems with lookup of local @font-face fonts described as bold:
1. When using a PostScript name, if the boldness of the font didn't match the
descriptor, we would ditch the font and look up a related bold font (which is
what we do for font-family lookups) instead of using the font as-is.
See changes in platformFontLookupWithFamily() for this error.
2. When disabling font synthesis because the @font-face descriptors already
match the request, we fail to plumb that through to local font lookups.
See changes in CSSFontFaceSource::font() for this error.
* LayoutTests/platform/glib/fast/css/font-face-multiple-faces-expected.txt: Rebaseline.
* LayoutTests/platform/gtk/fast/css/font-face-multiple-faces-expected.png: Rebaseline.
* LayoutTests/fast/css/font-face-multiple-faces.html: Update to match spec expectations.
* LayoutTests/fast/text/postscript-bold-expected.html: More correct references.
* LayoutTests/fast/text/postscript-bold.html: Add test for turning off synthesis.
* LayoutTests/platform/mac/fast/css/font-face-multiple-faces-expected.png: Match new results.
* LayoutTests/platform/mac/fast/css/font-face-multiple-faces-expected.txt: Match new results.
* Source/WebCore/css/CSSFontFaceSource.cpp:
(WebCore::CSSFontFaceSource::load):
(WebCore::CSSFontFaceSource::font):
* Source/WebCore/platform/graphics/FontCache.cpp:
(WebCore::FontCache::cachedFontPlatformData):
(WebCore::FontCache::fontForFamily):
* Source/WebCore/platform/graphics/FontCache.h:
(WebCore::FontCache::fontForFamily):
(WebCore::FontCache::cachedFontPlatformData):
(WebCore::FontCache::createFontPlatformDataForTesting):
* Source/WebCore/platform/graphics/cocoa/FontCacheCoreText.cpp:
(WebCore::computeNecessarySynthesis):
(WebCore::isAllowlistedFamily):
(WebCore::platformFontLookupWithFamily):
(WebCore::fontDescriptorWithFamilySpecialCase):
(WebCore::fontWithFamily):
(WebCore::FontCache::shouldAutoActivateFontIfNeeded):
(WebCore::autoActivateFont):
(WebCore::lookupFallbackFont):
* Source/WebCore/platform/graphics/cocoa/FontCacheCoreText.h:
(WebCore::computeNecessarySynthesis):
* Source/WebCore/platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp:
(WebCore::FontFamilySpecificationCoreText::fontRanges const):
* Source/WebCore/platform/graphics/freetype/FontCacheFreeType.cpp:
(WebCore::getFontPropertiesFromPattern):
(WebCore::FontCache::createFontPlatformData):
* Source/WebCore/platform/graphics/skia/FontCacheSkia.cpp:
(WebCore::FontCache::createFontPlatformData):
* Source/WebCore/platform/graphics/win/cairo/FontCacheWinCairo.cpp:
(WebCore::FontCache::createFontPlatformData):
Canonical link: https://commits.webkit.org/281525@main
Canonical link: https://commits.webkit.org/280938.178@safari-7619-branch
Commit: 9f0c347fbfd3207b9c0a516ccec13d5c5c48908a
https://github.com/WebKit/WebKit/commit/9f0c347fbfd3207b9c0a516ccec13d5c5c48908a
Author: Alex Christensen <achristensen at apple.com>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
M Source/WebCore/loader/cache/CachedResourceLoader.cpp
Log Message:
-----------
Cherry-pick 4f9c076b440e. rdar://132751900
REGRESSION (281441 at main): [ macOS iOS ] TestWebKitAPI.WKHTTPCookieStore.SameSiteWithPatternMatch is a constant failure (277275)
rdar://132751900
https://bugs.webkit.org/show_bug.cgi?id=277275
Reviewed by Matthew Finkel.
We need to pass the page to FrameLoader::addSameSiteInfoToRequestIfNeeded
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestResource):
Canonical link: https://commits.webkit.org/281526@main
Canonical link: https://commits.webkit.org/280938.179@safari-7619-branch
Commit: a9098508206744cb3ca86808bd63f6546ff12826
https://github.com/WebKit/WebKit/commit/a9098508206744cb3ca86808bd63f6546ff12826
Author: Ryosuke Niwa <rniwa at webkit.org>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp
Log Message:
-----------
Cherry-pick cac0699e42b1. rdar://132649078
Crash in WindowEventLoop::eventLoopForSecurityOrigin
https://bugs.webkit.org/show_bug.cgi?id=277295
rdar://132649078
Reviewed by Chris Dumez and Tim Horton.
The bug was caused by AuxiliaryProcessProxy::wakeUpTemporarilyForIPC using WebCore::Timer.
Use a RunLoop timer instead.
* Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp:
(WebKit::AuxiliaryProcessProxy::wakeUpTemporarilyForIPC):
Canonical link: https://commits.webkit.org/281539@main
Canonical link: https://commits.webkit.org/280938.180@safari-7619-branch
Commit: c4ecb3b8d80727fdb71a85213cc1f41ae3e59fca
https://github.com/WebKit/WebKit/commit/c4ecb3b8d80727fdb71a85213cc1f41ae3e59fca
Author: Tim Nguyen <ntim at apple.com>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/css/css-animations/display-none-dont-cancel.tentative-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/css/css-animations/display-none-dont-cancel.tentative.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-animations/display-none-to-display-block-dont-cancel.tentative-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-animations/display-none-to-display-block-dont-cancel.tentative.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-animations/display-none-to-display-block-expected.xht
A LayoutTests/imported/w3c/web-platform-tests/css/css-animations/display-none-to-display-block.html
M Source/WebCore/style/StyleTreeResolver.cpp
Log Message:
-----------
Cherry-pick 72ac253c4d48. rdar://130520487
REGRESSION (276531 at main): State dropdown is invisible, unable to send feedback via Bunnings.com.au
https://bugs.webkit.org/show_bug.cgi?id=277303
rdar://130520487
Reviewed by Cameron McCormack.
We should not be cancelling animations in the case where we're starting in a hidden subtree, then animating with a keyframe that changes
the display value away from none. Make sure we notify about the newly created keyframe instead.
* LayoutTests/imported/w3c/web-platform-tests/css/css-animations/display-none-dont-cancel.tentative-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-animations/display-none-dont-cancel.tentative.html:
* LayoutTests/imported/w3c/web-platform-tests/css/css-animations/display-none-to-display-block-dont-cancel.tentative-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-animations/display-none-to-display-block-dont-cancel.tentative.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-animations/display-none-to-display-block-expected.xht: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-animations/display-none-to-display-block.html: Added.
* Source/WebCore/style/StyleTreeResolver.cpp:
(WebCore::Style::TreeResolver::createAnimatedElementUpdate):
Canonical link: https://commits.webkit.org/281544@main
Canonical link: https://commits.webkit.org/280938.181@safari-7619-branch
Commit: 0bdc2f1b2b95616ddead7ff27396fec0ba6caaa4
https://github.com/WebKit/WebKit/commit/0bdc2f1b2b95616ddead7ff27396fec0ba6caaa4
Author: Abrar Rahman Protyasha <a_protyasha at apple.com>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
M Source/WTF/wtf/PlatformHave.h
M Source/WebKit/Platform/spi/ios/UIKitSPI.h
M Source/WebKit/UIProcess/ios/WKContentView.mm
Log Message:
-----------
Cherry-pick 2c110c4ab173. rdar://132525262
REGRESSION(281001 at main): [iPadOS] Safari address bar loses focus immediately after clicking with hardware keyboard attached
https://bugs.webkit.org/show_bug.cgi?id=277273
rdar://132525262
Reviewed by Aditya Keerthi.
The adoption of UIFocusItemDeferralMode in 281001 at main causes the issue
detailed in the commit title. This patch is a straight revert of
281001 at main, after which we can revisit https://webkit.org/b/276640.
* Source/WTF/wtf/PlatformHave.h:
* Source/WebKit/Platform/spi/ios/UIKitSPI.h:
* Source/WebKit/UIProcess/ios/WKContentView.mm:
(-[WKContentView focusItemDeferralMode]): Deleted.
Commit: a92998bb8d962f5eeb0d2c3320745e0e2856dc87
https://github.com/WebKit/WebKit/commit/a92998bb8d962f5eeb0d2c3320745e0e2856dc87
Author: Wenson Hsieh <wenson_hsieh at apple.com>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
M Source/WebCore/page/ElementTargetingController.cpp
Log Message:
-----------
Cherry-pick d15c4b4addca. rdar://132831879
[Remote Inspection] Refactor ElementTargetingController to avoid a rare nullptr crash
https://bugs.webkit.org/show_bug.cgi?id=277371
rdar://132831879
Reviewed by Aditya Keerthi.
This is a speculative fix for a `nullptr` (or `CheckedPtr`) crash, due to the fact that `renderer`
is a `CheckedPtr` below:
```
CheckedPtr renderer = element.renderer();
…
return {
.elementIdentifier = element.identifier(),
.documentIdentifier = element.document().identifier(),
.offsetEdges = computeOffsetEdges(renderer->style()), // <--- A
.renderedText = WTFMove(renderedText),
.searchableText = searchableTextForTarget(element), // <--- B
.screenReaderText = WTFMove(screenReaderText),
.selectors = selectorsForTarget(element, cache),
.boundsInRootView = element.boundingBoxInRootViewCoordinates(),
.boundsInClientCoordinates = computeClientRect(*renderer), // <--- C
…
};
```
Because we may update layout in (B) (and rebuild parts of the render tree in the process), it's
possible for the renderer to become null by the time we get to line (C). To address this, we make
the `renderer` a `WeakPtr` and limit its lifetime to only code that accesses information from
`RenderStyle` and geometry information, without updating layout.
No new test case, since it only seemed to reproduce once.
* Source/WebCore/page/ElementTargetingController.cpp:
(WebCore::targetedElementInfo):
(WebCore::ElementTargetingController::extractTargets):
Canonical link: https://commits.webkit.org/281613@main
Canonical link: https://commits.webkit.org/280938.183@safari-7619-branch
Commit: 1c726494388231fd515df9c73cc19b3bf43de509
https://github.com/WebKit/WebKit/commit/1c726494388231fd515df9c73cc19b3bf43de509
Author: Matt Woodrow <mattwoodrow at apple.com>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
A LayoutTests/compositing/visibility/omitted-hidden-layers-crash-expected.txt
A LayoutTests/compositing/visibility/omitted-hidden-layers-crash.html
A LayoutTests/compositing/visibility/omitted-hidden-layers-inserted-expected.html
A LayoutTests/compositing/visibility/omitted-hidden-layers-inserted.html
M Source/WebCore/rendering/RenderLayer.cpp
M Source/WebCore/rendering/RenderLayer.h
Log Message:
-----------
Cherry-pick 0d9d9b720018. rdar://132358145
REGRESSION (280917 at main): Crash when omitting a visibility:hidden RenderLayer from the z-order tree.
https://bugs.webkit.org/show_bug.cgi?id=277115
<rdar://132358145>
Reviewed by Simon Fraser.
If we decide we can newly omit a RenderLayer in the z-order tree due to not
being visible, we need to also notify the compositor that these layers are
'gone' so that state can be updated correctly.
* LayoutTests/compositing/visibility/omitted-hidden-layers-crash-expected.txt: Added.
* LayoutTests/compositing/visibility/omitted-hidden-layers-crash.html: Added.
* LayoutTests/compositing/visibility/omitted-hidden-layers-inserted-expected.html: Added.
* LayoutTests/compositing/visibility/omitted-hidden-layers-inserted.html: Added.
* Source/WebCore/rendering/RenderLayer.cpp:
(WebCore::RenderLayer::updateNormalFlowList):
(WebCore::RenderLayer::removeSelfAndDescendantsFromCompositor):
(WebCore::RenderLayer::setWasOmittedFromZOrderTree):
(WebCore::RenderLayer::collectLayers):
(WebCore::RenderLayer::updateLayerListsIfNeeded):
(WebCore::RenderLayer::updateDescendantDependentFlags):
* Source/WebCore/rendering/RenderLayer.h:
Canonical link: https://commits.webkit.org/281636@main
Canonical link: https://commits.webkit.org/280938.184@safari-7619-branch
Commit: 57e7d851414c700072fcdf876e2cc2670c5a155d
https://github.com/WebKit/WebKit/commit/57e7d851414c700072fcdf876e2cc2670c5a155d
Author: Per Arne Vollan <pvollan at apple.com>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/WebProcessCache.cpp
Log Message:
-----------
Cherry-pick 065317811b09. rdar://132513081
[iOS] Expand Web process cache capacity on some devices
https://bugs.webkit.org/show_bug.cgi?id=276797
rdar://132513081
Reviewed by Chris Dumez.
Expand Web process cache capacity on some iOS devices. Devices are not normally reporting memory capacity in GB multiples. This patch
is using a more fine grained computation of the cache size, instead of basing it on GB multiples. This will effectively enable the Web
process cache for some devices. We still have the upper limit of 10 Web processes in the cache on iOS, so the cache will never be
bigger than that. On memory pressure, we still shut down the processes in the Web process cache. I have been validating this change on
a device affected by this patch, and so far the testing looks good.
* Source/WebKit/UIProcess/WebProcessCache.cpp:
(WebKit::WebProcessCache::updateCapacity):
Canonical link: https://commits.webkit.org/281675@main
Canonical link: https://commits.webkit.org/280938.185@safari-7619-branch
Commit: 95f7ba323eaef3932431bc63b4788a3b3a5c75a8
https://github.com/WebKit/WebKit/commit/95f7ba323eaef3932431bc63b4788a3b3a5c75a8
Author: Jean-Yves Avenard <jya at apple.com>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
M Source/WebCore/platform/cocoa/VideoPresentationModelVideoElement.h
M Source/WebKit/Platform/ios/VideoPresentationInterfaceLMK.mm
M Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.h
M Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm
M Source/WebKit/UIProcess/Cocoa/VideoPresentationManagerProxy.h
M Source/WebKit/UIProcess/Cocoa/VideoPresentationManagerProxy.mm
M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenViewController.mm
M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm
M Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.h
M Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.mm
M Source/WebKit/WebProcess/cocoa/VideoPresentationManager.h
M Source/WebKit/WebProcess/cocoa/VideoPresentationManager.mm
Log Message:
-----------
Cherry-pick eb83b03a1b12. rdar://132767136
REGRESSION (281109 at main?): [ Guard-Malloc ] media/media-source/media-managedmse-video-with-poster.html is constantly crashing.
https://bugs.webkit.org/show_bug.cgi?id=277395
rdar://132767136
Reviewed by Youenn Fablet.
It was possible for the VideoPresentationInterfaceIOS to be removed from the
VideoPresentationManagerProxy's contexts HashMap. We adopt more smart pointers
adoption to get around the issue of the interface potentially being deleted
while exiting fullscreen.
We adopt the use of `Ref` in the HashMap for model/interface as they can never contained
null pointers. Which helps simplify the code in some instances and remove unnecessary tests.
Fly-by: Running some tests in debug mode triggered an assertion in `VideoPresentationManager::removeClientForContext`
We had handling for this case instead and exit early if the VideoPresentationManager had no client left.
Covered by existing tests.
* Source/WebCore/platform/cocoa/VideoPresentationModelVideoElement.h:
* Source/WebKit/Platform/ios/VideoPresentationInterfaceLMK.mm:
(WebKit::VideoPresentationInterfaceLMK::finalizeSetup):
(WebKit::VideoPresentationInterfaceLMK::presentFullscreen):
(WebKit::VideoPresentationInterfaceLMK::dismissFullscreen):
* Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.h:
* Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm:
(WebKit::PlaybackSessionManagerProxy::createModelAndInterface):
(WebKit::PlaybackSessionManagerProxy::ensureModelAndInterface):
(WebKit::PlaybackSessionManagerProxy::ensureModel):
(WebKit::PlaybackSessionManagerProxy::ensureInterface):
(WebKit::PlaybackSessionManagerProxy::removeClientForContext):
(WebKit::PlaybackSessionManagerProxy::setUpPlaybackControlsManagerWithID):
(WebKit::PlaybackSessionManagerProxy::currentTimeChanged):
(WebKit::PlaybackSessionManagerProxy::bufferedTimeChanged):
(WebKit::PlaybackSessionManagerProxy::seekableRangesVectorChanged):
(WebKit::PlaybackSessionManagerProxy::canPlayFastReverseChanged):
(WebKit::PlaybackSessionManagerProxy::audioMediaSelectionOptionsChanged):
(WebKit::PlaybackSessionManagerProxy::legibleMediaSelectionOptionsChanged):
(WebKit::PlaybackSessionManagerProxy::audioMediaSelectionIndexChanged):
(WebKit::PlaybackSessionManagerProxy::legibleMediaSelectionIndexChanged):
(WebKit::PlaybackSessionManagerProxy::externalPlaybackPropertiesChanged):
(WebKit::PlaybackSessionManagerProxy::wirelessVideoPlaybackDisabledChanged):
(WebKit::PlaybackSessionManagerProxy::mutedChanged):
(WebKit::PlaybackSessionManagerProxy::volumeChanged):
(WebKit::PlaybackSessionManagerProxy::durationChanged):
(WebKit::PlaybackSessionManagerProxy::playbackStartedTimeChanged):
(WebKit::PlaybackSessionManagerProxy::rateChanged):
(WebKit::PlaybackSessionManagerProxy::pictureInPictureSupportedChanged):
(WebKit::PlaybackSessionManagerProxy::isInWindowFullscreenActiveChanged):
(WebKit::PlaybackSessionManagerProxy::supportsLinearMediaPlayerChanged):
(WebKit::PlaybackSessionManagerProxy::setVideoReceiverEndpoint):
(WebKit::PlaybackSessionManagerProxy::controlsManagerInterface):
(WebKit::PlaybackSessionManagerProxy::isPaused const):
* Source/WebKit/UIProcess/Cocoa/VideoPresentationManagerProxy.h:
* Source/WebKit/UIProcess/Cocoa/VideoPresentationManagerProxy.mm:
(WebKit::VideoPresentationManagerProxy::controlsManagerInterface):
(WebKit::VideoPresentationManagerProxy::createModelAndInterface):
(WebKit::VideoPresentationManagerProxy::ensureModelAndInterface):
(WebKit::VideoPresentationManagerProxy::ensureModel):
(WebKit::VideoPresentationManagerProxy::ensureInterface):
(WebKit::VideoPresentationManagerProxy::findInterface const):
(WebKit::VideoPresentationManagerProxy::forEachSession):
(WebKit::VideoPresentationManagerProxy::createLayerWithID):
(WebKit::VideoPresentationManagerProxy::createLayerHostViewWithID):
(WebKit::VideoPresentationManagerProxy::returningToStandbyInterface const):
(WebKit::VideoPresentationManagerProxy::createViewWithID):
(WebKit::VideoPresentationManagerProxy::setupFullscreenWithID):
(WebKit::VideoPresentationManagerProxy::setPlayerIdentifier):
(WebKit::VideoPresentationManagerProxy::setHasVideo):
(WebKit::VideoPresentationManagerProxy::setVideoDimensions):
(WebKit::VideoPresentationManagerProxy::exitFullscreen):
(WebKit::VideoPresentationManagerProxy::exitFullscreenWithoutAnimationToMode):
(WebKit::VideoPresentationManagerProxy::setVideoFullscreenMode):
(WebKit::VideoPresentationManagerProxy::clearVideoFullscreenMode):
(WebKit::VideoPresentationManagerProxy::setInlineRect):
(WebKit::VideoPresentationManagerProxy::setHasVideoContentLayer):
(WebKit::VideoPresentationManagerProxy::cleanupFullscreen):
(WebKit::VideoPresentationManagerProxy::preparedToReturnToInline):
(WebKit::VideoPresentationManagerProxy::preparedToExitFullscreen):
(WebKit::VideoPresentationManagerProxy::textTrackRepresentationUpdate):
(WebKit::VideoPresentationManagerProxy::textTrackRepresentationSetContentsScale):
(WebKit::VideoPresentationManagerProxy::textTrackRepresentationSetHidden):
(WebKit::VideoPresentationManagerProxy::returnVideoView):
(WebKit::VideoPresentationManagerProxy::didExitFullscreen):
(WebKit::VideoPresentationManagerProxy::didEnterFullscreen):
(WebKit::VideoPresentationManagerProxy::didCleanupFullscreen):
(WebKit::VideoPresentationManagerProxy::setVideoLayerFrame):
(WebKit::VideoPresentationManagerProxy::playerViewController const):
(WebKit::VideoPresentationManagerProxy::playableViewController const):
* Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenViewController.mm:
(-[WKFullScreenViewController videoControlsManagerDidChange]):
(-[WKFullScreenViewController _togglePiPAction:]):
* Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:
(-[WKFullScreenWindowController beganEnterFullScreenWithInitialFrame:finalFrame:]):
(-[WKFullScreenWindowController _completedExitFullScreen]):
(-[WKFullScreenWindowController didExitPictureInPicture]):
* Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.h:
* Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.mm:
(WebKit::PlaybackSessionManager::~PlaybackSessionManager):
(WebKit::PlaybackSessionManager::ensureModelAndInterface):
(WebKit::PlaybackSessionManager::ensureModel):
(WebKit::PlaybackSessionManager::ensureInterface):
(WebKit::PlaybackSessionManager::removeContext):
(WebKit::PlaybackSessionManager::setUpPlaybackControlsManager):
(WebKit::PlaybackSessionManager::contextIdForMediaElement):
(WebKit::PlaybackSessionManager::play):
(WebKit::PlaybackSessionManager::pause):
(WebKit::PlaybackSessionManager::togglePlayState):
(WebKit::PlaybackSessionManager::beginScrubbing):
(WebKit::PlaybackSessionManager::endScrubbing):
(WebKit::PlaybackSessionManager::seekToTime):
(WebKit::PlaybackSessionManager::fastSeek):
(WebKit::PlaybackSessionManager::beginScanningForward):
(WebKit::PlaybackSessionManager::beginScanningBackward):
(WebKit::PlaybackSessionManager::endScanning):
(WebKit::PlaybackSessionManager::setDefaultPlaybackRate):
(WebKit::PlaybackSessionManager::setPlaybackRate):
(WebKit::PlaybackSessionManager::selectAudioMediaOption):
(WebKit::PlaybackSessionManager::handleControlledElementIDRequest):
(WebKit::PlaybackSessionManager::togglePictureInPicture):
(WebKit::PlaybackSessionManager::enterFullscreen):
(WebKit::PlaybackSessionManager::exitFullscreen):
(WebKit::PlaybackSessionManager::toggleInWindow):
(WebKit::PlaybackSessionManager::toggleMuted):
(WebKit::PlaybackSessionManager::setMuted):
(WebKit::PlaybackSessionManager::setVolume):
(WebKit::PlaybackSessionManager::setPlayingOnSecondScreen):
(WebKit::PlaybackSessionManager::sendRemoteCommand):
(WebKit::PlaybackSessionManager::setSoundStageSize):
(WebKit::PlaybackSessionManager::setSpatialTrackingLabel):
(WebKit::PlaybackSessionManager::forEachModel):
* Source/WebKit/WebProcess/cocoa/VideoPresentationManager.h:
* Source/WebKit/WebProcess/cocoa/VideoPresentationManager.mm:
(WebKit::VideoPresentationManager::~VideoPresentationManager):
(WebKit::VideoPresentationManager::ensureModelAndInterface):
(WebKit::VideoPresentationManager::ensureModel):
(WebKit::VideoPresentationManager::ensureInterface):
(WebKit::VideoPresentationManager::removeContext):
(WebKit::VideoPresentationManager::removeClientForContext):
(WebKit::VideoPresentationManager::enterVideoFullscreenForVideoElement):
(WebKit::VideoPresentationManager::exitVideoFullscreenForVideoElement):
(WebKit::VideoPresentationManager::exitVideoFullscreenToModeWithoutAnimation):
(WebKit::VideoPresentationManager::requestFullscreenMode):
(WebKit::VideoPresentationManager::returnVideoContentLayer):
(WebKit::VideoPresentationManager::failedToEnterFullscreen):
(WebKit::VideoPresentationManager::didExitFullscreen):
(WebKit::VideoPresentationManager::didCleanupFullscreen):
(WebKit::VideoPresentationManager::requestRouteSharingPolicyAndContextUID):
(WebKit::VideoPresentationManager::ensureUpdatedVideoDimensions):
(WebKit::VideoPresentationManager::setVideoFullscreenFrame):
(WebKit::VideoPresentationManager::setRequiresTextTrackRepresentation):
(WebKit::VideoPresentationManager::setTextTrackRepresentationBounds):
Canonical link: https://commits.webkit.org/281680@main
Canonical link: https://commits.webkit.org/280938.186@safari-7619-branch
Commit: 113bb048e592f4d882ce7d1013f8adc11cc54635
https://github.com/WebKit/WebKit/commit/113bb048e592f4d882ce7d1013f8adc11cc54635
Author: Said Abou-Hallawa <said at apple.com>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
M Source/WebCore/platform/graphics/BitmapImageDescriptor.cpp
M Source/WebCore/platform/graphics/BitmapImageDescriptor.h
M Source/WebCore/platform/graphics/BitmapImageSource.h
M Source/WebCore/platform/graphics/ImageSource.h
M Source/WebCore/platform/graphics/NativeImageSource.h
Log Message:
-----------
Cherry-pick 2f897eb8b838. rdar://129703072
REGRESSION(278195 at main): A bitmap image may get the size of a subsampled frame
https://bugs.webkit.org/show_bug.cgi?id=277495
rdar://129703072
Reviewed by Simon Fraser.
To get the size of an image, the default frame has to be queried from ImageDecoder.
A subsampled frame should not be used to get the size of an image.
* Source/WebCore/platform/graphics/BitmapImageDescriptor.cpp:
(WebCore::BitmapImageDescriptor::primaryImageFrameMetadata const):
(WebCore::BitmapImageDescriptor::sourceSize const):
(WebCore::BitmapImageDescriptor::densityCorrectedSize const):
* Source/WebCore/platform/graphics/BitmapImageDescriptor.h:
* Source/WebCore/platform/graphics/BitmapImageSource.h:
* Source/WebCore/platform/graphics/ImageSource.h:
(WebCore::ImageSource::currentImageFrame):
* Source/WebCore/platform/graphics/NativeImageSource.h:
Canonical link: https://commits.webkit.org/281731@main
Canonical link: https://commits.webkit.org/280938.187@safari-7619-branch
Commit: 8d828a9b5d90aecc30d131e0184d791ffb498c17
https://github.com/WebKit/WebKit/commit/8d828a9b5d90aecc30d131e0184d791ffb498c17
Author: Timothy Hatcher <timothy at apple.com>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionContextCocoa.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIPermissions.mm
Log Message:
-----------
Cherry-pick 0c16173ab63b. rdar://132912898
Raindrop extension doesn't seem to be able to authenticate.
https://webkit.org/b/277519
rdar://132912898
Reviewed by Jeff Miller and Brian Weinstein.
The CORS disabling patterns for the extension was not including optional host permissions due to
a copy-and-paste error (`allRequestedMatchPatterns()` vs `optionalPermissionMatchPatterns()`.)
Also corrected FIXME bug info to be more accurate.
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionContextCocoa.mm:
(WebKit::WebExtensionContext::corsDisablingPatterns): Use optionalPermissionMatchPatterns().
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIPermissions.mm:
(TestWebKitAPI::TEST(WKWebExtensionAPIPermissions, CORS)): Added.
Canonical link: https://commits.webkit.org/281739@main
Canonical link: https://commits.webkit.org/280938.188@safari-7619-branch
Commit: 86597d16b73f1782f29dfeac74458043e65d43ff
https://github.com/WebKit/WebKit/commit/86597d16b73f1782f29dfeac74458043e65d43ff
Author: Ben Nham <nham at apple.com>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
M Source/WebKit/WebKitSwift/MarketplaceKit/MarketplaceKitWrapper.swift
Log Message:
-----------
Cherry-pick ea943336c35d. rdar://132784346
Only build MarketplaceKitWrapper on iOS
https://bugs.webkit.org/show_bug.cgi?id=277356
rdar://132784346
Reviewed by Per Arne Vollan and Chris Dumez.
Some platforms provide empty stubs for MarketplaceKit which causes build failures in
MarketplaceKitWrapper. We should only build this file on platforms which provide actual
MarketplaceKit APIs (namely iOS).
* Source/WebKit/WebKitSwift/MarketplaceKit/MarketplaceKitWrapper.swift:
(MarketplaceKitWrapper.requestAppInstallation(_:url:completionHandler:)):
Canonical link: https://commits.webkit.org/281586@main
Canonical link: https://commits.webkit.org/280938.189@safari-7619-branch
Commit: 9fc17f328fbc27408b158ab7bd1d0c32dd44e302
https://github.com/WebKit/WebKit/commit/9fc17f328fbc27408b158ab7bd1d0c32dd44e302
Author: Ben Nham <nham at apple.com>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
M Source/WebKit/WebKitSwift/MarketplaceKit/MarketplaceKitWrapper.swift
Log Message:
-----------
Cherry-pick 9dca5fe2be82. rdar://132784346
Do not build MarketplaceKitWrapper on visionOS
https://bugs.webkit.org/show_bug.cgi?id=277429
rdar://132784346
Reviewed by Tim Horton.
I tried to prevent MarketplaceKitWrapper from building on visionOS in 281586 at main but it didn't work
because os(iOS) includes visionOS. We need to more explicitly state that we don't want to build this
file on visionOS.
* Source/WebKit/WebKitSwift/MarketplaceKit/MarketplaceKitWrapper.swift:
Canonical link: https://commits.webkit.org/281666@main
Canonical link: https://commits.webkit.org/280938.190@safari-7619-branch
Commit: d0c2ef341c1914455a97a6ae9e6887fd94594767
https://github.com/WebKit/WebKit/commit/d0c2ef341c1914455a97a6ae9e6887fd94594767
Author: Kimmo Kinnunen <kkinnunen at apple.com>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
M Source/WebKit/GPUProcess/media/RemoteAudioDestinationManager.cpp
Log Message:
-----------
Cherry-pick b988d2b01795. rdar://130100769
REGRESSION(256273 at main): Stopped remote audio destination is started when audio buffer changes
https://bugs.webkit.org/show_bug.cgi?id=277407
rdar://132883157
Reviewed by Youenn Fablet and Per Arne Vollan.
Avoid starting the audio destination when the sample buffer is set if
the destination is not playing.
Fixes power regressions in cases when the audio destination is not
running.
* Source/WebKit/GPUProcess/media/RemoteAudioDestinationManager.cpp:
Canonical link: https://commits.webkit.org/281701@main
Canonical link: https://commits.webkit.org/280938.191@safari-7619-branch
Commit: 8337f12be63dd87b5fad0fb9bd4f2eb45ce6af98
https://github.com/WebKit/WebKit/commit/8337f12be63dd87b5fad0fb9bd4f2eb45ce6af98
Author: Dominic Mazzoni <dm_mazzoni at apple.com>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
M LayoutTests/accessibility/mac/line-text-marker-range-for-text-marker-expected.txt
M LayoutTests/accessibility/mac/line-text-marker-range-for-text-marker.html
M Source/WebCore/accessibility/AccessibilityObject.cpp
Log Message:
-----------
Cherry-pick ca993564405e. rdar://131390008
AX: lineTextMarkerRangeForTextMarker returns too much text for some blank lines
https://bugs.webkit.org/show_bug.cgi?id=277489
rdar://132989539
Reviewed by Chris Fleizach.
In https://bugs.webkit.org/show_bug.cgi?id=275870 (AX:
lineTextMarkerRangeForTextMarker fails on first character of line in
Google Docs) we fixed an issue where lineTextMarkerRangeForTextMarker
failed to return a range at all.
This fix resulted in a regression where now it returns a range that's
too large, for some blank lines. One symptom was that when using
VoiceOver to arrow through editable text, landing on a blank line
would sometimes read the subsequent line rather than just "newline".
* LayoutTests/accessibility/mac/line-text-marker-range-for-text-marker-expected.txt:
* LayoutTests/accessibility/mac/line-text-marker-range-for-text-marker.html:
* Source/WebCore/accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::lineRangeForPosition const):
Canonical link: https://commits.webkit.org/281724@main
Canonical link: https://commits.webkit.org/280938.192@safari-7619-branch
Commit: 0c30a2baaf291973f4edf5789d5be371cd1d5809
https://github.com/WebKit/WebKit/commit/0c30a2baaf291973f4edf5789d5be371cd1d5809
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/WebAuthentication/Mock/MockNfcService.mm
Log Message:
-----------
Cherry-pick 281829 at main (192ce769c4d5). rdar://133235429
Fix Internal visionOS build
https://bugs.webkit.org/show_bug.cgi?id=277633
rdar://133215906
Unreviewed build fix.
* Source/WebKit/UIProcess/WebAuthentication/Mock/MockNfcService.mm:
(WebKit::MockNfcService::detectTags const):
Canonical link: https://commits.webkit.org/281829@main
Canonical link: https://commits.webkit.org/280938.193@safari-7619-branch
Commit: 17d0312962b368b0b3f28645fa2f6925151b75ab
https://github.com/WebKit/WebKit/commit/17d0312962b368b0b3f28645fa2f6925151b75ab
Author: Chris Dumez <cdumez at apple.com>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
M Source/WebCore/loader/TextResourceDecoder.cpp
M Source/WebCore/platform/Logging.h
Log Message:
-----------
Cherry-pick fa8948cde34c. rdar://133008864
Crash under makeString() in TextResourceDecoder::decodeAndFlush()
https://bugs.webkit.org/show_bug.cgi?id=277565
rdar://133008864
Reviewed by Darin Adler.
The crash seems to occurs because makeString() calls CRASH() when the resulting
String's size wouldn't fit in a int32_t. There is nothing guaranteeing that the
decoded data will have a size that will fit in a int32_t so I'm updating the
code to use tryMakeString() instead which handles overflows without crashing
and log an error in this case.
* Source/WebCore/loader/TextResourceDecoder.cpp:
(WebCore::TextResourceDecoder::decodeAndFlush):
Canonical link: https://commits.webkit.org/281811@main
Canonical link: https://commits.webkit.org/280938.194@safari-7619-branch
Commit: 1bac059fd67bbb28e4d8ab2823f17c0b357e1907
https://github.com/WebKit/WebKit/commit/1bac059fd67bbb28e4d8ab2823f17c0b357e1907
Author: Chris Dumez <cdumez at apple.com>
Date: 2024-08-05 (Mon, 05 Aug 2024)
Changed paths:
M Source/WebCore/Modules/webaudio/AudioWorkletProcessor.cpp
Log Message:
-----------
[WebAudio] Potential out of bounds read in copyDataFromBusesToJSArray()
https://bugs.webkit.org/show_bug.cgi?id=277639
rdar://132984512
Reviewed by Yusuke Suzuki.
The AudioWorkletProcessor constructs a JSArray of JSFloat32Arrays that is frozen.
Then it passes the JSArray to arbitrary JavaScript so it can modify the data in
the JSFloat32Arrays. Finally, we memcpy the data from the JSFloat32Arrays to our
audio buses. Because the array is frozen, we expected that the arrays couldn't
change. However, one could set a shared array buffer at a particular index by
modifying Array.prototype. This would render our memcpy logic unsafe since the
size of the array could change on the main thread while we memcpy on the audio
worklet thread.
To address the issue, I now call `getDirectIndex()` instead of `getIndex()` to
ignore values set on the Array prototype and only consider the ones I populated
the array with. I'm also adding validation to make sure the the JSFloat32Arrays
are not shared since I'm constructing unshared ones.
* Source/WebCore/Modules/webaudio/AudioWorkletProcessor.cpp:
(WebCore::getArrayAtIndex):
(WebCore::copyDataFromJSArrayToBuses):
(WebCore::copyDataFromBusesToJSArray):
(WebCore::zeroJSArray):
Canonical link: https://commits.webkit.org/280938.195@safari-7619-branch
Commit: fc3c985ce6705da50671a10dce66ef0a96e8d9f7
https://github.com/WebKit/WebKit/commit/fc3c985ce6705da50671a10dce66ef0a96e8d9f7
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2024-08-06 (Tue, 06 Aug 2024)
Changed paths:
M Source/WebCore/platform/cocoa/PlaybackSessionModel.h
M Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.h
M Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.mm
M Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm
M Source/WebCore/platform/mac/PlaybackSessionInterfaceMac.h
M Source/WebCore/platform/mac/PlaybackSessionInterfaceMac.mm
M Source/WebCore/platform/mac/WebPlaybackControlsManager.h
M Source/WebCore/platform/mac/WebPlaybackControlsManager.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h
M Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.h
M Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm
M Source/WebKit/UIProcess/mac/WebViewImpl.h
M Source/WebKit/UIProcess/mac/WebViewImpl.mm
M Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.h
M Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.messages.in
M Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.mm
M Tools/TestWebKitAPI/Tests/mac/InWindowFullscreen.mm
Log Message:
-----------
Cherry-pick 036ff9d5b8e4. rdar://132932256
Video Viewer: Exiting pip puts the video into inline and shrinks video content https://bugs.webkit.org/show_bug.cgi?id=277466 rdar://132932256
Reviewed by Jer Noble.
This patch adds new WKWebView SPI _enterInWindow and
_exitInWindow. _toggleInWindow enters in-window if the current mode is
anything other than in-window, and exits in-window if the current mode is
in-window. This patch separates that logic into two different methods. It will
be followed by a Safari patch utilizing the new SPI.
This bug occurs when a window occludes a video that is in viewer / in-window mode,
during which Safari puts the video into PiP mode. Then, if the user clicks
the return button on the pip window, the video enters inline mode instead of
in window mode, and the layout doesn't happen successfully in some way.
This bug is caused by WebKit and Safari racing to both change the video
mode from PiP to in-window. When the return from pip button is clicked,
this triggers webkit to set the presentation mode to in-window.
But during the exit pip process, the window becomes unoccluded,
and Safari calls _toggleInWindow in response. However because webkit has already
set the mode to in-window, calling _toggleInWindow makes the video go into inline.
This patch would give Safari the control to call either _enterInWindow or
_exitInWindow when it knows which one it wants to do. Calling _enterInWindow when the
mode is already set to in-window, or _exitInWindow when it is not in
in-window, has no effect.
* Source/WebCore/platform/cocoa/PlaybackSessionModel.h:
* Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.h:
* Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.mm:
(WebCore::PlaybackSessionModelMediaElement::enterInWindowFullscreen):
(WebCore::PlaybackSessionModelMediaElement::exitInWindowFullscreen):
(WebCore::PlaybackSessionModelMediaElement::toggleInWindowFullscreen): Deleted.
* Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm:
* Source/WebCore/platform/mac/PlaybackSessionInterfaceMac.h:
* Source/WebCore/platform/mac/PlaybackSessionInterfaceMac.mm:
(WebCore::PlaybackSessionInterfaceMac::enterInWindowFullscreen):
(WebCore::PlaybackSessionInterfaceMac::exitInWindowFullscreen):
(WebCore::PlaybackSessionInterfaceMac::toggleInWindowFullscreen): Deleted.
* Source/WebCore/platform/mac/WebPlaybackControlsManager.h:
* Source/WebCore/platform/mac/WebPlaybackControlsManager.mm:
(-[WebPlaybackControlsManager enterInWindow]):
(-[WebPlaybackControlsManager exitInWindow]):
(-[WebPlaybackControlsManager toggleInWindow]): Deleted.
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _enterInWindow]):
(-[WKWebView _exitInWindow]):
(-[WKWebView _toggleInWindow]): Deleted.
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h:
* Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.h:
* Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm:
(WebKit::PlaybackSessionModelContext::enterInWindowFullscreen):
(WebKit::PlaybackSessionModelContext::exitInWindowFullscreen):
(WebKit::PlaybackSessionManagerProxy::enterInWindow):
(WebKit::PlaybackSessionManagerProxy::exitInWindow):
(WebKit::PlaybackSessionModelContext::toggleInWindowFullscreen): Deleted.
(WebKit::PlaybackSessionManagerProxy::toggleInWindow): Deleted.
* Source/WebKit/UIProcess/mac/WebViewImpl.h:
* Source/WebKit/UIProcess/mac/WebViewImpl.mm:
(WebKit::WebViewImpl::enterInWindowFullscreen):
(WebKit::WebViewImpl::exitInWindowFullscreen):
(WebKit::WebViewImpl::toggleInWindowFullscreen): Deleted.
* Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.h:
* Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.messages.in:
* Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.mm:
(WebKit::PlaybackSessionManager::enterInWindow):
(WebKit::PlaybackSessionManager::exitInWindow):
(WebKit::PlaybackSessionManager::toggleInWindow): Deleted.
* Tools/TestWebKitAPI/Tests/mac/InWindowFullscreen.mm:
(TestWebKitAPI::TEST(InWindowFullscreen, EnterAndExitChangesIsActive)):
(TestWebKitAPI::TEST(InWindowFullscreen, EnterChangesIsActiveWithoutUserGesture)):
(TestWebKitAPI::TEST(InWindowFullscreen, ToggleChangesIsActive)): Deleted.
(TestWebKitAPI::TEST(InWindowFullscreen, ToggleChangesIsActiveWithoutUserGesture)): Deleted.
Canonical link: https://commits.webkit.org/281703@main
Canonical link: https://commits.webkit.org/280938.196@safari-7619-branch
Commit: 025cc714d0f2c42c1c75905a9e9e54790e5cce46
https://github.com/WebKit/WebKit/commit/025cc714d0f2c42c1c75905a9e9e54790e5cce46
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2024-08-06 (Tue, 06 Aug 2024)
Changed paths:
M Source/JavaScriptCore/runtime/OptionsList.h
Log Message:
-----------
Cherry-pick 09847b5f8528. rdar://133226254
[JSC] Adjust FTL tierup counts
https://bugs.webkit.org/show_bug.cgi?id=277640
rdar://133226254
Reviewed by Keith Miller.
Adjust FTL tierup counts based on new fresh data with newer benchmarks.
* Source/JavaScriptCore/runtime/OptionsList.h:
Canonical link: https://commits.webkit.org/281848@main
Canonical link: https://commits.webkit.org/280938.197@safari-7619-branch
Commit: 184702ecc4210535828e0e230e44e620d4e84509
https://github.com/WebKit/WebKit/commit/184702ecc4210535828e0e230e44e620d4e84509
Author: Matt Woodrow <mattwoodrow at apple.com>
Date: 2024-08-06 (Tue, 06 Aug 2024)
Changed paths:
A LayoutTests/compositing/visibility/omitted-hidden-layers-made-visible-expected.html
A LayoutTests/compositing/visibility/omitted-hidden-layers-made-visible.html
M Source/WebCore/rendering/RenderLayer.cpp
M Source/WebCore/rendering/RenderLayer.h
Log Message:
-----------
Cherry-pick fe06a69b5991. rdar://133089532
Media controls not entirely visible when viewing YouTube fullscreen.
https://bugs.webkit.org/show_bug.cgi?id=277618
<rdar://133089532>
Reviewed by Simon Fraser.
updateDescendantDependentFlags doesn't necessarily recurse the entire subtree
(due to the allFlagsSet early return).
This can result in descendants (not direct children) with a visibility change
fail to update the 'has visible descendant' on the intermediate layer.
collectLayers then doesn't recurse through the intermediate layer (which has a
stale 'has visible descendant' value), and we never re-add the newly visible
layer.
This changes updateDescendantDependentFlags to always recurse through the dirty
subtrees, since it's much easier to reason about, and the skipping was
relatively rare (required a mix-blend-mode child).
* LayoutTests/compositing/visibility/omitted-hidden-layers-made-visible-expected.html: Added.
* LayoutTests/compositing/visibility/omitted-hidden-layers-made-visible.html: Added.
* Source/WebCore/rendering/RenderLayer.cpp:
(WebCore::RenderLayer::collectLayers):
(WebCore::RenderLayer::updateDescendantDependentFlags):
* Source/WebCore/rendering/RenderLayer.h:
Canonical link: https://commits.webkit.org/281882@main
Canonical link: https://commits.webkit.org/280938.198@safari-7619-branch
Commit: d60a7835829969b56d2276a4210cb60f0636a4b4
https://github.com/WebKit/WebKit/commit/d60a7835829969b56d2276a4210cb60f0636a4b4
Author: Guoye Zhang <guoye_zhang at apple.com>
Date: 2024-08-06 (Tue, 06 Aug 2024)
Changed paths:
M Source/WebCore/platform/network/mac/ResourceErrorMac.mm
M Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm
Log Message:
-----------
Cherry-pick d89cd1cf5382. rdar://132952350
DNS filtering not flagging expected domains
https://bugs.webkit.org/show_bug.cgi?id=277515
rdar://132952350 (DNS filtering not flagging expected domains)
Reviewed by Alex Christensen.
The new network loader puts information in the top level user info dictionary instead of the underlying error's user info dictionary.
* Source/WebCore/platform/network/mac/ResourceErrorMac.mm:
(WebCore::ResourceError::blockedKnownTracker const):
(WebCore::ResourceError::blockedTrackerHostName const):
* Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:task:didCompleteWithError:]):
Canonical link: https://commits.webkit.org/281735@main
Canonical link: https://commits.webkit.org/280938.199@safari-7619-branch
Commit: 97a53469d5489d67239b99af82312805353f85ea
https://github.com/WebKit/WebKit/commit/97a53469d5489d67239b99af82312805353f85ea
Author: Megan Gardner <megan_gardner at apple.com>
Date: 2024-08-07 (Wed, 07 Aug 2024)
Changed paths:
M Source/WebCore/Headers.cmake
M Source/WebCore/WebCore.xcodeproj/project.pbxproj
M Source/WebCore/page/ChromeClient.h
A Source/WebCore/page/TextAnimationTypes.h
M Source/WebCore/page/writing-tools/WritingToolsController.mm
M Source/WebKit/DerivedSources-input.xcfilelist
M Source/WebKit/DerivedSources.make
M Source/WebKit/Scripts/webkit/messages.py
R Source/WebKit/Shared/TextAnimationType.serialization.in
A Source/WebKit/Shared/TextAnimationTypes.serialization.in
M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h
M Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.h
M Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm
M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
M Source/WebKit/UIProcess/PageClient.h
R Source/WebKit/UIProcess/TextAnimationType.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebPageProxy.messages.in
M Source/WebKit/UIProcess/WebPageProxyInternals.h
M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
M Source/WebKit/UIProcess/mac/WKTextAnimationManager.h
M Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm
M Source/WebKit/UIProcess/mac/WebViewImpl.h
M Source/WebKit/UIProcess/mac/WebViewImpl.mm
M Source/WebKit/WebKit.xcodeproj/project.pbxproj
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm
Log Message:
-----------
Cherry-pick c59eb741b593. rdar://132761782
Writing Tools test CompositionWithMultipleUndosAndRestarts fails on mac.
https://bugs.webkit.org/show_bug.cgi?id=276700
rdar://131891447
Reviewed by Richard Robinson.
This test was failing because we get the final set of text to replace, we were
not comparing it against the previously replaced range correctly. The previous
range was adjusted to the the actual range of the text before it was stored
but we were comparing that against the full range of text, which was incorrect
and also if the replaced text was shorter, it would cause a debug assertion
which then caused the web process to crash and the completion handlers to not
be called and crashed the UI process as well.
This adds a way to have the completion handlers be called and not do any work, so
the UI process won't crash as well, and also allows for the handler to replace
the text without running the animation again, as the final replace is always the
same as the second to last replace, and there is nothing to animate for that final
replace, so we skip the animation step.
* Source/WebCore/page/ChromeClient.h:
(WebCore::ChromeClient::addSourceTextAnimation):
* Source/WebCore/page/writing-tools/WritingToolsController.mm:
(WebCore::WritingToolsController::compositionSessionDidReceiveTextWithReplacementRange):
* Source/WebCore/page/writing-tools/WritingToolsTypes.h:
* Source/WebKit/DerivedSources-input.xcfilelist:
* Source/WebKit/DerivedSources.make:
* Source/WebKit/Scripts/webkit/messages.py:
(headers_for_type):
* Source/WebKit/Shared/TextAnimationTypes.serialization.in: Renamed from Source/WebKit/Shared/TextAnimationType.serialization.in.
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _enableSourceTextAnimationAfterElementWithID:]):
(-[WKWebView _enableFinalTextAnimationForElementWithID:]):
* Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm:
* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::addTextAnimationForAnimationID):
(WebKit::WebPageProxy::callCompletionHandlerForAnimationID):
* Source/WebKit/UIProcess/PageClient.h:
* Source/WebKit/UIProcess/TextAnimationTypes.h: Renamed from Source/WebKit/UIProcess/TextAnimationType.h.
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:
* Source/WebKit/UIProcess/WebPageProxyInternals.h:
* Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView callCompletionHandlerForAnimationID:]):
* Source/WebKit/UIProcess/mac/WKTextAnimationManager.h:
* Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm:
(-[WKTextAnimationManager addTextAnimationForAnimationID:withData:]):
(-[WKTextAnimationManager restoreTextAnimationType]):
* Source/WebKit/WebKit.xcodeproj/project.pbxproj:
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::addSourceTextAnimation):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h:
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h:
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm:
(WebKit::remainingCharacterRange):
(WebKit::TextAnimationController::addInitialTextAnimation):
(WebKit::TextAnimationController::addSourceTextAnimation):
(WebKit::TextAnimationController::addDestinationTextAnimation):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::addTextAnimationForAnimationID):
(WebKit::WebPage::addSourceTextAnimation):
* Source/WebKit/WebProcess/WebPage/WebPage.h:
Canonical link: https://commits.webkit.org/281219@main
Canonical link: https://commits.webkit.org/280938.200@safari-7619-branch
Commit: 1cdc3f5a9c0016ba311fae9f04d016537a495fa8
https://github.com/WebKit/WebKit/commit/1cdc3f5a9c0016ba311fae9f04d016537a495fa8
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-08-07 (Wed, 07 Aug 2024)
Changed paths:
M Source/WebCore/platform/graphics/cocoa/GraphicsContextCocoa.mm
M Source/WebCore/platform/graphics/coretext/FontCoreText.cpp
Log Message:
-----------
Cherry-pick 90ef48a44754. rdar://132761002
[Cocoa] Adopt CoreText API for adaptive image glyph rendering
https://bugs.webkit.org/show_bug.cgi?id=277085
rdar://132500882
Reviewed by Richard Robinson.
Drop SPI usage in favor of API.
* Source/WebCore/platform/graphics/cocoa/GraphicsContextCocoa.mm:
(WebCore::GraphicsContext::drawMultiRepresentationHEIC):
* Source/WebCore/platform/graphics/coretext/FontCoreText.cpp:
(WebCore::Font::metricsForMultiRepresentationHEIC const):
Canonical link: https://commits.webkit.org/281369@main
Canonical link: https://commits.webkit.org/280938.201@safari-7619-branch
Commit: beb7434a7dca4e858063c6421bd938ff0c6062d7
https://github.com/WebKit/WebKit/commit/beb7434a7dca4e858063c6421bd938ff0c6062d7
Author: Alex Christensen <achristensen at apple.com>
Date: 2024-08-07 (Wed, 07 Aug 2024)
Changed paths:
M Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h
M Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm
Log Message:
-----------
Cherry-pick 617566d2fe38. rdar://132847153
Pass proxy authentication challenges to WKNavigationDelegate when WKWebsiteDataStore.proxyConfigurations is set
https://bugs.webkit.org/show_bug.cgi?id=276964
rdar://132331802
Reviewed by Matthew Finkel.
* Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h:
* Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm:
(TestWebKitAPI::TEST(WebKit, ProxyConfigurationAuthentication)):
Canonical link: https://commits.webkit.org/281370@main
Canonical link: https://commits.webkit.org/280938.202@safari-7619-branch
Commit: 6435a83c6dd90182b63ad50af015b47fd87e95e4
https://github.com/WebKit/WebKit/commit/6435a83c6dd90182b63ad50af015b47fd87e95e4
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-08-07 (Wed, 07 Aug 2024)
Changed paths:
M Source/WebCore/editing/Editor.cpp
Log Message:
-----------
Cherry-pick 81b971e40172. rdar://133299558
Typed message body is mangled when typing in Mail
https://bugs.webkit.org/show_bug.cgi?id=277724
rdar://133299558
Reviewed by Wenson Hsieh.
Revert the only part of 281060 at main that involved a logic change on macOS.
* Source/WebCore/editing/Editor.cpp:
(WebCore::Editor::respondToChangedSelection):
Canonical link: https://commits.webkit.org/281930@main
Canonical link: https://commits.webkit.org/280938.203@safari-7619-branch
Commit: 21b2485ef0ab9db890e1cd1a250cf4463d73df3e
https://github.com/WebKit/WebKit/commit/21b2485ef0ab9db890e1cd1a250cf4463d73df3e
Author: Alex Christensen <achristensen at apple.com>
Date: 2024-08-07 (Wed, 07 Aug 2024)
Changed paths:
M Source/WebKit/Shared/Cocoa/WebErrorsCocoa.mm
M Source/WebKit/Shared/WebErrors.cpp
M Source/WebKit/Shared/WebErrors.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/LoadAndDecodeImage.mm
Log Message:
-----------
Cherry-pick cd58fda2512a. rdar://133136320
Image decode failures should not be WebKit internal errors
https://bugs.webkit.org/show_bug.cgi?id=277595
rdar://133136320
Reviewed by Tim Horton.
If an image fails to decode, that should not be reported as an internal error,
it should be a decode error. Otherwise we get these in stderr:
ERROR: WebKit encountered an internal error. This is a WebKit bug.
Also, the process was getting shut down during the message, so in practice
if an image took more than a moment to load it would fail. I manually verified
that adding preventProcessShutdownScope to the message fixes this issue.
* Source/WebKit/Shared/Cocoa/WebErrorsCocoa.mm:
(WebKit::decodeError):
* Source/WebKit/Shared/WebErrors.cpp:
(WebKit::decodeError):
* Source/WebKit/Shared/WebErrors.h:
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::loadAndDecodeImage):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/LoadAndDecodeImage.mm:
(TestWebKitAPI::TEST(WebKit, LoadAndDecodeImage)):
Canonical link: https://commits.webkit.org/281813@main
Canonical link: https://commits.webkit.org/280938.204@safari-7619-branch
Commit: f7c6855dd29e641269fbe3ffb07b9e5eb48a9480
https://github.com/WebKit/WebKit/commit/f7c6855dd29e641269fbe3ffb07b9e5eb48a9480
Author: Brianna Fan <bfan2 at apple.com>
Date: 2024-08-07 (Wed, 07 Aug 2024)
Changed paths:
M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/bugzilla.py
M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/radar.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/branch.py
Log Message:
-----------
Cherry-pick 281860 at main (56a9443f5307). rdar://131865099
git webkit branch asks for a radar too late when one is already cc'd
https://bugs.webkit.org/show_bug.cgi?id=276800
rdar://131865099
Reviewed by Jonathan Bedard.
Changes the order so radar prompting occurs before bug creation.
If a radar is provided, we prevent an automatic import.
* Tools/Scripts/libraries/webkitbugspy/webkitbugspy/bugzilla.py:
(Tracker.cc_radar): Override 'user_to_cc'.
* Tools/Scripts/libraries/webkitbugspy/webkitbugspy/radar.py:
(Tracker.create):
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/branch.py:
(Branch.cc_radar): Add 'rdar' argument. Prompting is kept when cc_radar is used outside of Branch.main.
(Branch.main): Change order of prompts.
Canonical link: https://commits.webkit.org/281860@main
Canonical link: https://commits.webkit.org/280938.205@safari-7619-branch
Commit: 2a6990b59bbc1840bb8c5640df18120f7a2f0c9c
https://github.com/WebKit/WebKit/commit/2a6990b59bbc1840bb8c5640df18120f7a2f0c9c
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2024-08-07 (Wed, 07 Aug 2024)
Changed paths:
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py
Log Message:
-----------
Cherry-pick 281972 at main (fa76ef4bea8e). rdar://133424258
[webkitcorepy] Bump setuptools version
https://bugs.webkit.org/show_bug.cgi?id=277784
rdar://133424258
Unreviewed version bump.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py: Bump setuptools version
for Python 3.9.
Canonical link: https://commits.webkit.org/281972@main
Canonical link: https://commits.webkit.org/280938.206@safari-7619-branch
Commit: bd3f9c90bfcd8c0ec684a842c025a247f57705f9
https://github.com/WebKit/WebKit/commit/bd3f9c90bfcd8c0ec684a842c025a247f57705f9
Author: Mike Wyrzykowski <mwyrzykowski at apple.com>
Date: 2024-08-08 (Thu, 08 Aug 2024)
Changed paths:
M Source/WebKit/GPUProcess/graphics/RemoteGraphicsContextGL.messages.in
M Source/WebKit/WebProcess/GPU/graphics/RemoteGraphicsContextGLProxy.h
Log Message:
-----------
Cherry-pick e2badf99cf10. rdar://133317583
[WebXR] EnableRequiredWebXRExtensions can't be behind the prompt
https://bugs.webkit.org/show_bug.cgi?id=277745
<radar://133317583>
Unreviewed partial revert of 281114 at main
The website may enable the extensions prior to entering immersive mode, so this
message can not be behind the UI prompt.
* Source/WebKit/GPUProcess/graphics/RemoteGraphicsContextGL.messages.in:
* Source/WebKit/WebProcess/GPU/graphics/RemoteGraphicsContextGLProxy.h:
Canonical link: https://commits.webkit.org/281947@main
Canonical link: https://commits.webkit.org/280938.207@safari-7619-branch
Commit: 85716fdab5b671d216eaee2b89260df242d62b7b
https://github.com/WebKit/WebKit/commit/85716fdab5b671d216eaee2b89260df242d62b7b
Author: Commit Queue <commit-queue at webkit.org>
Date: 2024-08-08 (Thu, 08 Aug 2024)
Changed paths:
R LayoutTests/http/tests/media/resources/hls/.htaccess
R LayoutTests/http/tests/performance/performance-resource-timing-cross-origin-media-expected.txt
R LayoutTests/http/tests/performance/performance-resource-timing-cross-origin-media-with-cors-expected.txt
R LayoutTests/http/tests/performance/performance-resource-timing-cross-origin-media-with-cors.html
R LayoutTests/http/tests/performance/performance-resource-timing-cross-origin-media.html
M LayoutTests/platform/glib/TestExpectations
M LayoutTests/platform/win/TestExpectations
M Source/WebCore/loader/MediaResourceLoader.cpp
M Source/WebCore/loader/MediaResourceLoader.h
Log Message:
-----------
Cherry-pick 1ac958daec65. rdar://132763216
Unreviewed, reverting 280985 at main.
https://bugs.webkit.org/show_bug.cgi?id=277759
Broke some HLS videos
Reverted changeset:
"Restrict performance entries from no-cors cross-origin media requests"
https://bugs.webkit.org/show_bug.cgi?id=276208
https://commits.webkit.org/280985@main
Canonical link: https://commits.webkit.org/281951@main
Canonical link: https://commits.webkit.org/280938.208@safari-7619-branch
Commit: f20946ede3813c6869faa18bfc3319393d5abb7e
https://github.com/WebKit/WebKit/commit/f20946ede3813c6869faa18bfc3319393d5abb7e
Author: Commit Queue <commit-queue at webkit.org>
Date: 2024-08-08 (Thu, 08 Aug 2024)
Changed paths:
M Source/WebCore/dom/Document.cpp
M Source/WebCore/dom/Document.h
M Source/WebCore/dom/Element.cpp
M Source/WebCore/dom/MouseRelatedEvent.cpp
M Source/WebCore/html/shadow/MediaControlTextTrackContainerElement.cpp
M Source/WebCore/page/LocalFrameView.cpp
M Source/WebCore/page/LocalFrameView.h
M Source/WebCore/page/LocalFrameViewLayoutContext.cpp
M Source/WebCore/page/LocalFrameViewLayoutContext.h
M Source/WebCore/rendering/RenderElement.cpp
M Source/WebCore/rendering/RenderElement.h
M Source/WebCore/rendering/RenderLayer.cpp
M Source/WebCore/rendering/RenderLayer.h
M Source/WebCore/rendering/RenderLayerInlines.h
M Source/WebCore/rendering/RenderLayerScrollableArea.cpp
Log Message:
-----------
Cherry-pick 2ae05609532b. rdar://133167925
Unreviewed, reverting 281227 at main.
https://bugs.webkit.org/show_bug.cgi?id=277770
Causes extra IPC to the UI process in some cases (<rdar://133167925>)
Reverted changeset:
"Speedometer 3: getBoundingClientRect spends time updating layer positions that it doesn't use."
https://bugs.webkit.org/show_bug.cgi?id=276393
https://commits.webkit.org/281227@main
Canonical link: https://commits.webkit.org/281957@main
Canonical link: https://commits.webkit.org/280938.209@safari-7619-branch
Commit: 182f3b9c6e50140ba370be855368724005d414c5
https://github.com/WebKit/WebKit/commit/182f3b9c6e50140ba370be855368724005d414c5
Author: Commit Queue <commit-queue at webkit.org>
Date: 2024-08-08 (Thu, 08 Aug 2024)
Changed paths:
M Source/WebCore/rendering/RenderBlock.cpp
M Source/WebCore/rendering/RenderBlock.h
M Source/WebCore/rendering/RenderBlockFlow.cpp
M Source/WebCore/rendering/RenderElement.cpp
M Source/WebCore/rendering/RenderInline.cpp
M Source/WebCore/rendering/RenderLineBoxList.cpp
M Source/WebCore/rendering/RenderObject.cpp
Log Message:
-----------
Cherry-pick 6ae7550718f6. rdar://133402480
Unreviewed, reverting 280578 at main.
https://bugs.webkit.org/show_bug.cgi?id=277798
Causes repaint issues on <http://music.youtube.com|music.youtube.com>
Reverted changeset:
"RenderElement::dirtyLinesFromChangedChild should only be called on svg content"
https://bugs.webkit.org/show_bug.cgi?id=276103
https://commits.webkit.org/280578@main
Canonical link: https://commits.webkit.org/281989@main
Canonical link: https://commits.webkit.org/280938.210@safari-7619-branch
Commit: fc0e181a97c6749b731d3927d36cf99fa42544b5
https://github.com/WebKit/WebKit/commit/fc0e181a97c6749b731d3927d36cf99fa42544b5
Author: Timothy Hatcher <timothy at apple.com>
Date: 2024-08-09 (Fri, 09 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIWindowsCocoa.mm
M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionActionCocoa.mm
M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionContextCocoa.mm
M Source/WebKit/UIProcess/Extensions/WebExtensionContext.h
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIAction.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIPermissions.mm
M Tools/TestWebKitAPI/cocoa/TestWebExtensionsDelegate.h
M Tools/TestWebKitAPI/cocoa/TestWebExtensionsDelegate.mm
M Tools/TestWebKitAPI/cocoa/WebExtensionUtilities.h
M Tools/TestWebKitAPI/cocoa/WebExtensionUtilities.mm
Log Message:
-----------
Cherry-pick dda12ca2d891. rdar://133332339
window.open() does not work in a Web Extension popup.
https://webkit.org/b/277728
rdar://133332339
Reviewed by Brian Weinstein.
Hook up `window.open()` to the web extension delegate methods to create a new window or tab
depending on if the new window delegate method is implemented or not. This dual-approach is
needed since creating windows is only supported on macOS.
* Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIWindowsCocoa.mm:
(WebKit::WebExtensionContext::windowsCreate):
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionActionCocoa.mm:
(-[_WKWebExtensionActionWebViewDelegate webView:decidePolicyForNavigationAction:decisionHandler:]): Remove ASSERT
since a new tab is not always guaranteed.
(-[_WKWebExtensionActionWebViewDelegate webView:createWebViewWithConfiguration:forNavigationAction:windowFeatures:]): Added.
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionContextCocoa.mm:
(WebKit::WebExtensionContext::canOpenNewWindow const): Added.
(WebKit::WebExtensionContext::openNewWindow): Added.
* Source/WebKit/UIProcess/Extensions/WebExtensionContext.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIAction.mm:
(TestWebKitAPI::TEST(WKWebExtensionAPIAction, WindowOpenOpensInNewWindow)): Added.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIPermissions.mm:
(TestWebKitAPI::TEST(WKWebExtensionAPIPermissions, AcceptPermissionsRequest)): Use Util::runScriptWithUserGesture.
(TestWebKitAPI::TEST(WKWebExtensionAPIPermissions, DenyPermissionsRequest)): Ditto.
(TestWebKitAPI::TEST(WKWebExtensionAPIPermissions, AcceptPermissionsDenyMatchPatternsRequest)): Ditto.
(TestWebKitAPI::TEST(WKWebExtensionAPIPermissions, RequestPermissionsOnly)): Ditto.
(TestWebKitAPI::TEST(WKWebExtensionAPIPermissions, RequestMatchPatternsOnly)): Ditto.
(TestWebKitAPI::TEST(WKWebExtensionAPIPermissions, GrantOnlySomePermissions)): Ditto.
(TestWebKitAPI::TEST(WKWebExtensionAPIPermissions, GrantOnlySomeMatchPatterns)): Ditto.
(TestWebKitAPI::TEST(WKWebExtensionAPIPermissions, ClipboardWriteWithRequest)): Ditto.
(TestWebKitAPI::runScriptWithUserGesture): Deleted.
* Tools/TestWebKitAPI/cocoa/TestWebExtensionsDelegate.h: Make new window delegate method macOS only.
* Tools/TestWebKitAPI/cocoa/TestWebExtensionsDelegate.mm: Ditto.
* Tools/TestWebKitAPI/cocoa/WebExtensionUtilities.mm:
(-[TestWebExtensionManager initForExtension:extensionControllerConfiguration:]): Ditto.
(TestWebKitAPI::Util::runScriptWithUserGesture): Added.
Canonical link: https://commits.webkit.org/281995@main
Canonical link: https://commits.webkit.org/280938.211@safari-7619-branch
Commit: 0bf3c4bb3eb1f6e9a61cc15006e1ba1e6fde1c86
https://github.com/WebKit/WebKit/commit/0bf3c4bb3eb1f6e9a61cc15006e1ba1e6fde1c86
Author: Simon Fraser <simon.fraser at apple.com>
Date: 2024-08-09 (Fri, 09 Aug 2024)
Changed paths:
A LayoutTests/fast/repaint/simplified-repaint-with-overflow-expected.txt
A LayoutTests/fast/repaint/simplified-repaint-with-overflow.html
M Source/WebCore/rendering/RenderLayer.cpp
Log Message:
-----------
Cherry-pick b72f845e52d9. rdar://132716595
REGRESSION (279847 at main): Expanding threaded emails in Fastmail web UI results in missing content, repaint artifacts, broken rendering
https://bugs.webkit.org/show_bug.cgi?id=277782
rdar://133344580
Reviewed by Tim Horton.
The optimization added in 279847 at main caused us to skip repaints on a layer which moved, when the movement is triggered by
layout on an ancestor layer. This caused repaint bugs on Google Sheets when dragging rows, and Fastmail when collapsing
rows.
Fix by undoing the "simplified repaint" optimization on the descendant layers of a layer with overflow, by removing the check for
the layer also having a transform.
* LayoutTests/fast/repaint/simplified-repaint-with-overflow-expected.txt: Added.
* LayoutTests/fast/repaint/simplified-repaint-with-overflow.html: Added.
* Source/WebCore/rendering/RenderLayer.cpp:
(WebCore::RenderLayer::recursiveUpdateLayerPositions):
Canonical link: https://commits.webkit.org/281993@main
Canonical link: https://commits.webkit.org/280938.212@safari-7619-branch
Commit: 808af4c3cac8aafc892aeefb127ab38636782902
https://github.com/WebKit/WebKit/commit/808af4c3cac8aafc892aeefb127ab38636782902
Author: Chris Dumez <cdumez at apple.com>
Date: 2024-08-09 (Fri, 09 Aug 2024)
Changed paths:
M Source/WTF/wtf/cf/VectorCF.h
M Source/WebKit/Shared/Cocoa/CoreIPCData.h
M Source/WebKit/Shared/Cocoa/CoreIPCData.serialization.in
Log Message:
-----------
Cherry-pick 2a510c1db4df. rdar://132787264
Make sure IPCData correctly encodes / decodes a null RetainPtr
https://bugs.webkit.org/show_bug.cgi?id=277369
rdar://132787264
Reviewed by Ryosuke Niwa.
We now serialize over IPC a `std::optional<std::span<const uint8_t>>` instead of
a `std::span<const uint8_t>`. This allows us to distinguish a null
`RetainPtr<CFDataRef>` and a pointer to a `CFDataRef` that is empty.
* Source/WTF/wtf/cf/VectorCF.h:
(WTF::toCFData):
* Source/WebKit/Shared/Cocoa/CoreIPCData.h:
(WebKit::CoreIPCData::CoreIPCData):
(WebKit::CoreIPCData::dataReference const):
* Source/WebKit/Shared/Cocoa/CoreIPCData.serialization.in:
Canonical link: https://commits.webkit.org/281615@main
Canonical link: https://commits.webkit.org/280938.213@safari-7619-branch
Commit: e3699f4a501142186fbafe3daacbe436b673339b
https://github.com/WebKit/WebKit/commit/e3699f4a501142186fbafe3daacbe436b673339b
Author: Megan Gardner <megan_gardner at apple.com>
Date: 2024-08-09 (Fri, 09 Aug 2024)
Changed paths:
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm
Log Message:
-----------
Cherry-pick 7ed26de67beb. rdar://131091868
During the rewrite animation, lines of text clip together and look bad.
https://bugs.webkit.org/show_bug.cgi?id=277387
rdar://131091868
Reviewed by Wenson Hsieh.
We need to not set the flag that uses the selection rects for determining
the text lines since it coalesces the lines of the same width together, and
gives us different information that what we want to run this animation.
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm:
(WebKit::TextAnimationController::addInitialTextAnimation):
(WebKit::TextAnimationController::createTextIndicatorForRange):
Canonical link: https://commits.webkit.org/281649@main
Canonical link: https://commits.webkit.org/280938.214@safari-7619-branch
Commit: c0e70f0438822f2410966e1b3d042d67e5129964
https://github.com/WebKit/WebKit/commit/c0e70f0438822f2410966e1b3d042d67e5129964
Author: Megan Gardner <megan_gardner at apple.com>
Date: 2024-08-09 (Fri, 09 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
Log Message:
-----------
Cherry-pick 758e1d6b9f05. rdar://132787248
Reported crash when sending nil for UUID of animation to remove.
https://bugs.webkit.org/show_bug.cgi?id=277425
rdar://132787248
Reviewed by Wenson Hsieh.
Swift doesn't work with nil values the same way that obj-c does
so we need to ensure that the value we are passing is not nil.
* Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView removeTextAnimationForAnimationID:]):
Canonical link: https://commits.webkit.org/281665@main
Canonical link: https://commits.webkit.org/280938.215@safari-7619-branch
Commit: 663bf1b9eebd8425f263fa42f464ff64791865e4
https://github.com/WebKit/WebKit/commit/663bf1b9eebd8425f263fa42f464ff64791865e4
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-08-09 (Fri, 09 Aug 2024)
Changed paths:
M Source/WebCore/editing/CompositeEditCommand.cpp
M Source/WebCore/editing/CompositeEditCommand.h
M Source/WebCore/editing/WritingToolsCompositionCommand.cpp
M Source/WebCore/editing/WritingToolsCompositionCommand.h
M Source/WebCore/page/writing-tools/WritingToolsController.h
M Source/WebCore/page/writing-tools/WritingToolsController.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm
Log Message:
-----------
Cherry-pick 292bb3d0d677. rdar://129926389
[Writing Tools] Make Table: Mail: Generated table has extra borderlines
https://bugs.webkit.org/show_bug.cgi?id=276315
rdar://129926389
Reviewed by Aditya Keerthi.
When `didReceiveText` is invoked multiple times when replacing text with a table, multiple table
elements were being created. This is because when the controller tries to re-create the context range
after the first table, it is unable to do so since selections cannot encompass a table or list element.
Fix by not trying to re-create the context range at all; instead, just undo the previous replacements,
and then the context range will always just be the original range for the current composition.
To facilitate this, add a 'silent' option when undo-ing a composition edit command so that a command can
be undone without adding it to the undo stack or emitting any type of event.
Additionally, since the TextAnimationController currently relies on being able to get the current range using
the session identifier, add a new property to the Writing Tools command to give this information.
* Source/WebCore/editing/CompositeEditCommand.cpp:
(WebCore::EditCommandComposition::unapply):
* Source/WebCore/editing/CompositeEditCommand.h:
* Source/WebCore/editing/WritingToolsCompositionCommand.cpp:
(WebCore::WritingToolsCompositionCommand::WritingToolsCompositionCommand):
(WebCore::WritingToolsCompositionCommand::replaceContentsOfRangeWithFragment):
* Source/WebCore/editing/WritingToolsCompositionCommand.h:
(WebCore::WritingToolsCompositionCommand::currentContextRange const):
* Source/WebCore/page/writing-tools/WritingToolsController.mm:
(WebCore::WritingToolsController::compositionSessionDidReceiveTextWithReplacementRange):
(WebCore::WritingToolsController::contextRangeForSessionWithID const):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm:
(makeTableAttributedString):
(TEST(WritingTools, CompositionWithTable)):
(TEST(WritingTools, SmartReplyWithInsertedSpace)):
Canonical link: https://commits.webkit.org/281780@main
Canonical link: https://commits.webkit.org/280938.216@safari-7619-branch
Commit: 12ffc83de258868d6ef930595625e2dfc56e8ae6
https://github.com/WebKit/WebKit/commit/12ffc83de258868d6ef930595625e2dfc56e8ae6
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-08-09 (Fri, 09 Aug 2024)
Changed paths:
M Source/WebCore/editing/ReplaceSelectionCommand.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm
Log Message:
-----------
Cherry-pick e11b028d2a5f. rdar://129024871
[Writing Tools] Text color becomes black-on-black when transforming into list while in dark mode in Mail
https://bugs.webkit.org/show_bug.cgi?id=277801
rdar://129024871
Reviewed by Wenson Hsieh.
In dark mode, Mail uses `-apple-color-filter: apple-invert-lightness()` to
invert colors for emails designed for light mode. In the past, this has
caused issues with pasted content, as colors could be doubly inverted,
resulting in illegible text (see 215122 at main for more details).
To avoid double inversion, `fragmentNeedsColorTransformed` reports whether the
fragment inserted by `ReplaceSelectionCommand` contains content that would be
illegible after color inversion is performed. It works by traversing the
inserted node tree, checking for inline styles and the lightness of colors.
However, the current implementation is flawed, as it early returns `false`, the
moment an inline style with sufficient lightness is encountered. This is
incorrect as an inline style encountered on a parent element, may later be
overridden by a child element. Which means that the used color for the text
may never be considered in the algorithm.
This issue manifests itself in Writing Tools, when a fragment like the following
is inserted:
```
<ul style="color: black">
<li style="color: white">Item 1</li>
<li style="color: white">Item 2</li>
</ul>
```
The algorithm first observes "black", detects that inverted black (white) would
be legible, and bails early from the color transform. However, the actual color
of text is white, which is black when inverted, and illegible in dark mode.
Fix by reworking the algorithm to perform a depth first search, keeping track
of the used inline color, so that the algorithm considers the right colors when
determining whether to perform transformation.
* Source/WebCore/editing/ReplaceSelectionCommand.cpp:
(WebCore::nodeTreeHasInlineStyleWithLegibleColorForInvertLightness):
(WebCore::fragmentNeedsColorTransformed):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm:
(TEST(PasteHTML, TransformColorsDependsOnUsedInlineStyle)):
The test expects the list item to have 'color: rgb(0, 0, 0)', as that will
appear white to the user following the color filter.
Canonical link: https://commits.webkit.org/282027@main
Canonical link: https://commits.webkit.org/280938.217@safari-7619-branch
Commit: 77a2189f65bc0c70182f5cb5b0145d2015afe32f
https://github.com/WebKit/WebKit/commit/77a2189f65bc0c70182f5cb5b0145d2015afe32f
Author: Tyler Wilcock <tyler_w at apple.com>
Date: 2024-08-09 (Fri, 09 Aug 2024)
Changed paths:
A LayoutTests/accessibility/tbody-with-display-table-expected.txt
A LayoutTests/accessibility/tbody-with-display-table.html
A LayoutTests/platform/glib/accessibility/tbody-with-display-table-expected.txt
M Source/WebCore/accessibility/AXObjectCache.cpp
M Source/WebCore/accessibility/AccessibilityTableCell.cpp
Log Message:
-----------
Cherry-pick b61776dc5860. rdar://132820485
AX: When display:table is applied to tbody elements, VoiceOver cannot find any content in the table
https://bugs.webkit.org/show_bug.cgi?id=277354
rdar://132820485
Reviewed by Chris Fleizach.
This is invalid markup and generally a really strange thing to do, but it renders fine visually, and
other browsers expose a valid accessibility tree, so we should too. This patch fixes this issue by
avoiding the creation of an AccessibilityTable for a RenderTable if the associated element is an
HTMLTableSectionElement, instead allowing the section element (e.g. tbody) to properly be considered a rowgroup.
* LayoutTests/accessibility/tbody-with-display-table-expected.txt: Added.
* LayoutTests/accessibility/tbody-with-display-table.html: Added.
* Source/WebCore/accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::createObjectFromRenderer):
* Source/WebCore/accessibility/AccessibilityTableCell.cpp:
(WebCore::AccessibilityTableCell::computeAccessibilityIsIgnored const):
(WebCore::AccessibilityTableCell::parentTable const):
Canonical link: https://commits.webkit.org/281648@main
Canonical link: https://commits.webkit.org/280938.218@safari-7619-branch
Commit: f5a57d34c9a5aaec88c61fef707ce7b3f4f7c211
https://github.com/WebKit/WebKit/commit/f5a57d34c9a5aaec88c61fef707ce7b3f4f7c211
Author: Timothy Hatcher <timothy at apple.com>
Date: 2024-08-12 (Mon, 12 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionWindowCocoa.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPITabs.mm
Log Message:
-----------
Cherry-pick 721d1e7f60f0. rdar://133546874
tabs.getSelected does not work for MV2 extensions.
https://webkit.org/b/277863
rdar://133546874
Reviewed by Brian Weinstein.
The `tabs.query` API included an optimization where `windowId: browser.windows.WINDOW_ID_CURRENT`
was simplified to `currentWindow: true`. However, this optimization occurred only at the parsing
level of the options, not within the UI process. This had an unintended impact on `tabs.getSelected`,
which was only passing the `active` and `windowIdentifier` parameters without the `currentWindow`
flag. As a result, the window identifier match check failed, leading to no results being returned.
To address this, we need a similar check for the current window identifier within the UI process.
This will allow us to correctly follow the current window path when performing window match checks.
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionWindowCocoa.mm:
(WebKit::WebExtensionWindow::matches const): Check `isCurrent` when using the `windowIdentifier`.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPITabs.mm:
(TestWebKitAPI::TEST(WKWebExtensionAPITabs, GetSelected)): Added.
(TestWebKitAPI::TEST(WKWebExtensionAPITabs, QueryWithCurrentWindow)): Added.
Canonical link: https://commits.webkit.org/282055@main
Canonical link: https://commits.webkit.org/280938.219@safari-7619-branch
Commit: 2791efcbcb1a4a16b2e25a58ecc6174ad658e29a
https://github.com/WebKit/WebKit/commit/2791efcbcb1a4a16b2e25a58ecc6174ad658e29a
Author: Marcus Plutowski <achierius at gmail.com>
Date: 2024-08-12 (Mon, 12 Aug 2024)
Changed paths:
M Source/JavaScriptCore/jit/ExecutableAllocator.h
M Source/WTF/wtf/PlatformEnable.h
Log Message:
-----------
Cherry-pick 207db7247e05. rdar://132273853
Check for runs of zero-bytes when linking AssemblerBuffer on x86
https://bugs.webkit.org/show_bug.cgi?id=276913
rdar://132273853
Reviewed by Yijia Huang.
The goal here is to detect memory corruption of the AssemblerBuffer
prior to link-time. On ARM64E, these would be caught at link-time via
the ARM64EHash feature within AssemblerBuffer, but due to that feature
being ARM64-specific, on x86 the link would succeed, leaving the
corruption to surface only when the code is executed, which makes it
much more difficult to identify the root cause.
* Source/JavaScriptCore/jit/ExecutableAllocator.h:
(JSC::performJITMemcpy):
* Source/WTF/wtf/PlatformEnable.h:
Canonical link: https://commits.webkit.org/282011@main
Canonical link: https://commits.webkit.org/280938.220@safari-7619-branch
Commit: 8c50cdf756c5583b5891afca24fbd6fad45b6112
https://github.com/WebKit/WebKit/commit/8c50cdf756c5583b5891afca24fbd6fad45b6112
Author: Pascoe <pascoe at apple.com>
Date: 2024-08-12 (Mon, 12 Aug 2024)
Changed paths:
M LayoutTests/editing/pasteboard/copy-paste-attachment.html
M LayoutTests/fast/attachment/attachment-dom.html
M LayoutTests/fast/attachment/attachment-folder-icon-expected.html
M LayoutTests/fast/attachment/attachment-icon-from-file-extension-expected.html
M LayoutTests/fast/attachment/attachment-label-highlight.html
M LayoutTests/fast/attachment/attachment-progress.html
M LayoutTests/fast/attachment/attachment-select-on-click-inside-user-select-all.html
M LayoutTests/fast/attachment/attachment-select-on-click.html
M LayoutTests/fast/attachment/attachment-subtitle.html
M LayoutTests/fast/attachment/attachment-title.html
M LayoutTests/fast/attachment/attachment-type-attribute-expected.html
M LayoutTests/fast/attachment/cocoa/wide-attachment-dom.html
M LayoutTests/fast/attachment/cocoa/wide-attachment-folder-icon-expected.html
M LayoutTests/fast/attachment/cocoa/wide-attachment-icon-from-file-extension-expected.html
M LayoutTests/fast/attachment/mac/attachment-keynote-icon-expected.html
M LayoutTests/fast/attachment/mac/attachment-numbers-icon-expected.html
M LayoutTests/fast/attachment/mac/attachment-pages-icon-expected.html
M LayoutTests/fast/attachment/mac/wide-attachment-type-attribute-expected.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-convert-to-download-async-delegate.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-convert-to-download.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-blank-base-target-popup-not-allowed.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-blank-target-popup-not-allowed.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-blank-target.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-no-extension.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download.html
M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
M Source/WTF/wtf/FileSystem.cpp
M Source/WTF/wtf/FileSystem.h
M Source/WebCore/page/ChromeClient.h
M Source/WebCore/testing/Internals.cpp
M Source/WebCore/testing/Internals.h
M Source/WebCore/testing/Internals.idl
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in
M Source/WebKit/NetworkProcess/NetworkProcess.cpp
M Source/WebKit/NetworkProcess/NetworkProcess.h
M Source/WebKit/NetworkProcess/NetworkProcess.messages.in
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.h
M Source/WebKit/Shared/NetworkProcessPreferencesForWebProcess.h
M Source/WebKit/Shared/NetworkProcessPreferencesForWebProcess.serialization.in
M Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp
M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
M Source/WebKit/UIProcess/Cocoa/WebPasteboardProxyCocoa.mm
M Source/WebKit/UIProcess/ProvisionalPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebPasteboardProxy.h
M Source/WebKit/UIProcess/WebProcessProxy.cpp
M Source/WebKit/UIProcess/WebProcessProxy.h
M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
M Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm
M Source/WebKit/UIProcess/mac/WebPageProxyMac.mm
M Source/WebKit/UIProcess/mac/WebViewImpl.mm
M Source/WebKit/UIProcess/win/WebView.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.h
M Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/RunOpenPanel.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/UploadDirectory.mm
Log Message:
-----------
Cherry-pick 9febfdbe1756. rdar://80200949
Add validation to file-backed blob urls from WebContent
https://bugs.webkit.org/show_bug.cgi?id=276193
rdar://80200949
Reviewed by Alex Christensen.
This validates that file paths are valid for a given WebContent process when registering the blob
* LayoutTests/editing/pasteboard/copy-paste-attachment.html:
* LayoutTests/fast/attachment/attachment-dom.html:
* LayoutTests/fast/attachment/attachment-folder-icon-expected.html:
* LayoutTests/fast/attachment/attachment-icon-from-file-extension-expected.html:
* LayoutTests/fast/attachment/attachment-label-highlight.html:
* LayoutTests/fast/attachment/attachment-progress.html:
* LayoutTests/fast/attachment/attachment-select-on-click-inside-user-select-all.html:
* LayoutTests/fast/attachment/attachment-select-on-click.html:
* LayoutTests/fast/attachment/attachment-subtitle.html:
* LayoutTests/fast/attachment/attachment-title.html:
* LayoutTests/fast/attachment/attachment-type-attribute-expected.html:
* LayoutTests/fast/attachment/cocoa/wide-attachment-dom.html:
* LayoutTests/fast/attachment/cocoa/wide-attachment-folder-icon-expected.html:
* LayoutTests/fast/attachment/cocoa/wide-attachment-icon-from-file-extension-expected.html:
* LayoutTests/fast/attachment/mac/attachment-keynote-icon-expected.html:
* LayoutTests/fast/attachment/mac/attachment-numbers-icon-expected.html:
* LayoutTests/fast/attachment/mac/attachment-pages-icon-expected.html:
* LayoutTests/fast/attachment/mac/wide-attachment-type-attribute-expected.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-convert-to-download-async-delegate.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-convert-to-download.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-blank-base-target-popup-not-allowed.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-blank-target-popup-not-allowed.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-blank-target.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-no-extension.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download.html:
* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
* Source/WebCore/page/ChromeClient.h:
(WebCore::ChromeClient::registerBlobPathForTesting):
* Source/WebCore/testing/Internals.cpp:
(WebCore::Internals::createFile):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::isFilePathAllowed):
(WebKit::NetworkConnectionToWebProcess::registerInternalFileBlobURL):
(WebKit::NetworkConnectionToWebProcess::registerInternalBlobURLOptionallyFileBacked):
(WebKit::NetworkConnectionToWebProcess::registerBlobPathForTesting):
(WebKit::NetworkConnectionToWebProcess::allowAccessToFile):
(WebKit::NetworkConnectionToWebProcess::allowAccessToFiles):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h:
(WebKit::NetworkConnectionToWebProcess::blobFileAccessEnforcementEnabled const):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in:
* Source/WebKit/NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::allowFilesAccessFromWebProcess):
(WebKit::NetworkProcess::allowFileAccessFromWebProcess):
* Source/WebKit/NetworkProcess/NetworkProcess.h:
* Source/WebKit/NetworkProcess/NetworkProcess.messages.in:
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.h:
* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::grantAccessToCurrentPasteboardData):
* Source/WebKit/UIProcess/Cocoa/WebPasteboardProxyCocoa.mm:
(WebKit::WebPasteboardProxy::grantAccessToCurrentData):
* Source/WebKit/UIProcess/ProvisionalPageProxy.cpp:
(WebKit::ProvisionalPageProxy::goToBackForwardItem):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::maybeInitializeSandboxExtensionHandle):
(WebKit::WebPageProxy::loadRequestWithNavigationShared):
(WebKit::WebPageProxy::loadFile):
(WebKit::WebPageProxy::loadDataWithNavigationShared):
(WebKit::WebPageProxy::loadSimulatedRequest):
(WebKit::WebPageProxy::loadAlternateHTML):
(WebKit::WebPageProxy::reload):
(WebKit::WebPageProxy::executeEditCommand):
(WebKit::WebPageProxy::performDragOperation):
(WebKit::WebPageProxy::performDragControllerAction):
(WebKit::WebPageProxy::receivedNavigationActionPolicyDecision):
(WebKit::WebPageProxy::contextMenuItemSelected):
(WebKit::WebPageProxy::didChooseFilesForOpenPanel):
(WebKit::WebPageProxy::platformDidSelectItemFromActiveContextMenu):
(WebKit::WebPageProxy::willPerformPasteCommand):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPasteboardProxy.h:
* Source/WebKit/UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::shouldSendPendingMessage):
(WebKit::WebProcessProxy::assumeReadAccessToBaseURL):
(WebKit::WebProcessProxy::assumeReadAccessToBaseURLs):
* Source/WebKit/UIProcess/WebProcessProxy.h:
* Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView _handleDOMPasteRequestWithResult:]):
* Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm:
(WebKit::WebPageProxy::willPerformPasteCommand):
* Source/WebKit/UIProcess/mac/WebPageProxyMac.mm:
(WebKit::WebPageProxy::readSelectionFromPasteboard):
(WebKit::WebPageProxy::platformDidSelectItemFromActiveContextMenu):
(WebKit::WebPageProxy::willPerformPasteCommand):
* Source/WebKit/UIProcess/mac/WebViewImpl.mm:
(WebKit::performDragWithLegacyFiles):
(WebKit::handleLegacyFilesPasteboard):
(WebKit::WebViewImpl::performDragOperation):
(WebKit::WebViewImpl::requestDOMPasteAccess):
(WebKit::WebViewImpl::handleDOMPasteRequestForCategoryWithResult):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::registerBlobPathForTesting):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h:
* Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.h:
* Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.mm:
(WebChromeClient::registerBlobPathForTesting):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/RunOpenPanel.mm:
(TestWebKitAPI::TEST(WebKit, RunOpenPanelNonLatin1)):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/UploadDirectory.mm:
(TEST(WebKit, UploadDirectory)):
Canonical link: https://commits.webkit.org/281966@main
Canonical link: https://commits.webkit.org/280938.221@safari-7619-branch
Commit: 3a130a4224506c99dafad51341ecee287431fd55
https://github.com/WebKit/WebKit/commit/3a130a4224506c99dafad51341ecee287431fd55
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2024-08-12 (Mon, 12 Aug 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7619.2.2
Canonical link: https://commits.webkit.org/280938.222@safari-7619-branch
Commit: 6948b6fd53b3508dad80bb190d71e69fd58bf251
https://github.com/WebKit/WebKit/commit/6948b6fd53b3508dad80bb190d71e69fd58bf251
Author: Ryosuke Niwa <rniwa at webkit.org>
Date: 2024-08-13 (Tue, 13 Aug 2024)
Changed paths:
M Source/WebCore/editing/cocoa/DataDetection.mm
Log Message:
-----------
Cherry-pick 46c9caf0ef79. rdar://133365786
Release assert in TimerBase::setNextFireTime via DispatchWorkItem::~DispatchWorkItem
https://bugs.webkit.org/show_bug.cgi?id=277955
Reviewed by Chris Dumez and Wenson Hsieh.
The release assert was hit because we were trying to destruct Document in a background thread.
Fixed the bug by destructing the document and other main-thread only objects in the main thread.
* Source/WebCore/editing/cocoa/DataDetection.mm:
(WebCore::DataDetection::detectContentInFrame):
Canonical link: https://commits.webkit.org/282128@main
Canonical link: https://commits.webkit.org/280938.223@safari-7619-branch
Commit: f482d62f37ef3769a02345befba869a56a43328e
https://github.com/WebKit/WebKit/commit/f482d62f37ef3769a02345befba869a56a43328e
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-08-13 (Tue, 13 Aug 2024)
Changed paths:
M Source/WebCore/page/ChromeClient.h
M Source/WebCore/page/Page.cpp
M Source/WebCore/page/Page.h
M Source/WebCore/page/writing-tools/WritingToolsController.h
M Source/WebCore/page/writing-tools/WritingToolsController.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h
M Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.h
M Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm
M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
M Source/WebKit/UIProcess/PageClient.h
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebPageProxy.messages.in
M Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm
M Source/WebKit/UIProcess/mac/WebViewImpl.h
M Source/WebKit/UIProcess/mac/WebViewImpl.mm
M Source/WebKit/WebKitSwift/TextAnimation/TextAnimationManager.swift
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm
M Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Source/WebKit/WebProcess/WebPage/WebPage.messages.in
Log Message:
-----------
Cherry-pick a42d8d1b5802. rdar://130995812
[Writing Tools] macOS: Selection should be hidden when the pondering animation begins, stay hidden until all animations complete
https://bugs.webkit.org/show_bug.cgi?id=277873
rdar://130995812
Reviewed by Wenson Hsieh.
Clear the selection when a session begins, and reveal it when the session replacement animation is completely done.
To facilitate the latter, the UI process now maintains a counter of ongoing intelligence text animations. There are
several distinct sequence of events that should cause the selection to be revealed, assuming a replacement is done
in multiple pieces;
1) The sequence
a. `didReceive` [finished=false]
b. animation 1 starts
c. animation 1 ends
d. `didReceive` [finished=false]
e. animation 2 starts
f. animation 2 ends
g. `didReceive` [finished=true].
In this case, all animations are complete before `finished` is true. Therefore, by (g), the counter will be 0, and
the call from `didReceive` with `finished = true` can reveal the selection.
2) The sequence
a. `didReceive` [finished=false]
b. `didReceive` [finished=false]
c. `didReceive` [finished=true].
d. animation 1 starts
e. animation 1 ends
f. animation 2 starts
g. animation 2 ends
In this case, the call from `didReceive` where `finished = true` happens prior to all the animations finishing. In this
case, the UI process notes that the replacement is finished. Then, in the text animation manager, when the last animation
finishes (which is known via maintaining the counter of animations), then `finished` will be true, and the selection will
be revealed.
Drive-by fix: Fix and improve some formatting across various files.
* Source/WebCore/page/ChromeClient.h:
(WebCore::ChromeClient::addSourceTextAnimation):
(WebCore::ChromeClient::addDestinationTextAnimation):
* Source/WebCore/page/Page.cpp:
(WebCore::Page::showSelectionForWritingToolsSessionWithID const):
* Source/WebCore/page/Page.h:
* Source/WebCore/page/writing-tools/WritingToolsController.h:
* Source/WebCore/page/writing-tools/WritingToolsController.mm:
(WebCore::WritingToolsController::willBeginWritingToolsSession):
(WebCore::WritingToolsController::showSelectionForWritingToolsSessionWithID const):
(WebCore::WritingToolsController::compositionSessionDidFinishReplacement):
(WebCore::WritingToolsController::compositionSessionDidReceiveTextWithReplacementRangeAsync):
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _addTextAnimationForAnimationID:withData:]):
(-[WKWebView _removeTextAnimationForAnimationID:]):
(-[WKWebView _deferIntelligenceTextAnimation]):
(-[WKWebView willBeginWritingToolsSession:requestContexts:]):
(-[WKWebView compositionSession:didReceiveText:replacementRange:inContext:finished:]):
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h:
* Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.h:
* Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm:
(WebKit::PageClientImplCocoa::deferIntelligenceTextAnimation):
* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::enableSourceTextAnimationAfterElementWithID):
(WebKit::WebPageProxy::getTextIndicatorForID):
(WebKit::WebPageProxy::updateUnderlyingTextVisibilityForTextAnimationID):
(WebKit::WebPageProxy::showSelectionForWritingToolsSessionAssociatedWithAnimationID):
(WebKit::WebPageProxy::showSelectionForWritingToolsSessionWithID):
(WebKit::WebPageProxy::deferIntelligenceTextAnimation):
* Source/WebKit/UIProcess/PageClient.h:
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:
* Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm:
(-[WKTextAnimationManager addTextAnimationForAnimationID:withData:]):
* Source/WebKit/UIProcess/mac/WebViewImpl.h:
* Source/WebKit/UIProcess/mac/WebViewImpl.mm:
(WebKit::WebViewImpl::hasContentRelativeChildViews const):
(WebKit::WebViewImpl::suppressContentRelativeChildViews):
(WebKit::WebViewImpl::restoreContentRelativeChildViews):
(WebKit::WebViewImpl::addTextAnimationForAnimationID):
(WebKit::WebViewImpl::removeTextAnimationForAnimationID):
(WebKit::WebViewImpl::writingToolsSessionWillBegin):
(WebKit::WebViewImpl::writingToolsCompositionSessionDidReceiveReplacements):
(WebKit::WebViewImpl::isWritingToolsTextReplacementsFinished const):
(WebKit::WebViewImpl::isIntelligenceTextPonderingAnimationFinished const):
(WebKit::WebViewImpl::willBeginPartialIntelligenceTextPonderingAnimation):
(WebKit::WebViewImpl::didEndPartialIntelligenceTextPonderingAnimation):
* Source/WebKit/WebKitSwift/TextAnimation/TextAnimationManager.swift:
(TextAnimationManager.targetedPreview(for:)):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::addSourceTextAnimation):
(WebKit::WebChromeClient::addDestinationTextAnimation):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h:
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h:
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm:
(WebKit::remainingCharacterRange):
(WebKit::TextAnimationController::addSourceTextAnimation):
(WebKit::TextAnimationController::addDestinationTextAnimation):
(WebKit::TextAnimationController::showSelectionForWritingToolsSessionAssociatedWithAnimationID):
(WebKit::TextAnimationController::updateUnderlyingTextVisibilityForTextAnimationID):
* Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm:
(WebKit::WebPage::addTextAnimationForAnimationID):
(WebKit::WebPage::removeTextAnimationForAnimationID):
(WebKit::WebPage::removeTransparentMarkersForSessionID):
(WebKit::WebPage::removeInitialTextAnimation):
(WebKit::WebPage::addInitialTextAnimation):
(WebKit::WebPage::addSourceTextAnimation):
(WebKit::WebPage::addDestinationTextAnimation):
(WebKit::WebPage::clearAnimationsForSessionID):
(WebKit::WebPage::showSelectionForWritingToolsSessionAssociatedWithAnimationID):
(WebKit::WebPage::showSelectionForWritingToolsSessionWithID):
(WebKit::WebPage::deferIntelligenceTextAnimation):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::addTextAnimationForAnimationID): Deleted.
(WebKit::WebPage::removeTextAnimationForAnimationID): Deleted.
(WebKit::WebPage::removeTransparentMarkersForSessionID): Deleted.
(WebKit::WebPage::removeInitialTextAnimation): Deleted.
(WebKit::WebPage::addInitialTextAnimation): Deleted.
(WebKit::WebPage::addSourceTextAnimation): Deleted.
(WebKit::WebPage::addDestinationTextAnimation): Deleted.
(WebKit::WebPage::clearAnimationsForSessionID): Deleted.
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:
Canonical link: https://commits.webkit.org/282125@main
Canonical link: https://commits.webkit.org/280938.224@safari-7619-branch
Commit: 861700cd1f95d79d36f01cafe18f26a3534dd536
https://github.com/WebKit/WebKit/commit/861700cd1f95d79d36f01cafe18f26a3534dd536
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-08-13 (Tue, 13 Aug 2024)
Changed paths:
M Source/WebCore/editing/cocoa/EditorCocoa.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/AdaptiveImageGlyph.mm
Log Message:
-----------
Cherry-pick 1235e0b1e525. rdar://130934430
[Cocoa] Mail sometimes shows placeholder text instead of an adaptive image glyph
https://bugs.webkit.org/show_bug.cgi?id=277937
rdar://130934430
Reviewed by Richard Robinson.
Adaptive image glyph attachments are occasionally going missing in Mail. In the
failure scenario, it is observed that `-[WKWebView _webView:didInsertAttachment:withSource:]`
is not being called.
The cause of the issue is due to the fact that attachment elements are created
and attached to the originally created `<source>` and `<img>` elements after
the `ReplaceSelectionCommand` performed. This is problematic as
`ReplaceSelectionCommand` may clone nodes and discard the original, in order
to merge paragraphs. Consequently, the attachment elements can be added to
"stale" nodes which are never actually inserted into the document.
Fix by creating and associating attachment elements prior to performing
the `ReplaceSelectionCommand`. This ensures that attachment elements are
always present on the nodes which end up in the document.
* Source/WebCore/editing/cocoa/EditorCocoa.mm:
(WebCore::Editor::insertMultiRepresentationHEIC):
Associate attachments before performing the `ReplaceSelectionCommand`.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/AdaptiveImageGlyph.mm:
(TestWebKitAPI::TEST(AdaptiveImageGlyph, InsertWKAttachmentsMovingParagraphs)):
Use a test case directly from real Mail content.
Canonical link: https://commits.webkit.org/282121@main
Canonical link: https://commits.webkit.org/280938.225@safari-7619-branch
Commit: a115b10a8580162a1e8e370dd56cf868610bef0b
https://github.com/WebKit/WebKit/commit/a115b10a8580162a1e8e370dd56cf868610bef0b
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-08-13 (Tue, 13 Aug 2024)
Changed paths:
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm
Log Message:
-----------
Cherry-pick 951c5a4af8f6. rdar://133712303
[Writing Tools] WritingTools.SuggestedTextIsSelectedAfterSmartReply test is failing
https://bugs.webkit.org/show_bug.cgi?id=277980
rdar://133712303
Reviewed by Aditya Keerthi and Abrar Rahman Protyasha.
Update the test to reflect how the API is actually exercised, and add a delay since selection disappearance/appearance
is now done as a result of async methods.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm:
(TEST(WritingTools, SuggestedTextIsSelectedAfterSmartReply)):
Canonical link: https://commits.webkit.org/282137@main
Canonical link: https://commits.webkit.org/280938.226@safari-7619-branch
Commit: 87c640d84f21448662414896a92d5e010f3e5823
https://github.com/WebKit/WebKit/commit/87c640d84f21448662414896a92d5e010f3e5823
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-08-13 (Tue, 13 Aug 2024)
Changed paths:
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm
Log Message:
-----------
Cherry-pick 29fb9af4daf6. rdar://132910026
[Writing Tools] Mail body temporarily disappears when accepting short form smart reply until questionnaire appears
https://bugs.webkit.org/show_bug.cgi?id=277966
rdar://132910026
Reviewed by Tim Horton.
During the Writing Tools text animation, the text in the session range that has not yet been animated is supposed
to be hidden for the duration of the animation. However, the entire text from the end of the animated range to the
end of the entire document was erroneously being hidden.
As a result, when using Smart Replies, the entire document is hidden during the animation since the session range
is a caret range.
Fix by adjusting the range of the text that is not yet animated to end at the end of the session range instead of
the entire document.
Also, fix some formatting issues, and use the correct types in more places.
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h:
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm:
(WebKit::TextAnimationController::unreplacedRangeForSessionWithID const):
(WebKit::TextAnimationController::contextRangeForTextAnimationID const):
(WebKit::TextAnimationController::removeTransparentMarkersForSessionID):
(WebKit::TextAnimationController::removeInitialTextAnimation):
(WebKit::TextAnimationController::addInitialTextAnimation):
(WebKit::TextAnimationController::addSourceTextAnimation):
(WebKit::TextAnimationController::addDestinationTextAnimation):
(WebKit::TextAnimationController::showSelectionForWritingToolsSessionAssociatedWithAnimationID):
(WebKit::TextAnimationController::updateUnderlyingTextVisibilityForTextAnimationID):
(WebKit::TextAnimationController::clearAnimationsForSessionID):
(WebKit::TextAnimationController::createTextIndicatorForTextAnimationID):
Canonical link: https://commits.webkit.org/282133@main
Canonical link: https://commits.webkit.org/280938.227@safari-7619-branch
Commit: 3df2bdaf8f88f7ec97da4da338bb2f08f9165724
https://github.com/WebKit/WebKit/commit/3df2bdaf8f88f7ec97da4da338bb2f08f9165724
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-08-15 (Thu, 15 Aug 2024)
Changed paths:
M Source/WebCore/editing/cocoa/AttributedString.mm
Log Message:
-----------
Cherry-pick 282203 at main (3afd0a129bab). rdar://133802019
Fix the build on some Cocoa configurations
Unreviewed build fix.
* Source/WebCore/editing/cocoa/AttributedString.mm:
(WebCore::toWebMultiRepresentationHEICAttachment):
Canonical link: https://commits.webkit.org/282203@main rdar://133794651
Canonical link: https://commits.webkit.org/280938.228@safari-7619-branch
Commit: 74ca3ec1b63e030b18f775b28ef842e60fccb88e
https://github.com/WebKit/WebKit/commit/74ca3ec1b63e030b18f775b28ef842e60fccb88e
Author: Per Arne Vollan <pvollan at apple.com>
Date: 2024-08-15 (Thu, 15 Aug 2024)
Changed paths:
M Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in
M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm
M Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm
Log Message:
-----------
Cherry-pick 4dadd40c1215. rdar://133030904
Disable logd blocking in WebContent
https://bugs.webkit.org/show_bug.cgi?id=277983
rdar://133030904
Reviewed by Chris Dumez.
Disable logd blocking in WebContent to avoid log quarantines. For Lockdown Mode, we still block logd.
* Source/WTF/wtf/PlatformEnableCocoa.h:
* Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
* Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm:
(WebKit::ProcessLauncher::finishLaunchingProcess):
* Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeProcess):
Canonical link: https://commits.webkit.org/282195@main
Canonical link: https://commits.webkit.org/280938.229@safari-7619-branch
Commit: 8985410e350c8ac2444ef9d7e868ae3d3210d3aa
https://github.com/WebKit/WebKit/commit/8985410e350c8ac2444ef9d7e868ae3d3210d3aa
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-08-15 (Thu, 15 Aug 2024)
Changed paths:
M Source/WebCore/dom/DocumentMarker.h
M Source/WebCore/page/ChromeClient.h
M Source/WebCore/page/Page.cpp
M Source/WebCore/page/Page.h
M Source/WebCore/page/writing-tools/WritingToolsController.h
M Source/WebCore/page/writing-tools/WritingToolsController.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h
M Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.h
M Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm
M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
M Source/WebKit/UIProcess/PageClient.h
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebPageProxy.messages.in
M Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm
M Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Source/WebKit/WebProcess/WebPage/WebPage.messages.in
Log Message:
-----------
Cherry-pick 4ef46f4e4c95. rdar://133726884
[Writing Tools] Remove unnecessary infrastructure to support concurrent Writing Tools sessions
https://bugs.webkit.org/show_bug.cgi?id=277998
rdar://133726884
Reviewed by Aditya Keerthi.
There's no need to support multiple sessions, and doing so significantly increases the complexity of the code.
* Source/WebCore/dom/DocumentMarker.h:
* Source/WebCore/page/ChromeClient.h:
(WebCore::ChromeClient::proofreadingSessionShowDetailsForSuggestionWithIDRelativeToRect):
(WebCore::ChromeClient::proofreadingSessionUpdateStateForSuggestionWithID):
(WebCore::ChromeClient::removeTransparentMarkersForActiveWritingToolsSession):
(WebCore::ChromeClient::removeInitialTextAnimationForActiveWritingToolsSession):
(WebCore::ChromeClient::addInitialTextAnimationForActiveWritingToolsSession):
(WebCore::ChromeClient::addSourceTextAnimationForActiveWritingToolsSession):
(WebCore::ChromeClient::addDestinationTextAnimationForActiveWritingToolsSession):
(WebCore::ChromeClient::clearAnimationsForActiveWritingToolsSession):
(WebCore::ChromeClient::removeTransparentMarkersForSessionID): Deleted.
(WebCore::ChromeClient::removeInitialTextAnimation): Deleted.
(WebCore::ChromeClient::addInitialTextAnimation): Deleted.
(WebCore::ChromeClient::addSourceTextAnimation): Deleted.
(WebCore::ChromeClient::addDestinationTextAnimation): Deleted.
(WebCore::ChromeClient::clearAnimationsForSessionID): Deleted.
* Source/WebCore/page/Page.cpp:
(WebCore::Page::writingToolsSessionDidReceiveAction):
(WebCore::Page::contextRangeForActiveWritingToolsSession const):
(WebCore::Page::showSelectionForActiveWritingToolsSession const):
(WebCore::Page::contextRangeForSessionWithID const): Deleted.
(WebCore::Page::showSelectionForWritingToolsSessionWithID const): Deleted.
* Source/WebCore/page/Page.h:
* Source/WebCore/page/writing-tools/WritingToolsController.h:
* Source/WebCore/page/writing-tools/WritingToolsController.mm:
(WebCore::WritingToolsController::willBeginWritingToolsSession):
(WebCore::WritingToolsController::proofreadingSessionDidReceiveSuggestions):
(WebCore::WritingToolsController::proofreadingSessionDidUpdateStateForSuggestion):
(WebCore::WritingToolsController::showSelection const):
(WebCore::WritingToolsController::compositionSessionDidFinishReplacement):
(WebCore::WritingToolsController::compositionSessionDidReceiveTextWithReplacementRangeAsync):
(WebCore::WritingToolsController::compositionSessionDidReceiveTextWithReplacementRange):
(WebCore::WritingToolsController::writingToolsSessionDidReceiveAction<WritingTools::Session::Type::Proofreading>):
(WebCore::WritingToolsController::writingToolsSessionDidReceiveAction<WritingTools::Session::Type::Composition>):
(WebCore::WritingToolsController::writingToolsSessionDidReceiveAction):
(WebCore::WritingToolsController::didEndWritingToolsSession<WritingTools::Session::Type::Proofreading>):
(WebCore::WritingToolsController::didEndWritingToolsSession<WritingTools::Session::Type::Composition>):
(WebCore::WritingToolsController::didEndWritingToolsSession):
(WebCore::WritingToolsController::updateStateForSelectedSuggestionIfNeeded):
(WebCore::WritingToolsController::respondToUnappliedEditing):
(WebCore::WritingToolsController::respondToReappliedEditing):
(WebCore::WritingToolsController::activeSessionRange const):
(WebCore::WritingToolsController::currentState):
(WebCore::WritingToolsController::showOriginalCompositionForSession):
(WebCore::WritingToolsController::showRewrittenCompositionForSession):
(WebCore::WritingToolsController::restartCompositionForSession):
(WebCore::WritingToolsController::showSelectionForWritingToolsSessionWithID const): Deleted.
(WebCore::WritingToolsController::contextRangeForSessionWithID const): Deleted.
(WebCore::WritingToolsController::stateForSession): Deleted.
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _initializeWithConfiguration:]):
(-[WKWebView willBeginWritingToolsSession:requestContexts:]):
(-[WKWebView didEndWritingToolsSession:accepted:]):
(-[WKWebView _proofreadingSessionShowDetailsForSuggestionWithUUID:relativeToRect:]):
(-[WKWebView _proofreadingSessionUpdateState:forSuggestionWithUUID:]):
(-[WKWebView _enableSourceTextAnimationAfterElementWithID:]):
(-[WKWebView _enableFinalTextAnimationForElementWithID:]):
(-[WKWebView _proofreadingSessionWithUUID:showDetailsForSuggestionWithUUID:relativeToRect:]): Deleted.
(-[WKWebView _proofreadingSessionWithUUID:updateState:forSuggestionWithUUID:]): Deleted.
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h:
* Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.h:
* Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm:
(WebKit::PageClientImplCocoa::proofreadingSessionShowDetailsForSuggestionWithIDRelativeToRect):
(WebKit::PageClientImplCocoa::proofreadingSessionUpdateStateForSuggestionWithID):
* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::enableSourceTextAnimationAfterElementWithID):
(WebKit::WebPageProxy::enableTextAnimationTypeForElementWithID):
(WebKit::WebPageProxy::addTextAnimationForAnimationID):
(WebKit::WebPageProxy::showSelectionForActiveWritingToolsSession):
(WebKit::WebPageProxy::removeTextAnimationForAnimationID):
(WebKit::WebPageProxy::proofreadingSessionShowDetailsForSuggestionWithIDRelativeToRect):
(WebKit::WebPageProxy::proofreadingSessionUpdateStateForSuggestionWithID):
(WebKit::WebPageProxy::showSelectionForWritingToolsSessionAssociatedWithAnimationID): Deleted.
(WebKit::WebPageProxy::showSelectionForWritingToolsSessionWithID): Deleted.
* Source/WebKit/UIProcess/PageClient.h:
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:
* Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm:
(-[WKTextAnimationManager addTextAnimationForAnimationID:withData:]):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::proofreadingSessionShowDetailsForSuggestionWithIDRelativeToRect):
(WebKit::WebChromeClient::proofreadingSessionUpdateStateForSuggestionWithID):
(WebKit::WebChromeClient::removeTransparentMarkersForActiveWritingToolsSession):
(WebKit::WebChromeClient::removeInitialTextAnimationForActiveWritingToolsSession):
(WebKit::WebChromeClient::addInitialTextAnimationForActiveWritingToolsSession):
(WebKit::WebChromeClient::addSourceTextAnimationForActiveWritingToolsSession):
(WebKit::WebChromeClient::addDestinationTextAnimationForActiveWritingToolsSession):
(WebKit::WebChromeClient::clearAnimationsForActiveWritingToolsSession):
(WebKit::WebChromeClient::removeTransparentMarkersForSessionID): Deleted.
(WebKit::WebChromeClient::removeInitialTextAnimation): Deleted.
(WebKit::WebChromeClient::addInitialTextAnimation): Deleted.
(WebKit::WebChromeClient::addSourceTextAnimation): Deleted.
(WebKit::WebChromeClient::addDestinationTextAnimation): Deleted.
(WebKit::WebChromeClient::clearAnimationsForSessionID): Deleted.
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h:
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h:
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm:
(WebKit::TextAnimationController::unreplacedRangeForActiveWritingToolsSession const):
(WebKit::TextAnimationController::contextRangeForActiveWritingToolsSession const):
(WebKit::TextAnimationController::contextRangeForTextAnimationID const):
(WebKit::TextAnimationController::removeTransparentMarkersForActiveWritingToolsSession):
(WebKit::TextAnimationController::removeInitialTextAnimationForActiveWritingToolsSession):
(WebKit::TextAnimationController::addInitialTextAnimationForActiveWritingToolsSession):
(WebKit::TextAnimationController::addSourceTextAnimationForActiveWritingToolsSession):
(WebKit::TextAnimationController::addDestinationTextAnimationForActiveWritingToolsSession):
(WebKit::TextAnimationController::clearAnimationsForActiveWritingToolsSession):
(WebKit::TextAnimationController::enableSourceTextAnimationAfterElementWithID):
(WebKit::TextAnimationController::enableTextAnimationTypeForElementWithID):
(WebKit::TextAnimationController::unreplacedRangeForSessionWithID const): Deleted.
(WebKit::TextAnimationController::contextRangeForSessionWithID const): Deleted.
(WebKit::TextAnimationController::removeTransparentMarkersForSessionID): Deleted.
(WebKit::TextAnimationController::removeInitialTextAnimation): Deleted.
(WebKit::TextAnimationController::addInitialTextAnimation): Deleted.
(WebKit::TextAnimationController::addSourceTextAnimation): Deleted.
(WebKit::TextAnimationController::addDestinationTextAnimation): Deleted.
(WebKit::TextAnimationController::showSelectionForWritingToolsSessionAssociatedWithAnimationID): Deleted.
(WebKit::TextAnimationController::clearAnimationsForSessionID): Deleted.
* Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm:
(WebKit::WebPage::removeTransparentMarkersForActiveWritingToolsSession):
(WebKit::WebPage::removeInitialTextAnimationForActiveWritingToolsSession):
(WebKit::WebPage::addInitialTextAnimationForActiveWritingToolsSession):
(WebKit::WebPage::addSourceTextAnimationForActiveWritingToolsSession):
(WebKit::WebPage::addDestinationTextAnimationForActiveWritingToolsSession):
(WebKit::WebPage::clearAnimationsForActiveWritingToolsSession):
(WebKit::WebPage::enableSourceTextAnimationAfterElementWithID):
(WebKit::WebPage::enableTextAnimationTypeForElementWithID):
(WebKit::WebPage::showSelectionForActiveWritingToolsSession):
(WebKit::WebPage::proofreadingSessionShowDetailsForSuggestionWithIDRelativeToRect):
(WebKit::WebPage::proofreadingSessionUpdateStateForSuggestionWithID):
(WebKit::WebPage::removeTransparentMarkersForSessionID): Deleted.
(WebKit::WebPage::removeInitialTextAnimation): Deleted.
(WebKit::WebPage::addInitialTextAnimation): Deleted.
(WebKit::WebPage::addSourceTextAnimation): Deleted.
(WebKit::WebPage::addDestinationTextAnimation): Deleted.
(WebKit::WebPage::clearAnimationsForSessionID): Deleted.
(WebKit::WebPage::showSelectionForWritingToolsSessionAssociatedWithAnimationID): Deleted.
(WebKit::WebPage::showSelectionForWritingToolsSessionWithID): Deleted.
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:
Canonical link: https://commits.webkit.org/282207@main
Canonical link: https://commits.webkit.org/280938.230@safari-7619-branch
Commit: fab140cd124575883b727d4542f9939d6fa95675
https://github.com/WebKit/WebKit/commit/fab140cd124575883b727d4542f9939d6fa95675
Author: Wenson Hsieh <wenson_hsieh at apple.com>
Date: 2024-08-15 (Thu, 15 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/mac/WebViewImpl.mm
Log Message:
-----------
Cherry-pick f79866536e1d. rdar://133304088
REGRESSION (277282 at main): Uncommitted IME text fails to render on x86_64 Macs only
https://bugs.webkit.org/show_bug.cgi?id=278129
rdar://133304088
Reviewed by Tim Horton and Richard Robinson.
Make sure that the value of `result` is initialized to `NO` in `WebViewImpl::setMarkedText`, so that
we don't erroneously try to render inline predictions when using marked text for regular IME (i.e.
Chinese, Japanese input).
* Source/WebKit/UIProcess/mac/WebViewImpl.mm:
(WebKit::WebViewImpl::setMarkedText):
Canonical link: https://commits.webkit.org/282265@main
Canonical link: https://commits.webkit.org/280938.231@safari-7619-branch
Commit: 4dc6284245b8691b710b3383204a734f48814af4
https://github.com/WebKit/WebKit/commit/4dc6284245b8691b710b3383204a734f48814af4
Author: Tyler Wilcock <tyler_w at apple.com>
Date: 2024-08-15 (Thu, 15 Aug 2024)
Changed paths:
A LayoutTests/accessibility/aria-controlled-table-row-visibility-expected.txt
A LayoutTests/accessibility/aria-controlled-table-row-visibility.html
M LayoutTests/platform/glib/TestExpectations
M LayoutTests/platform/ios/TestExpectations
A LayoutTests/platform/ios/accessibility/aria-controlled-table-row-visibility-expected.txt
M LayoutTests/platform/mac-wk1/TestExpectations
M Source/WebCore/accessibility/AccessibilityTableRow.cpp
Log Message:
-----------
Cherry-pick d7e2051a1f93. rdar://129612387
AX: Tables with show/hide rows report wrong counts and block access to some rows in VoiceOver
https://bugs.webkit.org/show_bug.cgi?id=275366
rdar://129612387
Reviewed by Chris Fleizach.
This happened because fundamentally, `AccessibilityTableRow::computeAccessibilityIsIgnored` did not
respect hidden states at all (https://www.w3.org/TR/wai-aria/#dfn-hidden — display:none or visibility:hidden).
We only got away with it for so long because `AXObjectCache::getOrCreate(Node& node, IsPartOfRelation isPartOfRelation)`
limits the types of objects that can be created without a renderer, effectively blocking these hidden objects. Except
it unconditionally creates objects that are part of a relantionship (like `aria-controls`):
```
// If node is the target of a relationship or a descendant of one, create an AX object unconditionally.
if (isPartOfRelation == IsPartOfRelation::No && !isDescendantOfRelatedNode(node)) {
...strict criteria to create a renderer-less object...
}
```
After this commit, `AccessibilityTableRow::computeAccessibilityIsIgnored` now properly respects hidden status, fixing
the bug.
* LayoutTests/accessibility/aria-controlled-table-row-visibility-expected.txt: Added.
* LayoutTests/accessibility/aria-controlled-table-row-visibility.html: Added.
* LayoutTests/platform/ios/TestExpectations: Enable new test.
* LayoutTests/platform/ios/accessibility/aria-controlled-table-row-visibility-expected.txt: Added.
* LayoutTests/platform/mac-wk1/TestExpectations: Skip new test.
* Source/WebCore/accessibility/AccessibilityTableRow.cpp:
(WebCore::AccessibilityTableRow::computeAccessibilityIsIgnored const):
Canonical link: https://commits.webkit.org/282165@main
Canonical link: https://commits.webkit.org/280938.232@safari-7619-branch
Commit: e3ebd6e68061f161b7ae2894b9c3bc3853e5996e
https://github.com/WebKit/WebKit/commit/e3ebd6e68061f161b7ae2894b9c3bc3853e5996e
Author: Tyler Wilcock <tyler_w at apple.com>
Date: 2024-08-15 (Thu, 15 Aug 2024)
Changed paths:
A LayoutTests/accessibility/menu-with-menuitem-grandchildren-expected.txt
A LayoutTests/accessibility/menu-with-menuitem-grandchildren.html
A LayoutTests/platform/glib/accessibility/menu-with-menuitem-grandchildren-expected.txt
M LayoutTests/platform/ios/TestExpectations
A LayoutTests/platform/ios/accessibility/menu-with-menuitem-grandchildren-expected.txt
M Source/WebCore/accessibility/AccessibilityRenderObject.cpp
Log Message:
-----------
Cherry-pick 82f243e3dea5. rdar://
AX: role="menu" elements should allow child groups with menuitem children
https://bugs.webkit.org/show_bug.cgi?id=276658
rdar://131838275
Reviewed by Chris Fleizach.
Per the ARIA spec:
https://w3c.github.io/aria/#menu
Menus should allow child groups with menuitem children. This patch fixes that.
* LayoutTests/accessibility/menu-with-menuitem-grandchildren-expected.txt: Added.
* LayoutTests/accessibility/menu-with-menuitem-grandchildren.html: Added.
* LayoutTests/platform/ios/TestExpectations: Enable new test.
* LayoutTests/platform/ios/accessibility/menu-with-menuitem-grandchildren-expected.txt: Added.
* Source/WebCore/accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::updateRoleAfterChildrenCreation):
Canonical link: https://commits.webkit.org/281481@main
Canonical link: https://commits.webkit.org/280938.233@safari-7619-branch
Commit: 42c3706a56696081eeb84bf6e4c85e16c3956430
https://github.com/WebKit/WebKit/commit/42c3706a56696081eeb84bf6e4c85e16c3956430
Author: Tyler Wilcock <tyler_w at apple.com>
Date: 2024-08-16 (Fri, 16 Aug 2024)
Changed paths:
M LayoutTests/accessibility/animated-dropdown.html
A LayoutTests/accessibility/mac/child-update-during-ax-request-expected.txt
A LayoutTests/accessibility/mac/child-update-during-ax-request.html
M LayoutTests/platform/glib/TestExpectations
M Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp
M Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.h
Log Message:
-----------
Cherry-pick 71ce3f1d011a. rdar://133477773
REGRESSION(281440 at main): Web content can become inaccessible after dynamic webpage changes
rdar://133477773
https://bugs.webkit.org/show_bug.cgi?id=277817
Reviewed by Andres Gonzalez and Chris Fleizach.
In http://commits.webkit.org/281440@main, we fixed a bug where `AXIsolatedTree::m_protectedFromDeletionIDs` was
cleared too early, which in turn caused objects to be incorrectly removed from `AXIsolatedTree::m_nodeMap`, eventually
breaking the accessibility tree. We fixed this by moving:
`m_pendingProtectedFromDeletionIDs.formUnion(std::exchange(m_protectedFromDeletionIDs, { }))`
from `queueRemovalsLocked` to `queueAppendsAndRemovals` (which should happen once per tree-update cycle, making it the
right time to clear this list).
This caused a new bug, however, in this sequence:
1. The main-thread starts a tree update via `AXIsolatedTree::updateChildren`.
2. In doing so, we call `queueRemovalsLocked`, i.e. because an object lost a child (but that child isn't deleted, just
has a different parent, so we mark it as protected on the main-thread in `m_protectedFromDeletionIDs`).
3. We call `queueRemovalsLocked` for that child and any others no longer children of the original object. After
281440 at main, we no longer sync protected IDs in this function.
4. Before the full main-thread tree-update (`AXIsolatedTree::updateChildren`) is finished, resulting in a call to
`queueAppendsAndRemovals`, the secondary thread processes a request from an AT, causing `AXIsolatedTree::applyPendingChanges`
to run on the secondary thread (as expected to ensure we service the request with the most up-to-date information).
5. We delete the re-parented child, and any of its descendants, from the accessibility thread data structures because
we failed to protect it.
6. `queueAppendsAndRemovals` eventually finishes on the main-thread, and we sync the protected objects to the secondary
thread, but at that point it's too late.
7. The accessibility tree is now broken, with random objects missing entirely.
This patch fixes this by changing `queueRemovalsLocked` (called by `queueAppendsAndRemovals`) to sync protected object
IDs if necessary, and changes `queueAppendsAndRemovals` to clear the list of protected objects, fixing both the bug
addressed by http://commits.webkit.org/281440@main, and the bug it caused.
Because 281440 at main caused a bug, it was reverted in https://github.com/WebKit/WebKit/pull/31917.
This PR brings back the test 281440 at main added (animated-dropdown.html), and adds a new test (child-update-during-ax-request.html)
that would've caught the bug 281440 at main introduced.
* LayoutTests/accessibility/animated-dropdown-expected.txt: Added.
* LayoutTests/accessibility/animated-dropdown.html: Added.
* LayoutTests/accessibility/mac/child-update-during-ax-request-expected.txt: Added.
* LayoutTests/accessibility/mac/child-update-during-ax-request.html: Added.
* LayoutTests/accessibility/resources/jquery-3.6.1.js: Added.
* LayoutTests/platform/glib/TestExpectations: Skip accessibility/animated-dropdown.html.
* Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp:
(WebCore::AXIsolatedTree::queueRemovalsLocked):
(WebCore::AXIsolatedTree::queueAppendsAndRemovals):
(WebCore::AXIsolatedTree::collectNodeChangesForSubtree):
(WebCore::AXIsolatedTree::updateChildren):
(WebCore::AXIsolatedTree::protectFromDeletion):
* Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.h:
Canonical link: https://commits.webkit.org/282266@main
Canonical link: https://commits.webkit.org/280938.234@safari-7619-branch
Commit: 0a649526a70100b2fe04084be0637f770eda9aa9
https://github.com/WebKit/WebKit/commit/0a649526a70100b2fe04084be0637f770eda9aa9
Author: Tyler Wilcock <tyler_w at apple.com>
Date: 2024-08-16 (Fri, 16 Aug 2024)
Changed paths:
A LayoutTests/accessibility/display-contents/listbox-item-expected.txt
A LayoutTests/accessibility/display-contents/listbox-item.html
A LayoutTests/platform/glib/accessibility/display-contents/listbox-item-expected.txt
M LayoutTests/platform/ios/TestExpectations
A LayoutTests/platform/ios/accessibility/display-contents/listbox-item-expected.txt
M Source/WebCore/accessibility/AccessibilityNodeObject.cpp
Log Message:
-----------
Cherry-pick bf0f2dcbbb3a. rdar://132265522
AX: display: contents is preventing items from being read
https://bugs.webkit.org/show_bug.cgi?id=276899
rdar://132265522
Reviewed by Chris Fleizach.
This happened due to a hack in AccessibilityNodeObject::textUnderElement that tried to avoid grabbing the same text
twice due to the effects of `display:contents` on the way we walk between the DOM and render tree. This hack, which
tries to verify that the child being checked has the "right" parent element, has caused several bugs since its
introduction, and has thus accrued more and more conditions limiting it.
This bug is also a result of this hack, incorrectly exiting early before retrieving the text under element. Consider
this markup:
<div id="a">
<div style="display:contents">
<div id="b">Foo</div>
</div>
</div>
When getting the textUnderElement for #a, which is display:block, thus has a renderer, it's render tree child is div #b
(because the the `display:contents` div is not in the render tree). And div #b knows its parent element is the `display:contents`
div, not #a, so the hack exits early, resulting in the text never being retrieved.
The fix is simple: remove this hack entirely. The problem it solves is correctly handled by the introduction of the
AXChildIterator in https://bugs.webkit.org/show_bug.cgi?id=272606, which knows how to correctly weave between the DOM
and render tree without straying outside the "correct" bounds.
Testcase accessibility/display-contents/listbox-item.html added ensuring we don't regress this.
* LayoutTests/accessibility/display-contents/listbox-item-expected.txt: Added.
* LayoutTests/accessibility/display-contents/listbox-item.html: Added.
* LayoutTests/platform/glib/accessibility/display-contents/listbox-item-expected.txt: Added.
* LayoutTests/platform/ios/TestExpectations: Enable new test.
* LayoutTests/platform/ios/accessibility/display-contents/listbox-item-expected.txt: Added.
* Source/WebCore/accessibility/AccessibilityNodeObject.cpp:
(WebCore::AccessibilityNodeObject::textUnderElement const):
Canonical link: https://commits.webkit.org/282289@main
Canonical link: https://commits.webkit.org/280938.235@safari-7619-branch
Commit: 93e119f79d3de7bd78489dcb6687d06c5094fe34
https://github.com/WebKit/WebKit/commit/93e119f79d3de7bd78489dcb6687d06c5094fe34
Author: Pascoe <pascoe at apple.com>
Date: 2024-08-16 (Fri, 16 Aug 2024)
Changed paths:
M LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt
M LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html
M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt
M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html
M LayoutTests/http/wpt/webauthn/resources/util.js
M Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp
M Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.h
M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp
M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h
M Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp
M Source/WebCore/Modules/webauthn/fido/FidoConstants.h
M Source/WebCore/testing/MockWebAuthenticationConfiguration.h
M Source/WebCore/testing/MockWebAuthenticationConfiguration.idl
M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
M Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h
Log Message:
-----------
Cherry-pick f56198757e4b. rdar://133307666
[WebAuthn] Implement batching for checking excludeCredentials
rdar://133307666
https://bugs.webkit.org/show_bug.cgi?id=277695
Reviewed by Charlie Wolfe.
This change starts to implement checking the excludeCredential list in batches as
supported by the authenticator during a makeCredential. This is accomplished by using
smaller, up=0, get requests to detect if a credential is present on the authenticator.
Then if a credential is detected, only that credential may be included with the actual
makeCredential request to get the proper error code back from the authenticator. If none
matched, we don't need to include a excludeCredentials list to the authenticator since
we already know those credentials aren't present.
This patch only implements this logic for makeCredential, getAssertion will be done in
another patch.
Added layout tests to test matching exclude list with batching, non-matching exclude list with
batching, and a security key that supports batches greater than 1.
* LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt:
* LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html:
* LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt:
* LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html:
* LayoutTests/http/wpt/webauthn/resources/util.js:
* Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp:
(fido::AuthenticatorGetInfoResponse::setMaxCredentialCountInList):
(fido::AuthenticatorGetInfoResponse::setMaxCredentialIDLength):
(fido::encodeAsCBOR):
* Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.h:
* Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp:
(fido::encodeSilentGetAssertion):
* Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h:
* Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp:
(fido::readCTAPGetInfoResponse):
* Source/WebCore/Modules/webauthn/fido/FidoConstants.h:
* Source/WebCore/testing/MockWebAuthenticationConfiguration.h:
* Source/WebCore/testing/MockWebAuthenticationConfiguration.idl:
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
* Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:
(WebKit::MockHidConnection::feedReports):
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
(WebKit::CtapAuthenticator::makeCredential):
(WebKit::CtapAuthenticator::continueCheckExcludedCredentialsAfterResponseRecieved):
(WebKit::CtapAuthenticator::continueMakeCredentialAfterCheckExcludedCredentials):
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h:
Canonical link: https://commits.webkit.org/282019@main
Canonical link: https://commits.webkit.org/280938.236@safari-7619-branch
Commit: 52596ea908f416da66510ed1ae0724a08f69a9a2
https://github.com/WebKit/WebKit/commit/52596ea908f416da66510ed1ae0724a08f69a9a2
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-08-16 (Fri, 16 Aug 2024)
Changed paths:
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Tools/TestWebKitAPI/Tests/mac/WKWebViewMacEditingTests.mm
Log Message:
-----------
Cherry-pick 93a8eb15de1e. rdar://129721335
[Writing Tools] Affordance doesn't show up when hovering over multiple lines of text containing newlines
https://bugs.webkit.org/show_bug.cgi?id=278186
rdar://129721335
Reviewed by Wenson Hsieh.
Writing Tools determines whether to show an affordance when hovering over the
current selection using `-[NSTextInputClient_Async firstRectForCharacterRange:completionHandler:]`
to compute the number of lines. If the number of lines in greater than a defined
threshold, the affordance is displayed.
The idea behind using `firstRectForCharacterRange` to compute the number of lines
is to iteratively call the method, using the returned `actualRange` to keep track
of the remaining "unprocessed" range. However, this approach is currently breaking
down, as Writing Tools is observing that an `actualRange` with zero length ends up
getting returned when a newline is encountered.
However, the underlying issue is that WebKit's computation of `actualRange` is
currently incorrect. When a line ends with a newline, the newline should be
included in the length of the range. Currently, it is not, as range determination
is simply done using `endOfLine`, and newlines are only included when going to
the start of the next line. This discrepency results in Writing Tools starting to
request incorrect ranges, and the wrong information is processed.
Fix by ensuring that the `actualRange` for `firstRectForCharacterRange` includes
newlines for lines that end with one.
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::firstRectForCharacterRangeAsync):
If `endOfLine` has upstream affinity, then no changes are necessary, as there are
no characters between the line boundary.
However, if the returned value is on the same line, and has downstream affinity,
get the start of the next line using `positionOfNextBoundaryOfGranularity`. This
ensures that the newline character between lines is included in the length of
the returned range.
* Tools/TestWebKitAPI/Tests/mac/WKWebViewMacEditingTests.mm:
(-[WKWebView _selectedRange]):
(TEST(WKWebViewMacEditingTests, FirstRectForCharacterRange)):
Rebaseline to account for that fact that the newline character is included in the
length.
(TEST(WKWebViewMacEditingTests, FirstRectForCharacterRangeWithNewlinesAndWrapping)):
Test that `firstRectForCharacterRange` can be used to count lines for content with
newlines and line wrapping.
(TEST(WKWebViewMacEditingTests, FirstRectForCharacterRangeForPartialLineWithNewlinesAndWrapping)):
Ensure the changes do not break scenarios where rects are requested for the middle
of the line.
(TEST(WKWebViewMacEditingTests, FirstRectForCharacterRangeWithNewlinesAndWrappingLineBreakAfterWhiteSpace)):
Test that `firstRectForCharacterRange` can be used to count lines for content with
newlines, line wrapping, and `line-break: after-white-space`. Importantly, this
tests that going to the start of the next line is not attempted when line wrapping
is performed and the line ends with a space.
(TEST(WKWebViewMacEditingTests, FirstRectForCharacterRangeForPartialLineWithNewlinesAndWrappingLineBreakAfterWhiteSpace)):
Ensure the changes do not break scenarios where rects are requested for the middle
of the line and `line-break: after-white-space` is used.
Canonical link: https://commits.webkit.org/282327@main
Canonical link: https://commits.webkit.org/280938.237@safari-7619-branch
Commit: ad47ab7bd58d2e1228eff27396e81dd01ab0baa4
https://github.com/WebKit/WebKit/commit/ad47ab7bd58d2e1228eff27396e81dd01ab0baa4
Author: Chris Dumez <cdumez at apple.com>
Date: 2024-08-16 (Fri, 16 Aug 2024)
Changed paths:
M Source/WebKit/Platform/IPC/Connection.cpp
M Source/WebKit/Platform/IPC/Connection.h
Log Message:
-----------
Cherry-pick 73c65f7bc182. rdar://134074729
Crash under Connection::enqueueIncomingMessage() due to recursive locking
https://bugs.webkit.org/show_bug.cgi?id=277650
rdar://133167925
Reviewed by Per Arne Vollan.
enqueueIncomingMessage() is called while holding the m_incomingMessagesLock lock. Then it calls
dispatchToClient() in case of IPC message throttling and dispatchToClient() tries to acquire
the same lock, thus the recursive locking.
m_incomingMessagesLock used to be a WTF::Lock, which apparently didn’t mind recursive locking.
However, we’ve recently made the switch to unfair_lock for responsiveness reasons and it
asserts when recursive locking.
To address the issue, make sure we don't recursive lock anymore and add compiler annotations
to catch such logic bugs at compile time.
* Source/WebKit/Platform/IPC/Connection.cpp:
(IPC::Connection::enqueueIncomingMessage):
(IPC::Connection::dispatchToClient):
(IPC::Connection::dispatchToClientWithIncomingMessagesLock):
* Source/WebKit/Platform/IPC/Connection.h:
Canonical link: https://commits.webkit.org/281862@main
Canonical link: https://commits.webkit.org/280938.238@safari-7619-branch
Commit: 48851c3d135aa235f5bbc23672f8a2e4d95b6902
https://github.com/WebKit/WebKit/commit/48851c3d135aa235f5bbc23672f8a2e4d95b6902
Author: Pascoe <pascoe at apple.com>
Date: 2024-08-16 (Fri, 16 Aug 2024)
Changed paths:
M LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https-expected.txt
M LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https.html
M LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt
M LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html
M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp
M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h
Log Message:
-----------
Cherry-pick 52a47cbac08b. rdar://133711978
[WebAuthn] Implement batching for checking allowCredentials
rdar://133711978
https://bugs.webkit.org/show_bug.cgi?id=277979
Reviewed by Brent Fulgham.
This change implements checking the allowCredentials in batches as supported by
the authenticator during getAssertion. This is accomplished with smaller up=0,
get requests to determine if credentials are present on the authenticator.
Then if a credential is detected as present, it is included in the allowCredentials list
in the real request. If no credentials matched, then we already know the call will not
be able to succeed, so we just include the last batch.
Added layout tests for the new behaviors.
* LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https-expected.txt:
* LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https.html:
* LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt:
* LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html:
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
(WebKit::CtapAuthenticator::makeCredential):
(WebKit::CtapAuthenticator::continueSlientlyCheckCredentials):
(WebKit::CtapAuthenticator::continueMakeCredentialAfterCheckExcludedCredentials):
(WebKit::CtapAuthenticator::getAssertion):
(WebKit::CtapAuthenticator::continueGetAssertionAfterCheckAllowCredentials):
(WebKit::CtapAuthenticator::continueCheckExcludedCredentialsAfterResponseRecieved): Deleted.
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h:
Canonical link: https://commits.webkit.org/282246@main
Canonical link: https://commits.webkit.org/280938.239@safari-7619-branch
Commit: c4665bc80db21d63f63c6e22ee9a36dd80251e8c
https://github.com/WebKit/WebKit/commit/c4665bc80db21d63f63c6e22ee9a36dd80251e8c
Author: Pascoe <pascoe at apple.com>
Date: 2024-08-16 (Fri, 16 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/WebProcessProxy.cpp
Log Message:
-----------
Cherry-pick c1af37e58f3e. rdar://133779171
Fix issue found by static analyzer after281966 at main
https://bugs.webkit.org/show_bug.cgi?id=278036
rdar://133779171
Reviewed by Charlie Wolfe.
Here parameters->backForwardItemID is being used after being moved above.
To fix this issue we move parameters->backForwardItemID to a local variable
before parameters is moved.
* Source/WebKit/UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::shouldSendPendingMessage):
Canonical link: https://commits.webkit.org/282188@main
Canonical link: https://commits.webkit.org/280938.240@safari-7619-branch
Commit: 774e05786feca9abd5556440d9a2ae4c619ca2da
https://github.com/WebKit/WebKit/commit/774e05786feca9abd5556440d9a2ae4c619ca2da
Author: Lily Spiniolas <lily_spiniolas at apple.com>
Date: 2024-08-16 (Fri, 16 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/API/mac/WKWebViewMac.mm
Log Message:
-----------
Cherry-pick f04544cdadf0. rdar://127524701
AX context menu invocations may fail to display the context menu
https://bugs.webkit.org/show_bug.cgi?id=278045
rdar://127524701
Reviewed by Tim Horton.
-[WKWebView showContextMenuForSelection:] now calls WebPageProxy::handleContextMenuKeyEvent to prevent the context menu from failing to display when certain accessibility context menu paths are invoked.
* Source/WebKit/UIProcess/API/mac/WKWebViewMac.mm:
(-[WKWebView showContextMenuForSelection:]):
Canonical link: https://commits.webkit.org/282254@main
Canonical link: https://commits.webkit.org/280938.241@safari-7619-branch
Commit: 8261fffee31984d24153ddd3480d4d0171359b8a
https://github.com/WebKit/WebKit/commit/8261fffee31984d24153ddd3480d4d0171359b8a
Author: Charlie Wolfe <charliew at apple.com>
Date: 2024-08-16 (Fri, 16 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/WebPageProxy.cpp
Log Message:
-----------
Cherry-pick a253c001711d. rdar://124961036
Crash in `Messages::WebPage::PerformDragControllerAction` reply
https://bugs.webkit.org/show_bug.cgi?id=278214
rdar://124961036
Reviewed by Pascoe.
Crash logs indicates that m_pageClient can be null if this completion handler is called as a result of
the web process terminating.
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::performDragControllerAction):
Canonical link: https://commits.webkit.org/282366@main
Canonical link: https://commits.webkit.org/280938.242@safari-7619-branch
Commit: ae9efaf1fa7c69baa97f039a2be6b3d95608a9ed
https://github.com/WebKit/WebKit/commit/ae9efaf1fa7c69baa97f039a2be6b3d95608a9ed
Author: Charlie Wolfe <charliew at apple.com>
Date: 2024-08-16 (Fri, 16 Aug 2024)
Changed paths:
M Source/WebKit/GPUProcess/GPUConnectionToWebProcess.cpp
M Source/WebKit/GPUProcess/GPUConnectionToWebProcess.h
M Source/WebKit/ModelProcess/ModelConnectionToWebProcess.cpp
M Source/WebKit/ModelProcess/ModelConnectionToWebProcess.h
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h
M Source/WebKit/Platform/IPC/Connection.cpp
M Source/WebKit/Platform/IPC/Connection.h
M Source/WebKit/Platform/IPC/Decoder.h
M Source/WebKit/Platform/IPC/StreamClientConnection.cpp
M Source/WebKit/Platform/IPC/StreamClientConnection.h
M Source/WebKit/Platform/IPC/StreamServerConnection.cpp
M Source/WebKit/Platform/IPC/StreamServerConnection.h
M Source/WebKit/Scripts/generate-serializers.py
M Source/WebKit/Scripts/webkit/tests/GeneratedSerializers.cpp
M Source/WebKit/Scripts/webkit/tests/TestSerializedType.serialization.in
M Source/WebKit/Shared/AuxiliaryProcess.cpp
M Source/WebKit/Shared/AuxiliaryProcess.h
M Source/WebKit/Shared/Cocoa/AuxiliaryProcessCocoa.mm
M Source/WebKit/Shared/IPCConnectionTester.cpp
M Source/WebKit/Shared/IPCConnectionTester.h
M Source/WebKit/Shared/WebPageCreationParameters.serialization.in
M Source/WebKit/Shared/WebProcessCreationParameters.serialization.in
M Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp
M Source/WebKit/UIProcess/GPU/GPUProcessProxy.h
M Source/WebKit/UIProcess/Model/ModelProcessProxy.cpp
M Source/WebKit/UIProcess/Model/ModelProcessProxy.h
M Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
M Source/WebKit/UIProcess/Network/NetworkProcessProxy.h
M Source/WebKit/UIProcess/WebProcessProxy.cpp
M Source/WebKit/UIProcess/WebProcessProxy.h
M Source/WebKit/WebProcess/GPU/GPUProcessConnection.cpp
M Source/WebKit/WebProcess/GPU/GPUProcessConnection.h
M Source/WebKit/WebProcess/GPU/graphics/RemoteGraphicsContextGLProxy.h
M Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.h
M Source/WebKit/WebProcess/GPU/graphics/WebGPU/RemoteGPUProxy.h
M Source/WebKit/WebProcess/Inspector/WebInspector.h
M Source/WebKit/WebProcess/Inspector/WebInspectorUI.h
M Source/WebKit/WebProcess/Model/ModelProcessConnection.cpp
M Source/WebKit/WebProcess/Model/ModelProcessConnection.h
M Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp
M Source/WebKit/WebProcess/Network/NetworkProcessConnection.h
M Source/WebKit/WebProcess/WebPage/IPCTestingAPI.cpp
M Tools/TestWebKitAPI/Tests/IPC/IPCTestUtilities.h
M Tools/TestWebKitAPI/Tests/IPC/StreamConnectionTests.cpp
Log Message:
-----------
Cherry-pick a56e4d9687cd. rdar://134011298
Add a way to log which part of a serialized object failed IPC decoding
https://bugs.webkit.org/show_bug.cgi?id=278213
rdar://134011298
Reviewed by Alex Christensen.
Sometimes, we receive crash reports caused by WebContent receiving an invalid IPC message. While we log
which IPC message was invalid, we do not know which part of the message caused the decoding failure. This
patch introduces a way to log the specific part of a serialized object that failed IPC decoding. This is
particularly important for IPC messages that send large objects, such as `WebPageCreationParameters` or
`WebProcessCreationParameters`, which contain numerous objects with validators that could potentially
cause a crash.
This patch enables logging only for certain infrequently used objects (`WebPageCreationParameters` and
`WebProcessCreationParameters`) to avoid performance impact.
* Source/WebKit/GPUProcess/GPUConnectionToWebProcess.cpp:
(WebKit::GPUConnectionToWebProcess::didReceiveInvalidMessage):
* Source/WebKit/GPUProcess/GPUConnectionToWebProcess.h:
* Source/WebKit/ModelProcess/ModelConnectionToWebProcess.cpp:
(WebKit::ModelConnectionToWebProcess::didReceiveInvalidMessage):
* Source/WebKit/ModelProcess/ModelConnectionToWebProcess.h:
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::didReceiveInvalidMessage):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h:
* Source/WebKit/Platform/IPC/Connection.cpp:
(IPC::Connection::processIncomingMessage):
(IPC::Connection::dispatchDidReceiveInvalidMessage):
(IPC::Connection::dispatchMessage):
* Source/WebKit/Platform/IPC/Connection.h:
* Source/WebKit/Platform/IPC/Decoder.h:
(IPC::Decoder::setIndexOfDecodingFailure):
(IPC::Decoder::indexOfObjectFailingDecoding const):
* Source/WebKit/Platform/IPC/StreamClientConnection.cpp:
(IPC::StreamClientConnection::DedicatedConnectionClient::didReceiveInvalidMessage):
* Source/WebKit/Platform/IPC/StreamClientConnection.h:
* Source/WebKit/Platform/IPC/StreamServerConnection.cpp:
(IPC::StreamServerConnection::didReceiveInvalidMessage):
(IPC::StreamServerConnection::dispatchStreamMessages):
(IPC::StreamServerConnection::processSetStreamDestinationID):
(IPC::StreamServerConnection::dispatchStreamMessage):
(IPC::StreamServerConnection::dispatchOutOfStreamMessage):
* Source/WebKit/Platform/IPC/StreamServerConnection.h:
* Source/WebKit/Scripts/generate-serializers.py:
(SerializedType.__init__):
(decode_type):
* Source/WebKit/Scripts/webkit/tests/GeneratedSerializers.cpp:
(IPC::ArgumentCoder<Namespace::Subnamespace::StructName>::decode):
* Source/WebKit/Scripts/webkit/tests/TestSerializedType.serialization.in
* Source/WebKit/Shared/AuxiliaryProcess.cpp:
(WebKit::AuxiliaryProcess::didReceiveInvalidMessage):
* Source/WebKit/Shared/AuxiliaryProcess.h:
* Source/WebKit/Shared/Cocoa/AuxiliaryProcessCocoa.mm:
(WebKit::AuxiliaryProcess::didReceiveInvalidMessage):
* Source/WebKit/Shared/IPCConnectionTester.cpp:
(WebKit::IPCConnectionTester::didReceiveInvalidMessage):
* Source/WebKit/Shared/IPCConnectionTester.h:
* Source/WebKit/Shared/WebPageCreationParameters.serialization.in:
* Source/WebKit/Shared/WebProcessCreationParameters.serialization.in:
* Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp:
(WebKit::GPUProcessProxy::didReceiveInvalidMessage):
* Source/WebKit/UIProcess/GPU/GPUProcessProxy.h:
* Source/WebKit/UIProcess/Model/ModelProcessProxy.cpp:
(WebKit::ModelProcessProxy::didReceiveInvalidMessage):
* Source/WebKit/UIProcess/Model/ModelProcessProxy.h:
* Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::didReceiveInvalidMessage):
* Source/WebKit/UIProcess/Network/NetworkProcessProxy.h:
* Source/WebKit/UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::didReceiveInvalidMessage):
* Source/WebKit/UIProcess/WebProcessProxy.h:
* Source/WebKit/WebProcess/GPU/GPUProcessConnection.cpp:
(WebKit::GPUProcessConnection::didReceiveInvalidMessage):
* Source/WebKit/WebProcess/GPU/GPUProcessConnection.h:
* Source/WebKit/WebProcess/GPU/graphics/RemoteGraphicsContextGLProxy.h:
* Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.h:
* Source/WebKit/WebProcess/GPU/graphics/WebGPU/RemoteGPUProxy.h:
* Source/WebKit/WebProcess/Inspector/WebInspector.h:
* Source/WebKit/WebProcess/Inspector/WebInspectorUI.h:
* Source/WebKit/WebProcess/Model/ModelProcessConnection.cpp:
(WebKit::ModelProcessConnection::didReceiveInvalidMessage):
* Source/WebKit/WebProcess/Model/ModelProcessConnection.h:
* Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp:
(WebKit::NetworkProcessConnection::didReceiveInvalidMessage):
* Source/WebKit/WebProcess/Network/NetworkProcessConnection.h:
* Source/WebKit/WebProcess/WebPage/IPCTestingAPI.cpp:
(WebKit::IPCTestingAPI::JSIPCConnection::didReceiveInvalidMessage):
* Tools/TestWebKitAPI/Tests/IPC/IPCTestUtilities.h:
* Tools/TestWebKitAPI/Tests/IPC/StreamConnectionTests.cpp:
Canonical link: https://commits.webkit.org/282362@main
Canonical link: https://commits.webkit.org/280938.243@safari-7619-branch
Commit: 79d774450013a042427e43ffaf9b67ede3f907b2
https://github.com/WebKit/WebKit/commit/79d774450013a042427e43ffaf9b67ede3f907b2
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2024-08-19 (Mon, 19 Aug 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7619.2.3
Canonical link: https://commits.webkit.org/280938.244@safari-7619-branch
Commit: 8991a8303dcb896a1f7f90ed66bda33f8e975db8
https://github.com/WebKit/WebKit/commit/8991a8303dcb896a1f7f90ed66bda33f8e975db8
Author: Andres Gonzalez <andresg_22 at apple.com>
Date: 2024-08-19 (Mon, 19 Aug 2024)
Changed paths:
M Source/WebCore/accessibility/AXSearchManager.cpp
M Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperMac.mm
M Tools/WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm
Log Message:
-----------
Cherry-pick b590c842a3e2. rdar://134083674
AX: Support the AXRangesForSearchPredicate API that VoiceOver uses to retrieve misspellings.
https://bugs.webkit.org/show_bug.cgi?id=278254
<rdar://problem/134083674>
Reviewed by Tyler Wilcock.
Follow up to https://github.com/WebKit/WebKit/pull/31136.
This functionality was originally implemented as an extension of the AXUIElementsForSearchPredicate API, but that didn't work for VoiceOver since it changes the type of the return value which is unexpected for the middleware system framework. Therfore, a new AXRangesForSearchPredicate API was added to expose the functionality on the Mac.
The corresponding AccessibilityUIElement::textMarkerRangeForSearchPredicate test method was updated.
* Source/WebCore/accessibility/AXSearchManager.cpp:
(WebCore::AXSearchManager::findMatchingRange):
* Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
* Tools/WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm:
(WTR::AccessibilityUIElement::textMarkerRangeForSearchPredicate):
Canonical link: https://commits.webkit.org/282401@main
Canonical link: https://commits.webkit.org/280938.245@safari-7619-branch
Commit: 74738b40481592e9714fb4ebd3a9e1e81859e9fa
https://github.com/WebKit/WebKit/commit/74738b40481592e9714fb4ebd3a9e1e81859e9fa
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-08-19 (Mon, 19 Aug 2024)
Changed paths:
M Source/WebCore/loader/ImageLoader.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/AdaptiveImageGlyph.mm
Log Message:
-----------
Cherry-pick 9456228689d4. rdar://130606666
[Cocoa] Copying and pasting adaptive image glyphs across Mail compose windows drops content
https://bugs.webkit.org/show_bug.cgi?id=278256
rdar://130606666
Reviewed by Sihui Liu and Wenson Hsieh.
When copying and pasting web content across Mail compose windows, content is
serialized into a web archive. The archive only contains subresources which
have already been loaded.
The above is problematic for adaptive image glyphs, which are represented as a
<picture> element containing a HEIC and a fallback PNG. Since the HEIC is selected
during <source> matching, the fallback PNG never gets loaded. Consequently,
when saving content as a web archive, the fallback PNG is dropped.
Web archives should contain both adaptive image glyphs resources. However, the
fallback data is unavailable in the web content process, and a sync IPC to the
network process is undesirable when saving to a web archive. As a result, fix
by always loading both the HEIC and fallback PNG for adaptive image glyphs, unlike
regular source selection. This ensures both resources are always available.
* Source/WebCore/loader/ImageLoader.cpp:
(WebCore::ImageLoader::updateFromElement):
Always load the fallback PNG for adaptive image glyphs, in addition to the
selected source (HEIC).
* Tools/TestWebKitAPI/Tests/WebKitCocoa/AdaptiveImageGlyph.mm:
(TestWebKitAPI::TEST(AdaptiveImageGlyph, InsertWKAttachmentsCopyFromWebViewPasteToWebView)):
Canonical link: https://commits.webkit.org/282454@main
Canonical link: https://commits.webkit.org/280938.246@safari-7619-branch
Commit: 040040a628af562d21954158fcef4822bd78582a
https://github.com/WebKit/WebKit/commit/040040a628af562d21954158fcef4822bd78582a
Author: Tyler Wilcock <tyler_w at apple.com>
Date: 2024-08-19 (Mon, 19 Aug 2024)
Changed paths:
A LayoutTests/accessibility/display-contents/table-section-elements-expected.txt
A LayoutTests/accessibility/display-contents/table-section-elements.html
A LayoutTests/platform/glib/accessibility/display-contents/table-section-elements-expected.txt
M LayoutTests/platform/ios/TestExpectations
A LayoutTests/platform/ios/accessibility/display-contents/table-section-elements-expected.txt
M Source/WebCore/accessibility/AccessibilityObject.cpp
Log Message:
-----------
Cherry-pick 9138960e6c99. rdar://129131780
AX: Support display:contents for tbody elements
https://bugs.webkit.org/show_bug.cgi?id=275029
rdar://129131780
Reviewed by Chris Fleizach.
To avoid double-inserting the children of display:contents elements, we have a check in `AccessibilityObject::insertChild`
that exits early if the child we're inserting has a display:contents parent that is not `this` in the context of that
function.
This works great under the assumption that something eventually calls `insertChild` on the `display:contents` element.
However, that never happens for table section elements when `AccessibilityTable::addChildren` runs — it only calls
`insertChild` (indirectly, through `addChild`) on the actual table rows.
This patch fixes the bug by adjusting the check in `AccessibilityObject::insertChild` to accomodate this scenario,
and adds a new testcase to prevent it from regressing.
* LayoutTests/accessibility/display-contents/table-section-elements-expected.txt: Added.
* LayoutTests/accessibility/display-contents/table-section-elements.html: Added.
* LayoutTests/platform/glib/accessibility/display-contents/table-section-elements-expected.txt: Added.
* LayoutTests/platform/ios/TestExpectations: Enable new test.
* LayoutTests/platform/ios/accessibility/display-contents/table-section-elements-expected.txt: Added.
* Source/WebCore/accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::insertChild):
Canonical link: https://commits.webkit.org/282413@main
Canonical link: https://commits.webkit.org/280938.247@safari-7619-branch
Commit: a15a67001521cef02fe3bb8680c86e908a873e06
https://github.com/WebKit/WebKit/commit/a15a67001521cef02fe3bb8680c86e908a873e06
Author: Tyler Wilcock <tyler_w at apple.com>
Date: 2024-08-20 (Tue, 20 Aug 2024)
Changed paths:
A LayoutTests/accessibility/indeterminate-progressbar-custom-element-expected.txt
A LayoutTests/accessibility/indeterminate-progressbar-custom-element.html
M LayoutTests/platform/ios/TestExpectations
M LayoutTests/platform/mac-wk1/TestExpectations
M Source/WebCore/accessibility/AccessibilityObject.cpp
Log Message:
-----------
Cherry-pick 450597ff73ce. rdar://129218234
AX: VO announces value when ElementInternals.ariaValueNow is set to null
https://bugs.webkit.org/show_bug.cgi?id=275107
rdar://129218234
Reviewed by Chris Fleizach.
This bug happened because prior to this commit, `AccessibilityObject::hasAttribute` returned true
even if an ElementInternals attribute had been set to null (which should be treated the same as removing
the attribute), because that's how `CustomElementDefaultARIA::hasAttribute` behaves. This influences
various functions, such as `AccessibilityNodeObject::isIndeterminate()`.
Fix this by checking that `CustomElementDefaultARIA::valueForAttribute` is not null, which is a more
accurate representation of whether the element "has" the attribute.
* LayoutTests/accessibility/indeterminate-progressbar-custom-element-expected.txt: Added.
* LayoutTests/accessibility/indeterminate-progressbar-custom-element.html: Added.
* LayoutTests/platform/ios/TestExpectations: Enable new test.
* LayoutTests/platform/mac-wk1/TestExpectations: Skip new test.
* Source/WebCore/accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::hasAttribute const):
Canonical link: https://commits.webkit.org/282422@main
Canonical link: https://commits.webkit.org/280938.248@safari-7619-branch
Commit: e092010b0323ea0321bf9bd17769c972a7549574
https://github.com/WebKit/WebKit/commit/e092010b0323ea0321bf9bd17769c972a7549574
Author: Tyler Wilcock <tyler_w at apple.com>
Date: 2024-08-20 (Tue, 20 Aug 2024)
Changed paths:
A LayoutTests/accessibility/dynamic-aria-describedby-text-expected.txt
A LayoutTests/accessibility/dynamic-aria-describedby-text.html
M LayoutTests/platform/glib/TestExpectations
M LayoutTests/platform/ios/TestExpectations
M Source/WebCore/accessibility/AXObjectCache.cpp
Log Message:
-----------
Cherry-pick 70128b4a24b6. rdar://131877635
AX: Voiceover/Safari is not reading the contents of divs with role=“tooltip”
https://bugs.webkit.org/show_bug.cgi?id=276690
rdar://131877635
Reviewed by Chris Fleizach.
When the text underneath the target of an aria-describedby changes, we need to post AXExtendedDescriptionChanged to
ensure the accessibility tree is updated.
* LayoutTests/accessibility/dynamic-aria-describedby-text-expected.txt: Added.
* LayoutTests/accessibility/dynamic-aria-describedby-text.html: Added.
* LayoutTests/platform/ios/TestExpectations: Enable new test.
* Source/WebCore/accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::handleChildrenChanged):
(WebCore::AXObjectCache::updateIsolatedTree):
Canonical link: https://commits.webkit.org/282430@main
Canonical link: https://commits.webkit.org/280938.249@safari-7619-branch
Commit: 814706c6f8f304d3f7f1e75c81c23905988fb8da
https://github.com/WebKit/WebKit/commit/814706c6f8f304d3f7f1e75c81c23905988fb8da
Author: Kiara Rose <kiara_rose at apple.com>
Date: 2024-08-20 (Tue, 20 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionTabCocoa.mm
M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionWindowCocoa.mm
Log Message:
-----------
Cherry-pick cbf65fb5ddff. rdar://134279689
Web Extensions code is logging full tab urls
https://bugs.webkit.org/show_bug.cgi?id=278338
rdar://134279689
Reviewed by Pascoe and John Wilander.
Change the log level for these logs from %{public} to %{sensitive}.
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionTabCocoa.mm:
(WebKit::WebExtensionTab::webView const):
Log the address of the web view object instead of the actual web view.
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionWindowCocoa.mm:
(WebKit::WebExtensionWindow::tabs const):
(WebKit::WebExtensionWindow::activeTab const):
Canonical link: https://commits.webkit.org/282474@main
Canonical link: https://commits.webkit.org/280938.250@safari-7619-branch
Commit: 8065c366a1e782efbb4a15de643163a5a7520bad
https://github.com/WebKit/WebKit/commit/8065c366a1e782efbb4a15de643163a5a7520bad
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-08-21 (Wed, 21 Aug 2024)
Changed paths:
M Source/WebCore/page/writing-tools/WritingToolsController.mm
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm
Log Message:
-----------
Cherry-pick 8e1f14f5ccb7. rdar://134365851
[Writing Tools] Message body goes blank after selecting smart reply option
https://bugs.webkit.org/show_bug.cgi?id=278423
rdar://134365851
Reviewed by Aditya Keerthi.
It is valid to have an empty session state in the case where `didFinishWritingToolsSession` is called
prior to all animations finishing, since animations are performed async and `didFinishWritingToolsSession`
resets the state.
Fix by removing the erroneous assertion and instead just returning an empty optional.
Note that it is not possible currently to write a test for this, as the bug is dependent on iOS specific
code, and the WritingToolsUI framework is not currently available for iOS simulator.
* Source/WebCore/page/writing-tools/WritingToolsController.mm:
(WebCore::WritingToolsController::activeSessionRange const):
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm:
(WebKit::TextAnimationController::unreplacedRangeForActiveWritingToolsSession const):
(WebKit::TextAnimationController::addSourceTextAnimationForActiveWritingToolsSession):
(WebKit::TextAnimationController::addDestinationTextAnimationForActiveWritingToolsSession):
Canonical link: https://commits.webkit.org/282529@main
Canonical link: https://commits.webkit.org/280938.251@safari-7619-branch
Commit: 909f964ee4b310476b737b32537eac698d3a5cfb
https://github.com/WebKit/WebKit/commit/909f964ee4b310476b737b32537eac698d3a5cfb
Author: Alex Christensen <achristensen at apple.com>
Date: 2024-08-21 (Wed, 21 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm
Log Message:
-----------
Cherry-pick c208d4a122c6. rdar://132840366
REGRESSION (274396 at main): UI Process COOP check should only remove opener during main frame navigations
https://bugs.webkit.org/show_bug.cgi?id=278359
rdar://132840366
Reviewed by Matthew Finkel.
We have COOP header checks in the network process and web process, and in 274396 at main I introduced one
in the UI process. However, the other two checks have this comment:
// COOP only applies to top-level browsing contexts.
I missed adding that check in the UI process. As a result, if there is an iframe loaded with a COOP header
(which should be ignored), then a cross-origin navigation, then another cross-origin navigation back,
the opener should be there but we had removed it. The regression caused a login flow to break.
I manually verified the login flow is fixed with this change, and I added a unit test that hits this condition.
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::decidePolicyForResponseShared):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
((ProcessSwap, ClientRedirectAfterCOOPIframeIgnored)):
Canonical link: https://commits.webkit.org/282482@main
Canonical link: https://commits.webkit.org/280938.252@safari-7619-branch
Commit: 0f346979b02ba1f6eb467085153dd2c5cdefe33d
https://github.com/WebKit/WebKit/commit/0f346979b02ba1f6eb467085153dd2c5cdefe33d
Author: Kimmo Kinnunen <kkinnunen at apple.com>
Date: 2024-08-21 (Wed, 21 Aug 2024)
Changed paths:
M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/DisplayMtl.mm
Log Message:
-----------
Cherry-pick 3d02cd9a49c4. rdar://133934366
ANGLE Metal should use injectAsmStatementIntoLoopBodies on iOS
https://bugs.webkit.org/show_bug.cgi?id=278162
rdar://133934366
Reviewed by Dan Glastonbury.
Enable the setting on iOS.
* Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/DisplayMtl.mm:
(rx::DisplayMtl::initializeFeatures):
Canonical link: https://commits.webkit.org/282336@main
Canonical link: https://commits.webkit.org/280938.253@safari-7619-branch
Commit: 76167250cbca8356e16589c244f41c4d58e4dbd3
https://github.com/WebKit/WebKit/commit/76167250cbca8356e16589c244f41c4d58e4dbd3
Author: Youenn Fablet <youenn at apple.com>
Date: 2024-08-22 (Thu, 22 Aug 2024)
Changed paths:
A LayoutTests/fetch/fetch-empty-blob-crash-expected.txt
A LayoutTests/fetch/fetch-empty-blob-crash.html
M Source/WebCore/Modules/fetch/FormDataConsumer.cpp
Log Message:
-----------
Use-after-free in FormDataConsumer::consume
rdar://134411748
Reviewed by Chris Dumez.
FormDataConsumer is notifying of end of load with an empty span.
Form datas can be using blobs as element, the blobs having zero data.
In this case, FormDataConsumer will send an empty span for the zero data and then an empty span for the end of load.
This confuses FetchBodyConsumer which then triggers a UAF.
To prevent this, we update FormDataConsumer to execute the callback when receiving data only if data is not empty.
An empty span is solely used to convey the end of the load.
* LayoutTests/fetch/fetch-empty-blob-crash-expected.txt: Added.
* LayoutTests/fetch/fetch-empty-blob-crash.html: Added.
* Source/WebCore/Modules/fetch/FormDataConsumer.cpp:
(WebCore::FormDataConsumer::consume):
Canonical link: https://commits.webkit.org/280938.254@safari-7619-branch
Commit: 8150063459d192263af896e9f2920ccd6db4476e
https://github.com/WebKit/WebKit/commit/8150063459d192263af896e9f2920ccd6db4476e
Author: Rupin Mittal <rupin at apple.com>
Date: 2024-08-22 (Thu, 22 Aug 2024)
Changed paths:
M Source/WebKit/NetworkProcess/storage/CacheStorageCache.cpp
M Source/WebKit/NetworkProcess/storage/CacheStorageDiskStore.cpp
M Source/WebKit/NetworkProcess/storage/CacheStorageDiskStore.h
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.h
Log Message:
-----------
CrossThreadRecord allows you to control uint64_t responseBodySize
rdar://124960263
https://bugs.webkit.org/show_bug.cgi?id=278357
Reviewed by Sihui Liu.
There are two problems in this bug that we fix:
(1) In the function CacheStorageCache::putRecords, uint64_t responseBodySize
is added and subtracted from int64_t spaceRequested. We fix this mismatch
by changing the type of spaceRequested to CheckedUint64 and then checking
for overflow.
Some of the records being added already exist in the cache. We keep track
of whether the new version of that record needs more or less space than
the existing record and request additional space only if needed.
(2) When the client sends the records over IPC, they also send the record's
size--and this size is used to calculate and then allocate space. But
because the client is sending the size, it's possible an attacker sends
a false value for the size. This size is calculated on the client side
in CacheStorageConnection::computeRecordBodySize. It does not return the
exact size of the body, but rather a size that has a random padding added.
We do this for security concerns: https://github.com/whatwg/storage/issues/31.
Since this size is random, we cannot check the size by re-calculating it.
What we can do is ensure that the size is greater than the actual size
because a smaller size would be a clear indication that the size has been
tampered with. So we add a check to at least ensure that the size is greater
since all the randomly padded sizes are indeed greater than the true sizes.
This check is done in NetworkStorageManager::cacheStoragePutRecords using
MESSAGE_CHECK so the WebContent process can be killed if the size is invalid,
indicating that the process is compromised.
* Source/WebKit/NetworkProcess/storage/CacheStorageCache.cpp:
(WebKit::CacheStorageCache::putRecords):
* Source/WebKit/NetworkProcess/storage/CacheStorageDiskStore.cpp:
(WebKit::encodeRecordBody):
(WebKit::CacheStorageDiskStore::computeRealBodySizeForStorage):
(WebKit::CacheStorageDiskStore::writeRecords):
* Source/WebKit/NetworkProcess/storage/CacheStorageDiskStore.h:
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp:
(WebKit::NetworkStorageManager::cacheStoragePutRecords):
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.h:
Canonical link: https://commits.webkit.org/280938.255@safari-7619-branch
Commit: 2936053b96d6ace0d9567ea4d11043937547fbdf
https://github.com/WebKit/WebKit/commit/2936053b96d6ace0d9567ea4d11043937547fbdf
Author: Yijia Huang <yijia_huang at apple.com>
Date: 2024-08-22 (Thu, 22 Aug 2024)
Changed paths:
A JSTests/stress/clobber-new-index-reg-in-enumerator-next-update-index-and-mode.js
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
Log Message:
-----------
[JSC] Should preserve the index in compileHasIndexedProperty if needed
https://bugs.webkit.org/show_bug.cgi?id=278427
rdar://129328633
Reviewed by Keith Miller.
The EnumeratorNextUpdateIndexAndMode node is expected to return two results.
In the fast path for case IndexedMode, the index value should be returned as
one of the results. However, the slow path of compileHasIndexedProperty
triggers a operation call with a single result. So, compileHasIndexedProperty
should preserve the index in compileHasIndexedProperty if needed.
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
Canonical link: https://commits.webkit.org/280938.256@safari-7619-branch
Commit: 2a1ad88a9e89f791b0f3259c2437cf851d008eb5
https://github.com/WebKit/WebKit/commit/2a1ad88a9e89f791b0f3259c2437cf851d008eb5
Author: Per Arne Vollan <pvollan at apple.com>
Date: 2024-08-22 (Thu, 22 Aug 2024)
Changed paths:
M Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceEntryPoint.h
M Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceEntryPoint.mm
M Source/WebKit/Shared/WebProcessCreationParameters.h
M Source/WebKit/Shared/WebProcessCreationParameters.serialization.in
M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm
M Source/WebKit/UIProcess/WebProcessPool.cpp
M Source/WebKit/UIProcess/WebProcessProxy.cpp
M Source/WebKit/WebProcess/WebProcess.cpp
M Source/WebKit/WebProcess/WebProcess.h
Log Message:
-----------
Cherry-pick 3357b1f7da58. rdar://133884110
Assert Lockdown Mode flag has been set before queried
https://bugs.webkit.org/show_bug.cgi?id=278128
rdar://133884110
Reviewed by Chris Dumez.
Assert that Lockdown Mode flag has been set before queried in the WebContent process. This patch also
initializes the Lockdown Mode flag in WebProcess earlier by using the value from the XPC initialization
message, which is sent in the XPC extra initialization data. This patch also asserts that JSC options
are set before JSC::initialize() is called. Setting JSC options after this call can lead to crashes.
* Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceEntryPoint.h:
(WebKit::XPCServiceInitializer):
* Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceEntryPoint.mm:
(WebKit::XPCServiceInitializerDelegate::getExtraInitializationData):
(WebKit::setJSCOptions):
* Source/WebKit/Shared/WebProcessCreationParameters.h:
* Source/WebKit/Shared/WebProcessCreationParameters.serialization.in:
* Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm:
(WebKit::ProcessLauncher::finishLaunchingProcess):
* Source/WebKit/UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::initializeNewWebProcess):
* Source/WebKit/UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::getLaunchOptions):
* Source/WebKit/WebProcess/WebProcess.cpp:
(WebKit::WebProcess::initializeProcess):
(WebKit::WebProcess::initializeWebProcess):
* Source/WebKit/WebProcess/WebProcess.h:
(WebKit::WebProcess::isLockdownModeEnabled const):
Canonical link: https://commits.webkit.org/282562@main
Canonical link: https://commits.webkit.org/280938.257@safari-7619-branch
Commit: d66f0033a9f772d60c3620810cf88138dcebd350
https://github.com/WebKit/WebKit/commit/d66f0033a9f772d60c3620810cf88138dcebd350
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-08-22 (Thu, 22 Aug 2024)
Changed paths:
M Source/WebCore/PAL/pal/spi/mac/NSTextInputContextSPI.h
M Source/WebCore/editing/Editor.cpp
M Source/WebCore/editing/FrameSelection.cpp
M Source/WebCore/editing/FrameSelection.h
M Source/WebCore/testing/Internals.cpp
M Source/WebCore/testing/Internals.h
M Source/WebCore/testing/Internals.idl
M Source/WebKit/UIProcess/Cocoa/WKTextSelectionRect.h
M Source/WebKit/UIProcess/Cocoa/WKTextSelectionRect.mm
M Tools/TestWebKitAPI/Tests/TestWebKitAPI/mac/AppKitSPI.h
M Tools/TestWebKitAPI/Tests/WebKitCocoa/TextPlaceholderTests.mm
Log Message:
-----------
Cherry-pick 77eec0a20396. rdar://132432864
[Writing Tools] Hide blinking insertion cursor while text placeholders are present
https://bugs.webkit.org/show_bug.cgi?id=278067
rdar://132432864
Reviewed by Aditya Keerthi.
Hide the caret when inserting the placeholder, and unhide it when removing the placeholder.
Also remove some staging declarations.
* Source/WebCore/PAL/pal/spi/mac/NSTextInputContextSPI.h:
* Source/WebCore/editing/Editor.cpp:
(WebCore::Editor::insertTextPlaceholder):
(WebCore::Editor::removeTextPlaceholder):
* Source/WebCore/editing/FrameSelection.cpp:
(WebCore::FrameSelection::FrameSelection):
(WebCore::FrameSelection::focusedOrActiveStateChanged):
(WebCore::FrameSelection::addCaretVisibilitySuppressionReason):
(WebCore::FrameSelection::removeCaretVisibilitySuppressionReason):
(WebCore::FrameSelection::updateCaretVisibility):
(WebCore::FrameSelection::setCaretVisibility): Deleted.
* Source/WebCore/editing/FrameSelection.h:
* Source/WebCore/testing/Internals.cpp:
(WebCore::Internals::isCaretVisible):
* Source/WebCore/testing/Internals.h:
* Source/WebCore/testing/Internals.idl:
* Source/WebKit/UIProcess/Cocoa/WKTextSelectionRect.h:
* Source/WebKit/UIProcess/Cocoa/WKTextSelectionRect.mm:
* Tools/TestWebKitAPI/Tests/TestWebKitAPI/mac/AppKitSPI.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/TextPlaceholderTests.mm:
(createWebViewForNSTextPlaceholder):
(TEST(NSTextPlaceholder, InsertTextPlaceholder)):
(TEST(NSTextPlaceholder, InsertAndRemoveTextPlaceholderWithoutIncomingText)):
(TEST(NSTextPlaceholder, InsertAndRemoveTextPlaceholderWithIncomingText)):
Canonical link: https://commits.webkit.org/282500@main
Canonical link: https://commits.webkit.org/280938.258@safari-7619-branch
Commit: 18d9a2829a495c6cd7a5a3c8b47edc37eda929db
https://github.com/WebKit/WebKit/commit/18d9a2829a495c6cd7a5a3c8b47edc37eda929db
Author: Charlie Wolfe <charliew at apple.com>
Date: 2024-08-22 (Thu, 22 Aug 2024)
Changed paths:
M Source/WebCore/loader/FrameLoader.cpp
Log Message:
-----------
Cherry-pick 04aa45e3bbf8. rdar://134070948
Crash in `FrameLoader::checkLoadCompleteForThisFrame`
https://bugs.webkit.org/show_bug.cgi?id=278468
rdar://134070948
Reviewed by Ryosuke Niwa.
An unneeded strong reference is held on `document` in the lambda passed to
`DataDetection::detectContentInFrame`. Remove it to avoid destroying `document` on a background thread.
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::checkLoadCompleteForThisFrame):
Canonical link: https://commits.webkit.org/282572@main
Canonical link: https://commits.webkit.org/280938.259@safari-7619-branch
Commit: 756e84d044e2ed37ceafab0e473aba5f500990ca
https://github.com/WebKit/WebKit/commit/756e84d044e2ed37ceafab0e473aba5f500990ca
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-08-23 (Fri, 23 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/ios/forms/WKFileUploadPanel.mm
Log Message:
-----------
[iOS] Camera view remains visible and active after opening a new tab in 3rd-party browsers
https://bugs.webkit.org/show_bug.cgi?id=276132
rdar://130986409
Reviewed by Tim Horton.
The camera capture view does not dismiss itself after a new tab is opened, and
can end up displayed after switching to a site that's unrelated to the one
requesting the upload.
278816 at main fixed the same issue for file pickers and other picker views by
dismissing view controllers for pickers when the associated `WKWebView` was
removed from the view hierarchy.
This solution worked well for everything except the camera capture view, which
has a `FullScreen` modal presentation style. The effect of this presentation
style is that the views beneath the presented content are removed from the view
hierarchy. Consequently, 278816 at main introduced a regression where camera
capture views would always be instantly dismissed after presentation.
278827 at main addressed that regression by preventing dismissal if the `WKWebView`
was removed from the hierarchy as a result of a fullscreen presentation. This
fix left camera capture views vulnerable to the same issue that previously
affected the file picker.
To fix, use the `OverFullScreen` modal presentation style to ensure that
presenting the camera capture view does not remove the `WKWebView` from the
view hierarchy. This allows existing logic to dismiss pickers when the web
view is removed from the hierarchy to kick in. The logic to prevent `FullScreen`
presentations from dismissing pickers is preserved to avoid unexpected
regressions.
* Source/WebKit/UIProcess/ios/forms/WKFileUploadPanel.mm:
Canonical link: https://commits.webkit.org/280938.260@safari-7619-branch
Commit: fb3d8a4473312e62d559c5966127a921b2a8fac6
https://github.com/WebKit/WebKit/commit/fb3d8a4473312e62d559c5966127a921b2a8fac6
Author: Ben Nham <nham at apple.com>
Date: 2024-08-23 (Fri, 23 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/WebProcessProxy.cpp
Log Message:
-----------
Cherry-pick 43da751ec19a. rdar://134361776
Drop foreground and background NetworkProcess/GPUProcess token if WebProcess shuts down while in foreground or background state
https://bugs.webkit.org/show_bug.cgi?id=277520
rdar://132289273
Reviewed by Per Arne Vollan and Chris Dumez.
We have logs showing that sometimes `WebProcessProxy::shutDown` runs while the `WebProcessProxy` is
in the foreground or background as opposed to suspended (i.e. while holding a non-null
`m_foregroundToken` or `m_backgroundToken`). If that `WebProcessProxy` object is never destructed,
then those token objects stay alive and cause NetworkProcess and GPUProcess to always think they
have an active WebContent process to service. This then causes NetworkProcess and GPUProcess to
hold on to the e.g. `Networking for background view(s)` activity forever.
Fix this by dropping ownership of the foreground and background token in `WebProcessProxy::shutDown`.
* Source/WebKit/UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::shutDown):
Canonical link: https://commits.webkit.org/281758@main
Canonical link: https://commits.webkit.org/280938.261@safari-7619-branch
Commit: 031367be5b9a5f52893f49535fdf503efc95196e
https://github.com/WebKit/WebKit/commit/031367be5b9a5f52893f49535fdf503efc95196e
Author: Ryosuke Niwa <rniwa at webkit.org>
Date: 2024-08-23 (Fri, 23 Aug 2024)
Changed paths:
M Source/WebCore/editing/cocoa/DataDetection.mm
Log Message:
-----------
Cherry-pick c213f1482344. rdar://134538423
Crash in TimerBase::~TimerBase via DataDetection::detectContentInFrame
https://bugs.webkit.org/show_bug.cgi?id=278259
<rdar://133488287>
Reviewed by Wenson Hsieh.
Speculative fix. Use a WeakPtr instead of RefPtr in detectContentInFrame so that
we don't attempt to destruct Document in a background thread.
* Source/WebCore/editing/cocoa/DataDetection.mm:
(WebCore::DataDetection::detectContentInFrame):
Canonical link: https://commits.webkit.org/282380@main
Canonical link: https://commits.webkit.org/280938.262@safari-7619-branch
Commit: dd324811f92e0cad6314185d3061b867a9f4831f
https://github.com/WebKit/WebKit/commit/dd324811f92e0cad6314185d3061b867a9f4831f
Author: Ryan Reno <rreno at apple.com>
Date: 2024-08-23 (Fri, 23 Aug 2024)
Changed paths:
M Source/WebCore/bindings/js/JSAudioWorkletGlobalScopeCustom.cpp
Log Message:
-----------
Cherry-pick 2ef9bf886adc. rdar://133250806
REGRESSION (280975 at main) Null pointer deref crash in WebCore::AudioWorkletGlobalScope::createProcessor
https://bugs.webkit.org/show_bug.cgi?id=278512
rdar://133250806
Reviewed by Chris Dumez.
After 280975 at main, Audio Worklet processor constructors are weak
handles and may be garbage collected prematurely, especially in WK1.
This can lead to null pointer deref crashes in WebAudio WPT when trying
to construct a new Audio Worklet processor.
This change adds the AudioWorkletGlobalScope as a WebCore opaque root in
order to keep registered processor constructors alive via the
isReachableFromOpaqueRoots mechanism.
* Source/WebCore/bindings/js/JSAudioWorkletGlobalScopeCustom.cpp:
(WebCore::JSAudioWorkletGlobalScope::visitAdditionalChildren):
Canonical link: https://commits.webkit.org/282644@main
Canonical link: https://commits.webkit.org/280938.263@safari-7619-branch
Commit: e4a60784524d336e979f2e60f2c86c597471285f
https://github.com/WebKit/WebKit/commit/e4a60784524d336e979f2e60f2c86c597471285f
Author: Ryan Reno <rreno at apple.com>
Date: 2024-08-23 (Fri, 23 Aug 2024)
Changed paths:
M Source/WebCore/Modules/reporting/ReportingObserver.cpp
Log Message:
-----------
Cherry-pick b5502f0dc670. rdar://133409507
REGRESSION (280886 at main) ReportingObserver can be garbage collected while a task is queued to make report callbacks.
https://bugs.webkit.org/show_bug.cgi?id=278534
rdar://133409507
Reviewed by Brent Fulgham.
In 280886 at main I tied the lifetime of the ReportingObserver object to
whether or not it is observing reports by making it an ActiveDOMObject.
In some cases (especially imported/w3c/web-platform-tests/reporting/disconnect.html)
the object and its callback can be garbage collected while there's an
outstanding task to make the callback with its reports which can
cause a null pointer dereference when attempting to invoke the callback.
This change will keep the object alive until after the callback has been
serviced, even if all references are dropped and the ReportingObserver
has disconnected.
* Source/WebCore/Modules/reporting/ReportingObserver.cpp:
(WebCore::ReportingObserver::appendQueuedReportIfCorrectType):
Canonical link: https://commits.webkit.org/282645@main
Canonical link: https://commits.webkit.org/280938.264@safari-7619-branch
Commit: 808bbd9850af979ae822643df9db7acafe002bb6
https://github.com/WebKit/WebKit/commit/808bbd9850af979ae822643df9db7acafe002bb6
Author: Elliott Williams <emw at apple.com>
Date: 2024-08-23 (Fri, 23 Aug 2024)
Changed paths:
M Source/JavaScriptCore/API/JSValue.h
M Source/JavaScriptCore/API/JSValueRef.h
M Source/WebKit/Shared/API/Cocoa/_WKHitTestResult.h
M Source/WebKit/UIProcess/API/Cocoa/WKFrameInfoPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKMenuItemIdentifiersPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKSnapshotConfigurationPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKUIDelegatePrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebView.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebpagePreferencesPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h
M Source/WebKit/UIProcess/API/Cocoa/_WKAttachment.h
M Source/WebKit/UIProcess/API/Cocoa/_WKRectEdge.h
M Source/WebKit/UIProcess/API/Cocoa/_WKTargetedElementInfo.h
M Source/WebKit/UIProcess/API/Cocoa/_WKTargetedElementRequest.h
M Source/WebKit/UIProcess/API/Cocoa/_WKWebExtensionDataRecord.h
M Source/WebKit/UIProcess/API/Cocoa/_WKWebExtensionDataType.h
M Source/WebKit/UIProcess/API/Cocoa/_WKWebExtensionPermissionPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.h
M Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreDelegate.h
Log Message:
-----------
Cherry-pick ec3944dca786. rdar://133484985
[API] Update availability versions for declarations released in macOS 15.0, iOS 18.0, and visionOS 2.0
rdar://133484985
https://bugs.webkit.org/show_bug.cgi?id=276696
Reviewed by Aditya Keerthi.
Find-and-replace WK_*_TBA tokens with their shipping version numbers.
* Source/JavaScriptCore/API/JSValue.h:
* Source/JavaScriptCore/API/JSValueRef.h:
* Source/WebKit/Shared/API/Cocoa/_WKHitTestResult.h:
* Source/WebKit/UIProcess/API/Cocoa/WKFrameInfoPrivate.h:
* Source/WebKit/UIProcess/API/Cocoa/WKMenuItemIdentifiersPrivate.h:
* Source/WebKit/UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h:
* Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h:
* Source/WebKit/UIProcess/API/Cocoa/WKSnapshotConfigurationPrivate.h:
* Source/WebKit/UIProcess/API/Cocoa/WKUIDelegatePrivate.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebpagePreferencesPrivate.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h:
* Source/WebKit/UIProcess/API/Cocoa/_WKAttachment.h:
* Source/WebKit/UIProcess/API/Cocoa/_WKRectEdge.h:
* Source/WebKit/UIProcess/API/Cocoa/_WKTargetedElementInfo.h:
* Source/WebKit/UIProcess/API/Cocoa/_WKTargetedElementRequest.h:
* Source/WebKit/UIProcess/API/Cocoa/_WKWebExtensionDataRecord.h:
(NS_ERROR_ENUM):
* Source/WebKit/UIProcess/API/Cocoa/_WKWebExtensionDataType.h:
* Source/WebKit/UIProcess/API/Cocoa/_WKWebExtensionPermissionPrivate.h:
* Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.h:
* Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreDelegate.h:
Canonical link: https://commits.webkit.org/281067@main
Canonical link: https://commits.webkit.org/280938.265@safari-7619-branch
Commit: c0991b6fa1edd9736382e1036321bcbb698d2eae
https://github.com/WebKit/WebKit/commit/c0991b6fa1edd9736382e1036321bcbb698d2eae
Author: Ryan Reno <rreno at apple.com>
Date: 2024-08-23 (Fri, 23 Aug 2024)
Changed paths:
M LayoutTests/TestExpectations
M LayoutTests/platform/ios/TestExpectations
M LayoutTests/platform/mac-wk2/TestExpectations
M Source/WebCore/Modules/webcodecs/WebCodecsAudioDecoder.cpp
M Source/WebCore/Modules/webcodecs/WebCodecsAudioDecoder.h
M Source/WebCore/Modules/webcodecs/WebCodecsAudioEncoder.cpp
M Source/WebCore/Modules/webcodecs/WebCodecsAudioEncoder.h
A Source/WebCore/Modules/webcodecs/WebCodecsControlMessage.h
M Source/WebCore/Modules/webcodecs/WebCodecsVideoDecoder.cpp
M Source/WebCore/Modules/webcodecs/WebCodecsVideoDecoder.h
M Source/WebCore/Modules/webcodecs/WebCodecsVideoEncoder.cpp
M Source/WebCore/Modules/webcodecs/WebCodecsVideoEncoder.h
M Source/WebCore/WebCore.xcodeproj/project.pbxproj
Log Message:
-----------
Cherry-pick dcc8d978d725. rdar://134297589
REGRESSION (280738 at main) [WebCodecs] Audio and Video codecs can be garbage collected with pending work.
https://bugs.webkit.org/show_bug.cgi?id=278356
rdar://134297589
Reviewed by Youenn Fablet.
In 280738 at main http/wpt/webcodecs/hevc-encoder-config.https.any.html
became flaky. This is because the VideoEncoder object goes out of scope
as soon as the configure steps schedule the control message to reject
the configuration and sometimes gets garbage collected before the error
callback can be called. Prior to 280738 at main the callback was a GC root
and so would never be collected. After this, though, the codec is
responsible for keeping its JS callbacks alive and so sometimes
everything gets collected.
Many of the WebCodecs steps require asynchronous work to be scheduled
which gives the algorithms many states where it is valid to have
outstanding work but all references to the codecs have been dropped in
JavaScript. In order to prevent them from being prematurely collected
this patch introduces an abstraction for the WebCodecs Control Message.
This object represents pending work and will hold a PendingActivity
for the codec which will prevent it from being garbage collected before
the spec algorithm steps have been completed. Additionally, we will
create a pending activity when we submit asynchronous work to the
internal codec implementation.
* LayoutTests/TestExpectations:
* LayoutTests/platform/ios/TestExpectations:
* LayoutTests/platform/mac-wk2/TestExpectations:
* Source/WebCore/Modules/webcodecs/WebCodecsAudioDecoder.cpp:
(WebCore::WebCodecsAudioDecoder::configure):
(WebCore::WebCodecsAudioDecoder::decode):
(WebCore::WebCodecsAudioDecoder::flush):
(WebCore::WebCodecsAudioDecoder::closeDecoder):
(WebCore::WebCodecsAudioDecoder::resetDecoder):
(WebCore::WebCodecsAudioDecoder::queueControlMessageAndProcess):
(WebCore::WebCodecsAudioDecoder::virtualHasPendingActivity const):
* Source/WebCore/Modules/webcodecs/WebCodecsAudioDecoder.h:
* Source/WebCore/Modules/webcodecs/WebCodecsAudioEncoder.cpp:
(WebCore::WebCodecsAudioEncoder::configure):
(WebCore::WebCodecsAudioEncoder::encode):
(WebCore::WebCodecsAudioEncoder::flush):
(WebCore::WebCodecsAudioEncoder::closeEncoder):
(WebCore::WebCodecsAudioEncoder::resetEncoder):
(WebCore::WebCodecsAudioEncoder::queueControlMessageAndProcess):
(WebCore::WebCodecsAudioEncoder::virtualHasPendingActivity const):
* Source/WebCore/Modules/webcodecs/WebCodecsAudioEncoder.h:
* Source/WebCore/Modules/webcodecs/WebCodecsControlMessage.h: Added.
* Source/WebCore/Modules/webcodecs/WebCodecsFlushPromise.h: Added.
* Source/WebCore/Modules/webcodecs/WebCodecsVideoDecoder.cpp:
(WebCore::WebCodecsVideoDecoder::configure):
(WebCore::WebCodecsVideoDecoder::decode):
(WebCore::WebCodecsVideoDecoder::flush):
(WebCore::WebCodecsVideoDecoder::closeDecoder):
(WebCore::WebCodecsVideoDecoder::resetDecoder):
(WebCore::WebCodecsVideoDecoder::queueControlMessageAndProcess):
(WebCore::WebCodecsVideoDecoder::virtualHasPendingActivity const):
* Source/WebCore/Modules/webcodecs/WebCodecsVideoDecoder.h:
* Source/WebCore/Modules/webcodecs/WebCodecsVideoEncoder.cpp:
(WebCore::WebCodecsVideoEncoder::configure):
(WebCore::WebCodecsVideoEncoder::encode):
(WebCore::WebCodecsVideoEncoder::flush):
(WebCore::WebCodecsVideoEncoder::closeEncoder):
(WebCore::WebCodecsVideoEncoder::resetEncoder):
(WebCore::WebCodecsVideoEncoder::queueControlMessageAndProcess):
(WebCore::WebCodecsVideoEncoder::virtualHasPendingActivity const):
* Source/WebCore/Modules/webcodecs/WebCodecsVideoEncoder.h:
* Source/WebCore/WebCore.xcodeproj/project.pbxproj:
Canonical link: https://commits.webkit.org/282657@main
Canonical link: https://commits.webkit.org/280938.266@safari-7619-branch
Commit: e5671f461941d603b00293f2296e91572832f479
https://github.com/WebKit/WebKit/commit/e5671f461941d603b00293f2296e91572832f479
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-08-23 (Fri, 23 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h
M Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.h
M Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm
M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
M Source/WebKit/UIProcess/PageClient.h
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
M Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm
M Source/WebKit/UIProcess/mac/WebViewImpl.h
M Source/WebKit/UIProcess/mac/WebViewImpl.mm
M Source/WebKit/WebKitSwift/TextAnimation/TextAnimationManager.swift
M Source/WebKit/WebKitSwift/TextAnimation/WKSTextAnimationSourceDelegate.h
Log Message:
-----------
Cherry-pick 8c521f3355c7. rdar://133427551
[Writing Tools] iOS: Selection should be hidden when pondering effect begins, stay hidden until all animations complete
https://bugs.webkit.org/show_bug.cgi?id=278144
rdar://133427551
Reviewed by Aditya Keerthi.
Apply the same logic as was previously done on macOS to ensure the selection is cleared during the animation.
Also, refactor the previously-macOS specific logic from WebViewImpl into WKWebView.
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView compositionSession:didReceiveText:replacementRange:inContext:finished:]):
(-[WKWebView writingToolsSession:didReceiveAction:]):
(-[WKWebView _didEndPartialIntelligenceTextPonderingAnimation]):
(-[WKWebView _intelligenceTextPonderingAnimationIsComplete]):
(-[WKWebView _addTextAnimationForAnimationID:withData:]):
(-[WKWebView _removeTextAnimationForAnimationID:]):
(-[WKWebView _enableSourceTextAnimationAfterElementWithID:]):
(-[WKWebView _enableFinalTextAnimationForElementWithID:]):
(-[WKWebView _disableTextAnimationWithUUID:]):
(-[WKWebView _enableTextIndicatorStylingAfterElementWithID:]):
(-[WKWebView _enableTextIndicatorStylingForElementWithID:]):
(-[WKWebView _disableTextIndicatorStylingWithUUID:]):
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h:
* Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.h:
* Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm:
(WebKit::PageClientImplCocoa::didEndPartialIntelligenceTextPonderingAnimation):
(WebKit::PageClientImplCocoa::intelligenceTextPonderingAnimationIsComplete):
(WebKit::PageClientImplCocoa::addTextAnimationForAnimationID):
(WebKit::PageClientImplCocoa::removeTextAnimationForAnimationID):
* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::didEndPartialIntelligenceTextPonderingAnimationImpl):
(WebKit::WebPageProxy::didEndPartialIntelligenceTextPonderingAnimation):
(WebKit::WebPageProxy::showSelectionForActiveWritingToolsSessionIfNeeded):
(WebKit::WebPageProxy::showSelectionForActiveWritingToolsSession): Deleted.
* Source/WebKit/UIProcess/PageClient.h:
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView replacementEffectDidComplete]):
* Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm:
(-[WKTextAnimationManager addTextAnimationForAnimationID:withData:]):
* Source/WebKit/UIProcess/mac/WebViewImpl.h:
* Source/WebKit/UIProcess/mac/WebViewImpl.mm:
(WebKit::WebViewImpl::writingToolsCompositionSessionDidReceiveRestartAction): Deleted.
(WebKit::WebViewImpl::writingToolsCompositionSessionDidReceiveReplacements): Deleted.
(WebKit::WebViewImpl::isWritingToolsTextReplacementsFinished const): Deleted.
(WebKit::WebViewImpl::isIntelligenceTextPonderingAnimationFinished const): Deleted.
(WebKit::WebViewImpl::willBeginPartialIntelligenceTextPonderingAnimation): Deleted.
(WebKit::WebViewImpl::didEndPartialIntelligenceTextPonderingAnimation): Deleted.
* Source/WebKit/WebKitSwift/TextAnimation/TextAnimationManager.swift:
(TextAnimationManager.performReplacementAndGeneratePreview(for:effect:animation:)):
(TextAnimationManager.replacementEffectDidComplete(_:)):
* Source/WebKit/WebKitSwift/TextAnimation/WKSTextAnimationSourceDelegate.h:
Canonical link: https://commits.webkit.org/282570@main
Canonical link: https://commits.webkit.org/280938.267@safari-7619-branch
Commit: 394f8098f27383c6fcf6bf4fee30042188230b0e
https://github.com/WebKit/WebKit/commit/394f8098f27383c6fcf6bf4fee30042188230b0e
Author: Lily Spiniolas <lily_spiniolas at apple.com>
Date: 2024-08-23 (Fri, 23 Aug 2024)
Changed paths:
M Source/WebCore/page/EventHandler.cpp
Log Message:
-----------
Cherry-pick fc682b90fc1e. rdar://133875342
AX context menu invocations may cause the context menu to overlap selections
https://bugs.webkit.org/show_bug.cgi?id=278502
rdar://133875342
Reviewed by Wenson Hsieh.
The location of the context menu now accounts for the
height of the selection, displaying the menu at the
bottom of the selection rather than overlapping near
the top.
* Source/WebCore/page/EventHandler.cpp:
(WebCore::EventHandler::sendContextMenuEventForKey):
Canonical link: https://commits.webkit.org/282656@main
Canonical link: https://commits.webkit.org/280938.268@safari-7619-branch
Commit: d76a8be1ba4051c93f50b10ebd5beaecfbd21829
https://github.com/WebKit/WebKit/commit/d76a8be1ba4051c93f50b10ebd5beaecfbd21829
Author: Rupin Mittal <rupin at apple.com>
Date: 2024-08-24 (Sat, 24 Aug 2024)
Changed paths:
M Source/WebCore/platform/sql/SQLiteStatement.h
M Source/WebCore/platform/sql/SQLiteStatementAutoResetScope.cpp
M Source/WebCore/platform/sql/SQLiteStatementAutoResetScope.h
M Source/WebKit/NetworkProcess/storage/SQLiteStorageArea.cpp
Log Message:
-----------
Ensure SQLiteStorageArea does not use SQLiteStatement after it's been freed
https://bugs.webkit.org/show_bug.cgi?id=278538
rdar://127866416
Reviewed by Chris Dumez, Geoffrey Garen, and Sihui Liu.
SQLiteStorageArea::getItemFromDatabase() holds a SQLiteStatementAutoResetScope
statement variable. This goes out of scope at the end of getItemFromDatabase()
and so it's destructor is called. There is a crash occurring here. It turns out
that SQLiteStatementAutoResetScope holds a raw pointer to a SQLiteStatement.
A series of function calls: getItemFromDatabase() -> handleDatabaseErrorIfNeeded()
-> close() results in this SQLiteStatement object being destroyed
(SQLiteStorageArea holds a unique pointer to this SQLiteStatement object which is
destroyed in close()). After this destruction, the SQLiteStatementAutoResetScope
statement variable goes out of scope and it's destructor attempts to access the
raw pointer to the now-destroyed SQLiteStatement object. This use-after-free
causes the crash.
We fix this problem by using a block-scope to ensure the SQLiteStatementAutoResetScope
statement variable is destroyed before handleDatabaseErrorIfNeeded() is called. Although
the crash was only in getItemFromDatabase(), there are other functions in SQLiteStorageArea
that follow this same pattern and could potentially have a use-after-free. We make this
block-scope change there as well. Additionally, we change the SQLiteStatement raw pointer
in SQLiteStatementAutoResetScope to a CheckedPtr.
We use a block-scope rather than declare a new function SQLiteStatementAutoResetScope that
could call reset on the SQLiteStatement object because we want the object to live and be
reset in sync with the scope's lifetime.
* Source/WebCore/platform/sql/SQLiteStatement.h:
* Source/WebCore/platform/sql/SQLiteStatementAutoResetScope.cpp:
(WebCore::SQLiteStatementAutoResetScope::operator=): Deleted.
* Source/WebCore/platform/sql/SQLiteStatementAutoResetScope.h:
(WebCore::SQLiteStatementAutoResetScope::operator bool const):
(WebCore::SQLiteStatementAutoResetScope::get):
(WebCore::SQLiteStatementAutoResetScope::operator->):
* Source/WebKit/NetworkProcess/storage/SQLiteStorageArea.cpp:
(WebKit::SQLiteStorageArea::getItemFromDatabase):
(WebKit::SQLiteStorageArea::allItems):
(WebKit::SQLiteStorageArea::setItem):
(WebKit::SQLiteStorageArea::removeItem):
(WebKit::SQLiteStorageArea::clear):
Canonical link: https://commits.webkit.org/280938.269@safari-7619-branch
Commit: e2a2faccf8a5e3d6fe03114a53a92e24d2dd668f
https://github.com/WebKit/WebKit/commit/e2a2faccf8a5e3d6fe03114a53a92e24d2dd668f
Author: Nitin Mahendru <nitinmahendru at apple.com>
Date: 2024-08-24 (Sat, 24 Aug 2024)
Changed paths:
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
Log Message:
-----------
Correctly terminate deserialization in CloneDeserializer::readRTCCertificate
https://bugs.webkit.org/show_bug.cgi?id=278605
rdar://134026541
Reviewed by Chris Dumez.
Calling fail() as added in this change will terminate the deserialization process
instead of further trying to parse the data that is left. This can lead to arbitrary
data being forced into the deserializer.
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::readRTCCertificate):
Canonical link: https://commits.webkit.org/280938.270@safari-7619-branch
Commit: 0a9f34dfe7a897b808e8821404769b6e96308141
https://github.com/WebKit/WebKit/commit/0a9f34dfe7a897b808e8821404769b6e96308141
Author: Pascoe <pascoe at apple.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
M LayoutTests/editing/pasteboard/copy-paste-attachment.html
M LayoutTests/fast/attachment/attachment-dom.html
M LayoutTests/fast/attachment/attachment-folder-icon-expected.html
M LayoutTests/fast/attachment/attachment-icon-from-file-extension-expected.html
M LayoutTests/fast/attachment/attachment-label-highlight.html
M LayoutTests/fast/attachment/attachment-progress.html
M LayoutTests/fast/attachment/attachment-select-on-click-inside-user-select-all.html
M LayoutTests/fast/attachment/attachment-select-on-click.html
M LayoutTests/fast/attachment/attachment-subtitle.html
M LayoutTests/fast/attachment/attachment-title.html
M LayoutTests/fast/attachment/attachment-type-attribute-expected.html
M LayoutTests/fast/attachment/cocoa/wide-attachment-dom.html
M LayoutTests/fast/attachment/cocoa/wide-attachment-folder-icon-expected.html
M LayoutTests/fast/attachment/cocoa/wide-attachment-icon-from-file-extension-expected.html
M LayoutTests/fast/attachment/mac/attachment-keynote-icon-expected.html
M LayoutTests/fast/attachment/mac/attachment-numbers-icon-expected.html
M LayoutTests/fast/attachment/mac/attachment-pages-icon-expected.html
M LayoutTests/fast/attachment/mac/wide-attachment-type-attribute-expected.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-convert-to-download-async-delegate.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-convert-to-download.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-blank-base-target-popup-not-allowed.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-blank-target-popup-not-allowed.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-blank-target.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-no-extension.html
M LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download.html
M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
M Source/WTF/wtf/FileSystem.cpp
M Source/WTF/wtf/FileSystem.h
M Source/WebCore/page/ChromeClient.h
M Source/WebCore/testing/Internals.cpp
M Source/WebCore/testing/Internals.h
M Source/WebCore/testing/Internals.idl
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in
M Source/WebKit/NetworkProcess/NetworkProcess.cpp
M Source/WebKit/NetworkProcess/NetworkProcess.h
M Source/WebKit/NetworkProcess/NetworkProcess.messages.in
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.h
M Source/WebKit/Shared/NetworkProcessPreferencesForWebProcess.h
M Source/WebKit/Shared/NetworkProcessPreferencesForWebProcess.serialization.in
M Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp
M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
M Source/WebKit/UIProcess/Cocoa/WebPasteboardProxyCocoa.mm
M Source/WebKit/UIProcess/ProvisionalPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebPasteboardProxy.h
M Source/WebKit/UIProcess/WebProcessProxy.cpp
M Source/WebKit/UIProcess/WebProcessProxy.h
M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
M Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm
M Source/WebKit/UIProcess/mac/WebPageProxyMac.mm
M Source/WebKit/UIProcess/mac/WebViewImpl.mm
M Source/WebKit/UIProcess/win/WebView.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.h
M Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/RunOpenPanel.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/UploadDirectory.mm
Log Message:
-----------
Revert rdar://80200949 from CrystalGlowB branch
rdar://134533391
Unreviewed, revert.
This reverts rdar://80200949 from this branch.
* LayoutTests/editing/pasteboard/copy-paste-attachment.html:
* LayoutTests/fast/attachment/attachment-dom.html:
* LayoutTests/fast/attachment/attachment-folder-icon-expected.html:
* LayoutTests/fast/attachment/attachment-icon-from-file-extension-expected.html:
* LayoutTests/fast/attachment/attachment-label-highlight.html:
* LayoutTests/fast/attachment/attachment-progress.html:
* LayoutTests/fast/attachment/attachment-select-on-click-inside-user-select-all.html:
* LayoutTests/fast/attachment/attachment-select-on-click.html:
* LayoutTests/fast/attachment/attachment-subtitle.html:
* LayoutTests/fast/attachment/attachment-title.html:
* LayoutTests/fast/attachment/attachment-type-attribute-expected.html:
* LayoutTests/fast/attachment/cocoa/wide-attachment-dom.html:
* LayoutTests/fast/attachment/cocoa/wide-attachment-folder-icon-expected.html:
* LayoutTests/fast/attachment/cocoa/wide-attachment-icon-from-file-extension-expected.html:
* LayoutTests/fast/attachment/mac/attachment-keynote-icon-expected.html:
* LayoutTests/fast/attachment/mac/attachment-numbers-icon-expected.html:
* LayoutTests/fast/attachment/mac/attachment-pages-icon-expected.html:
* LayoutTests/fast/attachment/mac/wide-attachment-type-attribute-expected.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-convert-to-download-async-delegate.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-convert-to-download.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-blank-base-target-popup-not-allowed.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-blank-target-popup-not-allowed.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-blank-target.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-no-extension.html:
* LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download.html:
* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
* Source/WTF/wtf/FileSystem.cpp:
(WTF::FileSystemImpl::lexicallyNormal): Deleted.
* Source/WTF/wtf/FileSystem.h:
* Source/WebCore/page/ChromeClient.h:
(WebCore::ChromeClient::registerBlobPathForTesting): Deleted.
* Source/WebCore/testing/Internals.cpp:
(WebCore::Internals::createFile):
(WebCore::Internals::asyncCreateFile): Deleted.
* Source/WebCore/testing/Internals.h:
* Source/WebCore/testing/Internals.idl:
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::registerInternalFileBlobURL):
(WebKit::NetworkConnectionToWebProcess::registerInternalBlobURLOptionallyFileBacked):
(WebKit::NetworkConnectionToWebProcess::isFilePathAllowed): Deleted.
(WebKit::NetworkConnectionToWebProcess::registerBlobPathForTesting): Deleted.
(WebKit::NetworkConnectionToWebProcess::allowAccessToFile): Deleted.
(WebKit::NetworkConnectionToWebProcess::allowAccessToFiles): Deleted.
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h:
(WebKit::NetworkConnectionToWebProcess::usesSingleWebProcess const):
(WebKit::NetworkConnectionToWebProcess::blobFileAccessEnforcementEnabled const): Deleted.
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in:
* Source/WebKit/NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::allowFilesAccessFromWebProcess): Deleted.
(WebKit::NetworkProcess::allowFileAccessFromWebProcess): Deleted.
* Source/WebKit/NetworkProcess/NetworkProcess.h:
* Source/WebKit/NetworkProcess/NetworkProcess.messages.in:
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp:
(WebKit::NetworkStorageManager::NetworkStorageManager):
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.h:
* Source/WebKit/Shared/NetworkProcessPreferencesForWebProcess.h:
* Source/WebKit/Shared/NetworkProcessPreferencesForWebProcess.serialization.in:
* Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:
(webkitWebViewCreatePageConfiguration):
* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::grantAccessToCurrentPasteboardData):
* Source/WebKit/UIProcess/Cocoa/WebPasteboardProxyCocoa.mm:
(WebKit::WebPasteboardProxy::grantAccessToCurrentData):
* Source/WebKit/UIProcess/ProvisionalPageProxy.cpp:
(WebKit::ProvisionalPageProxy::goToBackForwardItem):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::maybeInitializeSandboxExtensionHandle):
(WebKit::WebPageProxy::loadRequestWithNavigationShared):
(WebKit::WebPageProxy::loadFile):
(WebKit::WebPageProxy::loadDataWithNavigationShared):
(WebKit::WebPageProxy::loadSimulatedRequest):
(WebKit::WebPageProxy::loadAlternateHTML):
(WebKit::WebPageProxy::reload):
(WebKit::WebPageProxy::executeEditCommand):
(WebKit::WebPageProxy::performDragOperation):
(WebKit::WebPageProxy::performDragControllerAction):
(WebKit::WebPageProxy::receivedNavigationActionPolicyDecision):
(WebKit::WebPageProxy::contextMenuItemSelected):
(WebKit::WebPageProxy::didChooseFilesForOpenPanelWithDisplayStringAndIcon):
(WebKit::WebPageProxy::didChooseFilesForOpenPanel):
(WebKit::WebPageProxy::platformDidSelectItemFromActiveContextMenu):
(WebKit::WebPageProxy::willPerformPasteCommand):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPasteboardProxy.h:
* Source/WebKit/UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::shouldSendPendingMessage):
(WebKit::WebProcessProxy::assumeReadAccessToBaseURL):
(WebKit::WebProcessProxy::assumeReadAccessToBaseURLs): Deleted.
* Source/WebKit/UIProcess/WebProcessProxy.h:
* Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView _handleDOMPasteRequestWithResult:]):
* Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm:
(WebKit::WebPageProxy::willPerformPasteCommand):
* Source/WebKit/UIProcess/mac/WebPageProxyMac.mm:
(WebKit::WebPageProxy::readSelectionFromPasteboard):
(WebKit::WebPageProxy::platformDidSelectItemFromActiveContextMenu):
(WebKit::WebPageProxy::willPerformPasteCommand):
* Source/WebKit/UIProcess/mac/WebViewImpl.mm:
(WebKit::WebViewImpl::performDragOperation):
(WebKit::WebViewImpl::requestDOMPasteAccess):
(WebKit::WebViewImpl::handleDOMPasteRequestForCategoryWithResult):
(WebKit::performDragWithLegacyFiles): Deleted.
(WebKit::handleLegacyFilesPasteboard): Deleted.
* Source/WebKit/UIProcess/win/WebView.cpp:
(WebKit::WebView::WebView):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::registerBlobPathForTesting): Deleted.
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h:
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::didChooseFilesForOpenPanelWithDisplayStringAndIcon):
* Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.h:
* Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.mm:
(WebChromeClient::registerBlobPathForTesting): Deleted.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/RunOpenPanel.mm:
(TestWebKitAPI::TEST(WebKit, RunOpenPanelNonLatin1)):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/UploadDirectory.mm:
(TEST(WebKit, UploadDirectory)):
Canonical link: https://commits.webkit.org/280938.271@safari-7619-branch
Commit: e52239ab914278a88b63de9fadf6b8a4d0e24bf2
https://github.com/WebKit/WebKit/commit/e52239ab914278a88b63de9fadf6b8a4d0e24bf2
Author: Chris Dumez <cdumez at apple.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp
Log Message:
-----------
Cherry-pick 9a40e4dc60a5. rdar://134235519
Regression(278911 at main) Crash under AuxiliaryProcessProxy::shutDownProcess()
https://bugs.webkit.org/show_bug.cgi?id=278576
rdar://134235519
Reviewed by Charlie Wolfe and Sihui Liu.
Make sure we use the `connection` stack variable instead of `m_connection`
as it might get cleared out.
* Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp:
(WebKit::AuxiliaryProcessProxy::shutDownProcess):
Canonical link: https://commits.webkit.org/282680@main
Canonical link: https://commits.webkit.org/280938.272@safari-7619-branch
Commit: 91968690f3f1a3a393ea45ef52ea6d9750ebc1cd
https://github.com/WebKit/WebKit/commit/91968690f3f1a3a393ea45ef52ea6d9750ebc1cd
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7619.2.4
Canonical link: https://commits.webkit.org/280938.273@safari-7619-branch
Commit: 3cbe7cc880e3ec08a2c74357ac7ba2de2d6271c8
https://github.com/WebKit/WebKit/commit/3cbe7cc880e3ec08a2c74357ac7ba2de2d6271c8
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
M Source/WTF/wtf/PlatformEnable.h
M Source/WTF/wtf/PlatformEnableCocoa.h
M Source/WebCore/PAL/pal/cocoa/WritingToolsUISoftLink.h
M Source/WebCore/PAL/pal/cocoa/WritingToolsUISoftLink.mm
M Source/WebCore/PAL/pal/spi/cocoa/WritingToolsUISPI.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h
M Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.h
M Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm
M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
M Source/WebKit/UIProcess/PageClient.h
M Source/WebKit/UIProcess/WKSTextAnimationManager.h
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebPageProxy.messages.in
M Source/WebKit/UIProcess/ios/WKContentViewInteraction.h
M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
M Source/WebKit/UIProcess/mac/WKTextAnimationManager.h
M Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm
M Source/WebKit/UIProcess/mac/WebViewImpl.h
M Source/WebKit/UIProcess/mac/WebViewImpl.mm
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm
M Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Source/WebKit/WebProcess/WebPage/WebPage.messages.in
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm
Log Message:
-----------
Cherry-pick cf5d27fa1b3b. rdar://134453658
[Writing Tools] Remove `ENABLE_WRITING_TOOLS_UI` flag
https://bugs.webkit.org/show_bug.cgi?id=278501
rdar://134453658
Reviewed by Aditya Keerthi.
Since iOS doesn't actually need WritingToolsUI, this flag can be removed.
* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
* Source/WebCore/PAL/pal/cocoa/WritingToolsUISoftLink.h:
* Source/WebCore/PAL/pal/cocoa/WritingToolsUISoftLink.mm:
* Source/WebCore/PAL/pal/spi/cocoa/WritingToolsUISPI.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _enableTextIndicatorStylingAfterElementWithID:]):
(-[WKWebView _enableTextIndicatorStylingForElementWithID:]):
(-[WKWebView _disableTextIndicatorStylingWithUUID:]):
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h:
* Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.h:
* Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm:
* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
* Source/WebKit/UIProcess/PageClient.h:
* Source/WebKit/UIProcess/WKSTextAnimationManager.h:
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:
* Source/WebKit/UIProcess/ios/WKContentViewInteraction.h:
* Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView addTextAnimationForAnimationID:withStyleType:]):
(-[WKContentView removeTextAnimationForAnimationID:]):
* Source/WebKit/UIProcess/mac/WKTextAnimationManager.h:
* Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm:
* Source/WebKit/UIProcess/mac/WebViewImpl.h:
* Source/WebKit/UIProcess/mac/WebViewImpl.mm:
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h:
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h:
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm:
* Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm:
(WebKit::WebPage::addTextAnimationForAnimationID):
(WebKit::WebPage::removeTextAnimationForAnimationID):
(WebKit::WebPage::removeTransparentMarkersForActiveWritingToolsSession):
(WebKit::WebPage::removeInitialTextAnimationForActiveWritingToolsSession):
(WebKit::WebPage::addInitialTextAnimationForActiveWritingToolsSession):
(WebKit::WebPage::addSourceTextAnimationForActiveWritingToolsSession):
(WebKit::WebPage::addDestinationTextAnimationForActiveWritingToolsSession):
(WebKit::WebPage::clearAnimationsForActiveWritingToolsSession):
(WebKit::WebPage::createTextIndicatorForTextAnimationID):
(WebKit::WebPage::updateUnderlyingTextVisibilityForTextAnimationID):
(WebKit::WebPage::enableSourceTextAnimationAfterElementWithID):
(WebKit::WebPage::enableTextAnimationTypeForElementWithID):
(WebKit::WebPage::showSelectionForActiveWritingToolsSession):
(WebKit::WebPage::didEndPartialIntelligenceTextPonderingAnimation):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm:
Canonical link: https://commits.webkit.org/282598@main
Canonical link: https://commits.webkit.org/280938.274@safari-7619-branch
Commit: b5e222d47875af5e851223967d9eca68894c6fef
https://github.com/WebKit/WebKit/commit/b5e222d47875af5e851223967d9eca68894c6fef
Author: Nitin Mahendru <nitinmahendru at apple.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
Log Message:
-----------
Correctly terminate serialization in case wrapCryptoKey fails
https://bugs.webkit.org/show_bug.cgi?id=278642
rdar://134026604
Reviewed by Chris Dumez.
Stop serialization with an error when wrapCryptoKey fails.
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneSerializer::dumpIfTerminal):
Canonical link: https://commits.webkit.org/280938.275@safari-7619-branch
Commit: 45a6198a712c1110d0c572e0650f2c07df623f93
https://github.com/WebKit/WebKit/commit/45a6198a712c1110d0c572e0650f2c07df623f93
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebPageProxy.messages.in
M Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm
M Source/WebKit/WebProcess/WebPage/WebPage.h
Log Message:
-----------
Cherry-pick b11448bd2e64. rdar://134091847
[Writing Tools] WebContent crashes during teardown after performing animations
https://bugs.webkit.org/show_bug.cgi?id=278495
rdar://134091847
Reviewed by Wenson Hsieh.
Writing Tools animations involve communication between the UI process and
WebContent process to coordinate the showing, hiding, and replacement of
ranges of text. This communication occurs via IPC and async reply handlers.
There are two high-level types of animations: "pondering", where the text
remains unchanged and has a constant shimmering animations, and "replace",
which is a transition between two types of text.
The "pondering" animation does not involve complex coordination, and
consequently, there is no completion handler called in the UI process as a
result of its addition. For this reason, the "pondering" animation uses a "null"
completion handler in the web process. However, as it uses the same IPC message
as the "replace" animations, which creates an async reply handler. As a result
"pondering" animations accumulate async reply handlers backed by null completion
handlers. This is problematic for two reasons:
1. Memory leaks. Since "pondering" animations are not associated with a completion
handler with the native API in the UI process, the async replies continue to
accumulate during the lifetime of the WebContent process.
2. During teardown in `WebPageProxy::resetState`, all outstanding completion
handlers are called. This results in the async reply handlers backed by
null completion handlers getting called in WebContent, culminating in a crash.
Fix by using one-way IPC for the "pondering" animation.
No new tests, as the issue is not reproducible using `-[WKWebView _close]`.
* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::addTextAnimationForAnimationID):
(WebKit::WebPageProxy::addTextAnimationForAnimationIDWithCompletionHandler):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:
Introduce another IPC message to be used by animations that don't have a
completion handler.
* Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm:
(WebKit::WebPage::addTextAnimationForAnimationID):
Dispatch the IPC message that does not create an async reply handler when no
completion handler is present.
* Source/WebKit/WebProcess/WebPage/WebPage.h:
(WebKit::WebPage::addTextAnimationForAnimationID):
Canonical link: https://commits.webkit.org/282637@main
Canonical link: https://commits.webkit.org/280938.276@safari-7619-branch
Commit: 22e102ecb215297f4f61bf28bc8b7fd68d93712a
https://github.com/WebKit/WebKit/commit/22e102ecb215297f4f61bf28bc8b7fd68d93712a
Author: Basuke Suzuki <basuke.suzuki at sony.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
A LayoutTests/js/structuredClone/structured-clone-of-ResizableSharedArrayBuffer-expected.txt
A LayoutTests/js/structuredClone/structured-clone-of-ResizableSharedArrayBuffer.html
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
Log Message:
-----------
Race condition in CloneSerializer::dumpIfTerminal allows for injecting arbitrary deserialization data
https://bugs.webkit.org/show_bug.cgi?id=278657
rdar://132388209
Reviewed by Chris Dumez and Geoffrey Garen.
Fix the exploit by using consistent byteLength fetched from the array buffer.
This is part 1 of security fix. In part 2, we'll introduce a new write method for std::span and consistently use that in all cases of std::span<const uint8_t>. This requires for changing the byte format and need more code.
* LayoutTests/js/structuredClone/structured-clone-of-ResizableSharedArrayBuffer-expected.txt: Added.
* LayoutTests/js/structuredClone/structured-clone-of-ResizableSharedArrayBuffer.html: Added.
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneSerializer::dumpIfTerminal):
(WebCore::CloneSerializer::writeResizableArrayBuffer):
Canonical link: https://commits.webkit.org/280938.277@safari-7619-branch
Commit: 29b84c7476637066076a9592e440fad9552cf663
https://github.com/WebKit/WebKit/commit/29b84c7476637066076a9592e440fad9552cf663
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h
M Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.h
M Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm
M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
M Source/WebKit/UIProcess/PageClient.h
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm
Log Message:
-----------
Cherry-pick cf372e3f2725. rdar://134317347
[Writing Tools] Rewrite animation may sometimes never finish on the latter part of text content
https://bugs.webkit.org/show_bug.cgi?id=278471
rdar://134317347
Reviewed by Aditya Keerthi.
It's valid for Writing Tools to complete a replacement without replacing the entire context range;
currently, in this case, the initial animation for the part of the context range that is never replaced
never ends.
Fix by not adding the initial animation in the first place if the replacement is finished, since there
is nothing left to subsequently be replaced.
* Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm:
(-[WKTextAnimationManager addTextAnimationForAnimationID:withData:]):
Canonical link: https://commits.webkit.org/282640@main
Canonical link: https://commits.webkit.org/280938.278@safari-7619-branch
Commit: e52aabe54a9b482e08e427418f5bbcd11562223d
https://github.com/WebKit/WebKit/commit/e52aabe54a9b482e08e427418f5bbcd11562223d
Author: Youenn Fablet <youenn at apple.com>
Date: 2024-08-27 (Tue, 27 Aug 2024)
Changed paths:
M Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp9/encoder/vp9_ratectrl.c
Log Message:
-----------
Cherry-pick libvpx 634e1f8fb196f0e04c0dceae7043e8a12a0d31f9
rdar://133438454
Reviewed by Brent Fulgham.
We cherry-pick this overflow change after resolving a small conflict.
* Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp9/encoder/vp9_ratectrl.c:
(vp9_calc_iframe_target_size_one_pass_cbr):
Canonical link: https://commits.webkit.org/280938.279@safari-7619-branch
Commit: ff8cacd4a7e7a63eea2c4e89be3fba6c9b96a966
https://github.com/WebKit/WebKit/commit/ff8cacd4a7e7a63eea2c4e89be3fba6c9b96a966
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-08-27 (Tue, 27 Aug 2024)
Changed paths:
M Source/WebCore/page/writing-tools/WritingToolsController.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h
M Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.h
M Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm
M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
M Source/WebKit/UIProcess/PageClient.h
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
M Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm
Log Message:
-----------
Cherry-pick 4c0d1d609b41. rdar://134516446
[Writing Tools] Selection sometimes may not show up when a session's animations finish
https://bugs.webkit.org/show_bug.cgi?id=278532
rdar://134516446
Reviewed by Abrar Rahman Protyasha.
There is currently a race condition between when the replace animation ends and when the replacement
is complete which causes `showSelectionForActiveWritingToolsSession` to not properly reveal the selection.
Fix by always checking the condition in `_didEndPartialIntelligenceTextPonderingAnimation` instead.
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _didEndPartialIntelligenceTextPonderingAnimation]):
(-[WKWebView _intelligenceTextPonderingAnimationIsComplete]): Deleted.
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h:
* Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.h:
* Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm:
* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::showSelectionForActiveWritingToolsSession):
(WebKit::WebPageProxy::showSelectionForActiveWritingToolsSessionIfNeeded): Deleted.
* Source/WebKit/UIProcess/PageClient.h:
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView replacementEffectDidComplete]):
* Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm:
(-[WKTextAnimationManager addTextAnimationForAnimationID:withData:]):
Canonical link: https://commits.webkit.org/282666@main
Canonical link: https://commits.webkit.org/280938.280@safari-7619-branch
Commit: 294250ca449f6f51eeb50c1d529f54986837b592
https://github.com/WebKit/WebKit/commit/294250ca449f6f51eeb50c1d529f54986837b592
Author: Kiet Ho <tho22 at apple.com>
Date: 2024-08-27 (Tue, 27 Aug 2024)
Changed paths:
A LayoutTests/compositing/tiling/crash-when-unapplying-mask-border-expected.txt
A LayoutTests/compositing/tiling/crash-when-unapplying-mask-border.html
M Source/WebCore/platform/graphics/ca/GraphicsLayerCA.cpp
Log Message:
-----------
GraphicsLayerCA: when changing layer type, disown the old layer after copying to new layer
rdar://132717696
https://bugs.webkit.org/show_bug.cgi?id=278567
Reviewed by Simon Fraser.
In GraphicsLayerCA::changeLayerTypeTo, after copying from the current (old)
layer to the new layer, we neglect to set the owner of the old layer to nullptr.
Even if the owner (a GraphicsLayerCA) later gets destroyed, the old layer still keeps a
reference to the dead owner, and accessing the owner leads to a use-after-free.
Fix this by setting the owner of the old layer to nullptr, once we've done using it.
* LayoutTests/compositing/tiling/crash-when-unapplying-mask-border-expected.txt: Added.
* LayoutTests/compositing/tiling/crash-when-unapplying-mask-border.html: Added.
* Source/WebCore/platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::changeLayerTypeTo):
Canonical link: https://commits.webkit.org/280938.281@safari-7619-branch
Commit: 9939e9d9e6c9e34f1e85977367a01c5b0b0a1336
https://github.com/WebKit/WebKit/commit/9939e9d9e6c9e34f1e85977367a01c5b0b0a1336
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2024-08-28 (Wed, 28 Aug 2024)
Changed paths:
M Tools/Scripts/libraries/resultsdbpy/resultsdbpy/__init__.py
M Tools/Scripts/libraries/resultsdbpy/resultsdbpy/controller/archive_controller.py
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py
M Tools/Scripts/libraries/webkitflaskpy/webkitflaskpy/__init__.py
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
M Tools/Scripts/webkitpy/__init__.py
M Tools/Scripts/webkitpy/autoinstalled/buildbot.py
M Tools/Scripts/webkitpy/common/system/filesystem.py
Log Message:
-----------
Cherry-pick 282021 at main (59130f23ffec). rdar://133496921
[webkitpy] Update various library dependencies for setuptools mismatch
https://bugs.webkit.org/show_bug.cgi?id=277833
rdar://133496921
Reviewed by Sam Sneddon.
Update various libraries and change some to wheels to sidestep setuptools mistmatch.
* Tools/Scripts/libraries/resultsdbpy/resultsdbpy/__init__.py: Remove libraries managed in webkitflaskpy.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py: Bump various libraries.
* Tools/Scripts/libraries/webkitflaskpy/webkitflaskpy/__init__.py: Ditto.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Ditto.
* Tools/Scripts/webkitpy/__init__.py: Ditto.
* Tools/Scripts/webkitpy/autoinstalled/buildbot.py: Correct jinja dependencies.
* Tools/Scripts/webkitpy/common/system/filesystem.py:
(FileSystem.dirs_under): Remove scandir.
(FileSystem.files_under): Ditto.
(FileSystem.scandir): Ditto.
Canonical link: https://commits.webkit.org/282021@main
Canonical link: https://commits.webkit.org/280938.282@safari-7619-branch
Commit: d7954f4ca463a03ca149a5a0ed31c5358efb1a5c
https://github.com/WebKit/WebKit/commit/d7954f4ca463a03ca149a5a0ed31c5358efb1a5c
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2024-08-28 (Wed, 28 Aug 2024)
Changed paths:
M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/radar.py
Log Message:
-----------
Cherry-pick 282250 at main (e56ee1e93fd1). rdar://131631006
[webkitbugspy] Fix some radar models
https://bugs.webkit.org/show_bug.cgi?id=277978
rdar://131631006
Reviewed by Aakash Jain.
* Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/radar.py:
(RadarModel.Tentpole.__init__): Accept dictionary.
(Radar): Export RadarModel.Tentpole.
Canonical link: https://commits.webkit.org/282250@main
Canonical link: https://commits.webkit.org/280938.283@safari-7619-branch
Commit: d22b1be0e276e006e1eab127d1da9320f34d8e91
https://github.com/WebKit/WebKit/commit/d22b1be0e276e006e1eab127d1da9320f34d8e91
Author: Brianna Fan <bfan2 at apple.com>
Date: 2024-08-28 (Wed, 28 Aug 2024)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/branch.py
Log Message:
-----------
Cherry-pick 282462 at main (8ee945d9b8db). rdar://134287933
[git-webkit pr] regression: --no-cc-radar prompts for a radar to cc
https://bugs.webkit.org/show_bug.cgi?id=278342
rdar://134287933
Reviewed by Jonathan Bedard.
Check for args.cc_radar before prompting for a radar.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/branch.py:
(Branch.main):
Canonical link: https://commits.webkit.org/282462@main
Canonical link: https://commits.webkit.org/280938.284@safari-7619-branch
Commit: d876330c2161be8150edb716681da10f571733af
https://github.com/WebKit/WebKit/commit/d876330c2161be8150edb716681da10f571733af
Author: Jonathan Bedard <jbedard at apple.com>
Date: 2024-08-28 (Wed, 28 Aug 2024)
Changed paths:
M Tools/CISupport/run-tests
M Tools/CISupport/runUnittests.py
M Tools/Scripts/webkitpy/autoinstalled/buildbot.py
Log Message:
-----------
Cherry-pick 282814 at main (611e8e6609f0). rdar://133496921
[webkitpy] Update various library dependencies for setuptools mismatch (Follow-up)
https://bugs.webkit.org/show_bug.cgi?id=277833
rdar://133496921
Unreviewed follow-up fix.
* Tools/Scripts/webkitpy/autoinstalled/buildbot.py: Install markupsafe before jinja2.
Canonical link: https://commits.webkit.org/282814@main
Canonical link: https://commits.webkit.org/280938.285@safari-7619-branch
Commit: 03fe2d2f0fa8939ba4dc350abbeefc3322cbc23c
https://github.com/WebKit/WebKit/commit/03fe2d2f0fa8939ba4dc350abbeefc3322cbc23c
Author: Nitin Mahendru <nitinmahendru at apple.com>
Date: 2024-08-28 (Wed, 28 Aug 2024)
Changed paths:
A LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-ping-allowed-expected.txt
A LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-ping-allowed.html
A LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-ping-blocked-expected.txt
A LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-ping-blocked.html
A LayoutTests/http/tests/security/contentSecurityPolicy/resources/sample.html
M Source/WebCore/loader/PingLoader.cpp
Log Message:
-----------
Honor the connect-src value for <a ping="">
https://bugs.webkit.org/show_bug.cgi?id=278765
rdar://131054895
Reviewed by Chris Dumez.
At the moment, even though connect-src is set to one origin, cross origin pings
originating from the ping attribute of HTMLAnchorElement are not blocked. They should be.
This adds that check using CSP and adds a +/- tests to validate the same.
* LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-ping-allowed-expected.txt: Added.
* LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-ping-allowed.html: Added.
* LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-ping-blocked-expected.txt: Added.
* LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-ping-blocked.html: Added.
* LayoutTests/http/tests/security/contentSecurityPolicy/resources/sample.html: Added.
* Source/WebCore/loader/PingLoader.cpp:
(WebCore::PingLoader::sendPing):
Canonical link: https://commits.webkit.org/280938.286@safari-7619-branch
Commit: e5da2a6ffa71c6fc6752d1a2b16300e4f187ad2f
https://github.com/WebKit/WebKit/commit/e5da2a6ffa71c6fc6752d1a2b16300e4f187ad2f
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-08-29 (Thu, 29 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm
Log Message:
-----------
Cherry-pick 6e8c4b8ceac2. rdar://134443387
[Writing Tools] Rewrite animation is incorrectly offset in HTML Notes
https://bugs.webkit.org/show_bug.cgi?id=278686
rdar://134443387
Reviewed by Aditya Keerthi.
Since the effect view is being added as a subview to the web view, it's frame should be the web view's bounds
and not the web view's frame.
* Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm:
(-[WKTextAnimationManager initWithWebViewImpl:]):
Canonical link: https://commits.webkit.org/282770@main
Canonical link: https://commits.webkit.org/280938.287@safari-7619-branch
Commit: f9789b8b77a0eeb5d4d63cadbba5d163176edda1
https://github.com/WebKit/WebKit/commit/f9789b8b77a0eeb5d4d63cadbba5d163176edda1
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-08-29 (Thu, 29 Aug 2024)
Changed paths:
M Source/WebCore/editing/InsertTextCommand.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/AdaptiveImageGlyph.mm
Log Message:
-----------
Cherry-pick 0b81c7acf2f7. rdar://127761275
[Cocoa] Text inserted after resized adaptive image glyph does not match font size
https://bugs.webkit.org/show_bug.cgi?id=278693
rdar://127761275
Reviewed by Wenson Hsieh and Richard Robinson.
Adaptive image glyphs are essentially `<picture>` element with text-like behavior.
Traditional text insertion matches the font size of surrounding content as
created text nodes are inserted into a styled element.
However, when resizing an adaptive image glyph, the `font-size` property is
applied to the `<picture>` element. Then when inserting text after the
`<picture>` element, the text node is simply inserted as a sibling to the
`<picture>`, as `<picture>` cannot contain non-`<source>` or non-`<img>`
children due to editing. Consequently, the text takes on the size of the
common parent, rather than the adaptive image glyph.
Fix by getting an `EditingStyle` for the adaptive image glyph and applying
it to the inserted text.
* Source/WebCore/editing/InsertTextCommand.cpp:
(WebCore::InsertTextCommand::doApply):
The approach taken here can easily be generalized to other inline elements.
However, to reduce risk and surface of the behavior change, restrict the fix to
adaptive image glyphs. Other browsers are also inconsistent in their behavior
here.
Additionally, remove a comment that simply describes what the code does.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/AdaptiveImageGlyph.mm:
(TestWebKitAPI::TEST(AdaptiveImageGlyph, InsertTextAfterAdaptiveImageGlyph)):
Canonical link: https://commits.webkit.org/282778@main
Canonical link: https://commits.webkit.org/280938.288@safari-7619-branch
Commit: 3c9b4eb78c792d957fc9f33d47b615a28d9ac3de
https://github.com/WebKit/WebKit/commit/3c9b4eb78c792d957fc9f33d47b615a28d9ac3de
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-08-29 (Thu, 29 Aug 2024)
Changed paths:
A LayoutTests/editing/inserting/insert-text-before-picture-expected.txt
A LayoutTests/editing/inserting/insert-text-before-picture.html
M Source/WebCore/editing/Editing.cpp
Log Message:
-----------
Cherry-pick 93c20dcc345a. rdar://134378236
Attempting to insert text before a <picture> element inserts the text after the element
https://bugs.webkit.org/show_bug.cgi?id=278748
rdar://134378236
Reviewed by Wenson Hsieh.
`<picture>` elements may contain one or more `<source>` elements (which are not
rendered) and an `<img>` element. When making selections around a `<picture>`
element, the selection is anchored before or after the `<img>` child.
`CompositeEditCommand::insertNodeAt` is invoked when inserting a node at the
editing position. Since `HTMLPictureElement` cannot have children as a result
of editing (`canHaveChildrenForEditing`) and `caretMinOffset` is 0, the created
text node is always inserted using `insertNodeAfter`.
Fix by updating `caretMinOffset` to return the index of the `<img>` child for
`<picture>` elements. This ensures that when the offset of the parent anchored
equivalent is before the `<img>`, `insertNodeBefore` will be used rather than
`insertNodeAfter`.
* LayoutTests/editing/inserting/insert-text-before-picture-expected.txt: Added.
* LayoutTests/editing/inserting/insert-text-before-picture.html: Added.
* Source/WebCore/editing/Editing.cpp:
(WebCore::caretMinOffset):
`RenderText` is the only renderer-type that returns a non-zero value for
`caretMinOffset`. Consequently, it is safe to consult the `renderer` in
that scenario, similar to `caretMaxOffset`.
Canonical link: https://commits.webkit.org/282825@main
Canonical link: https://commits.webkit.org/280938.289@safari-7619-branch
Commit: 18851c73a1f2dbb35945997f8c73bac823c5025e
https://github.com/WebKit/WebKit/commit/18851c73a1f2dbb35945997f8c73bac823c5025e
Author: Tim Horton <thorton at apple.com>
Date: 2024-08-29 (Thu, 29 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm
Log Message:
-----------
Cherry-pick 00e184eab489. rdar://134831988
Fix the build
https://bugs.webkit.org/show_bug.cgi?id=278764
rdar://134831988
Unreviewed build fix.
* Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm:
Canonical link: https://commits.webkit.org/282829@main
Canonical link: https://commits.webkit.org/280938.290@safari-7619-branch
Commit: ddc7b99dd93509996d40a8974958b89bc64114b9
https://github.com/WebKit/WebKit/commit/ddc7b99dd93509996d40a8974958b89bc64114b9
Author: Matt Woodrow <mattwoodrow at apple.com>
Date: 2024-08-29 (Thu, 29 Aug 2024)
Changed paths:
A LayoutTests/compositing/visibility/omitted-nested-hidden-layers-crash-expected.txt
A LayoutTests/compositing/visibility/omitted-nested-hidden-layers-crash.html
M Source/WebCore/rendering/RenderLayer.cpp
M Source/WebCore/rendering/RenderLayer.h
Log Message:
-----------
Cherry-pick fcd3d0ef9ce6. rdar://134572916
REGRESSION: WebContent process terminates due to invalid RemoteLayerTreeDrawingAreaProxy_CommitLayerTree message.
https://bugs.webkit.org/show_bug.cgi?id=278556
<rdar://134572916>
Reviewed by Simon Fraser.
281636 at main fixed the case where omitting a visibility:hidden layer from the RenderLayer z-order lists caused
a crash, because the compositor wasn't informed of the removal.
This is a second variant of the same issue, where the omitting happens by not
recursing into a hidden subtree instead of omitting a leaf.
The fix is to stop doing that type of omission, since it's hard to reason about.
It's possible that this is slightly slower in some cases (though only back to
how the code ran before the original optimization, not a true regression). The
real performance win comes from hiding these layers from the compositor, so it
shouldn't be noticeable.
The fix also clarifies some of the code around notifying the compositor, so that
it works in the same way as collectLayers. This prevents a visible decendant of
a non-stacking hidden layer from being removed from the compositor, only to be
added again by collectLayers.
* LayoutTests/compositing/visibility/omitted-nested-hidden-layers-crash-expected.txt: Added.
* LayoutTests/compositing/visibility/omitted-nested-hidden-layers-crash.html: Added.
* Source/WebCore/rendering/RenderLayer.cpp:
(WebCore::RenderLayer::removeSelfFromCompositor):
(WebCore::RenderLayer::removeDescendantsFromCompositor):
(WebCore::RenderLayer::setWasOmittedFromZOrderTree):
(WebCore::RenderLayer::collectLayers):
(WebCore::RenderLayer::removeSelfAndDescendantsFromCompositor): Deleted.
* Source/WebCore/rendering/RenderLayer.h:
Canonical link: https://commits.webkit.org/282879@main
Canonical link: https://commits.webkit.org/280938.291@safari-7619-branch
Commit: e4447a2be005a8a9ae0afaed1f7bb9f92b8ed797
https://github.com/WebKit/WebKit/commit/e4447a2be005a8a9ae0afaed1f7bb9f92b8ed797
Author: connorpobrien <cobrien22 at apple.com>
Date: 2024-08-30 (Fri, 30 Aug 2024)
Changed paths:
M Source/WTF/wtf/SystemTracing.h
M Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp
M Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.h
M Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteScrollingCoordinatorProxyMac.mm
Log Message:
-----------
Cherry-pick 30a58f4978a9. rdar://133582534
WebKit Should Emit Signposts During Scrolling Performance Testing
https://bugs.webkit.org/show_bug.cgi?id=277894
rdar://133582534
Reviewed by Simon Fraser.
This change adds signpost logging during scrolling performance testing.
* Source/WTF/wtf/SystemTracing.h:
* Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:
(WebKit::RemoteLayerTreeEventDispatcher::handleWheelEvent):
(WebKit::RemoteLayerTreeEventDispatcher::startFingerDownSignpostInterval):
(WebKit::RemoteLayerTreeEventDispatcher::endFingerDownSignpostInterval):
(WebKit::RemoteLayerTreeEventDispatcher::startMomentumSignpostInterval):
(WebKit::RemoteLayerTreeEventDispatcher::endMomentumSignpostInterval):
(WebKit::RemoteLayerTreeEventDispatcher::handleSyntheticWheelEvent):
(WebKit::RemoteLayerTreeEventDispatcher::didStartRubberbanding):
* Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.h:
* Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteScrollingCoordinatorProxyMac.mm:
(WebKit::RemoteScrollingCoordinatorProxyMac::setRubberBandingInProgressForNode):
Canonical link: https://commits.webkit.org/282437@main
Canonical link: https://commits.webkit.org/280938.292@safari-7619-branch
Commit: 8cb5e97761b4599fdb69be080557cc123d6f955b
https://github.com/WebKit/WebKit/commit/8cb5e97761b4599fdb69be080557cc123d6f955b
Author: Andy Estes <aestes at apple.com>
Date: 2024-08-30 (Fri, 30 Aug 2024)
Changed paths:
M Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.h
M Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.mm
M Source/WebKit/Platform/ios/VideoPresentationInterfaceLMK.mm
M Source/WebKit/UIProcess/Cocoa/VideoPresentationManagerProxy.mm
M Source/WebKit/UIProcess/WebPageProxy.cpp
Log Message:
-----------
Cherry-pick 8da9da634316. rdar://134982020
[visionOS] Environment docking may fail if a video's src changes while in element fullscreen
https://bugs.webkit.org/show_bug.cgi?id=278004
rdar://130920037
Reviewed by Eric Carlson.
When a video's src (or srcObject) changes a new WebAVPlayerLayer will be created in the UI process,
removing the previous layer. VideoPresentationManagerProxy::removeClientForContext is called when
the old layer is removed, which invalidates and removes the video presentation model and interface
associated with the video element's context ID. When VideoPresentationInterfaceLMK is invalidated
it removes its LMPlayableViewController, even though an environment picker button owned by that
now-deallocated view controller may be presented in WKFullScreenViewController if the video is part
of an element fullscreen presentation. If the user were to tap that button and choose an
environment then docking would not occur since the LMPlayzableViewController and its associated
playable object no longer exist.
VideoPresentationInterfaceLMK attempted to account for this during invalidation by calling
VideoPresentationModel::didCleanupFullscreen(), which would ultimately call
-[WKFullScreenViewController configureEnvironmentPickerButtonView], re-creating a new video
presentation interface, LMPlayableViewController, playable object, and environment picker button if
the video was still in an element fullscreen presentation. While this re-creation did happen after
some forms of invalidation (e.g., when undocking and returning to element fullscreen) it did *not*
happen when a video layer changed because in VideoPresentationManagerProxy::removeClientForContext
the video presentation model had already been removed from the interface by the time
VideoPresentationInterface::invalidate was called.
To account ensure that a valid environment picker button is displayed in this case, this change
calls WebPageProxy::didCleanupFullscreen explicitly in VideoPresentationManagerProxy::removeClientForContext.
Also added additional logging to help diagnose bugs like this in the future.
* Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.h:
* Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.mm:
(WebCore::VideoPresentationInterfaceIOS::cleanupFullscreen):
* Source/WebKit/Platform/ios/VideoPresentationInterfaceLMK.mm:
(WebKit::VideoPresentationInterfaceLMK::invalidatePlayerViewController):
(WebKit::VideoPresentationInterfaceLMK::ensurePlayableViewController):
* Source/WebKit/UIProcess/Cocoa/VideoPresentationManagerProxy.mm:
(WebKit::VideoPresentationManagerProxy::removeClientForContext):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::didCleanupFullscreen):
Canonical link: https://commits.webkit.org/282176@main
Canonical link: https://commits.webkit.org/280938.293@safari-7619-branch
Commit: ebed63d429578ed1e694f293b07081d48c3fbd27
https://github.com/WebKit/WebKit/commit/ebed63d429578ed1e694f293b07081d48c3fbd27
Author: Youenn Fablet <youenn at apple.com>
Date: 2024-08-30 (Fri, 30 Aug 2024)
Changed paths:
M Source/WebKit/GPUProcess/webrtc/LibWebRTCCodecsProxy.h
M Source/WebKit/GPUProcess/webrtc/LibWebRTCCodecsProxy.messages.in
M Source/WebKit/GPUProcess/webrtc/LibWebRTCCodecsProxy.mm
M Source/WebKit/WebProcess/GPU/media/RemoteVideoCodecFactory.cpp
M Source/WebKit/WebProcess/GPU/webrtc/LibWebRTCCodecs.cpp
M Source/WebKit/WebProcess/GPU/webrtc/LibWebRTCCodecs.h
Log Message:
-----------
Cherry-pick 2aac5e612cb7. rdar://131676522
RemoteVideoDecoder::decode callback should be executed once the decoding task is submitted to the remote decoder
rdar://131676522
https://bugs.webkit.org/show_bug.cgi?id=278653
Reviewed by Ryan Reno.
WebCodecsVideoDecoder is taking a pending activity everytime it calls RemoteVideoDecoder::decode.
The intent is to prevent the output callback to get collected.
This works fine if the output callback is called before the completion handler given to RemoteVideoDecoder::decode.
Before the patch, RemoteVideoDecoder::decode would call the callback synchronously, defeating the output callback GC protection.
On GPU process, we call the decode callback anytime we get a new video frame, or if a decoding error happens.
The one case that is not well handled currently is if the reorder size is above 0.
In that case, we may end up with frames in the reorder queue, thus decode callbacks not being called.
This might trigger a leak if the JS is not either flushing or providing a key frame.
We will work on this in a further patch, as it requires some additional refactoring (to move reordering from libwebrtc to WebKit code in particular).
Covered by imported/w3c/web-platform-tests/webcodecs/videoDecoder-codec-specific.https.any.html not crashing.
* Source/WebKit/GPUProcess/webrtc/LibWebRTCCodecsProxy.h:
* Source/WebKit/GPUProcess/webrtc/LibWebRTCCodecsProxy.messages.in:
* Source/WebKit/GPUProcess/webrtc/LibWebRTCCodecsProxy.mm:
(WebKit::LibWebRTCCodecsProxy::stopListeningForIPC):
(WebKit::LibWebRTCCodecsProxy::createDecoderCallback):
(WebKit::LibWebRTCCodecsProxy::createDecoder):
(WebKit::LibWebRTCCodecsProxy::releaseDecoder):
(WebKit::LibWebRTCCodecsProxy::notifyDecoderResult):
* Source/WebKit/WebProcess/GPU/media/RemoteVideoCodecFactory.cpp:
(WebKit::RemoteVideoDecoder::decode):
* Source/WebKit/WebProcess/GPU/webrtc/LibWebRTCCodecs.cpp:
(WebKit::decodeVideoFrame):
(WebKit::LibWebRTCCodecs::sendFrameToDecode):
(WebKit::LibWebRTCCodecs::decodeFrame):
(WebKit::LibWebRTCCodecs::setDecoderConnection):
(WebKit::sendFrameToDecode): Deleted.
* Source/WebKit/WebProcess/GPU/webrtc/LibWebRTCCodecs.h:
Canonical link: https://commits.webkit.org/282781@main
Canonical link: https://commits.webkit.org/280938.294@safari-7619-branch
Commit: d090f5fec1868447644c698add6eb3c63d47817e
https://github.com/WebKit/WebKit/commit/d090f5fec1868447644c698add6eb3c63d47817e
Author: Tim Horton <thorton at apple.com>
Date: 2024-08-30 (Fri, 30 Aug 2024)
Changed paths:
M Source/WebKit/Shared/RemoteLayerTree/DynamicContentScalingImageBufferBackend.mm
Log Message:
-----------
Cherry-pick 271050047420. rdar://134994611
Improve unexpected DCS ports array logging reliability
https://bugs.webkit.org/show_bug.cgi?id=278901
rdar://134994611
Reviewed by Abrar Rahman Protyasha.
* Source/WebKit/Shared/RemoteLayerTree/DynamicContentScalingImageBufferBackend.mm:
(WebKit::DynamicContentScalingImageBufferBackend::createBackendHandle const):
Adopt CRASH_WITH_INFO to improve the reliability of collection of the offending class name.
Canonical link: https://commits.webkit.org/282979@main
Canonical link: https://commits.webkit.org/280938.295@safari-7619-branch
Commit: a07fcb75beeab4b6abbc646b6afdca3534b4ba24
https://github.com/WebKit/WebKit/commit/a07fcb75beeab4b6abbc646b6afdca3534b4ba24
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-08-30 (Fri, 30 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm
Log Message:
-----------
Cherry-pick 6fcacfb6a77a. rdar://134624486
[Writing Tools] Upstream support for providing animations SPI
https://bugs.webkit.org/show_bug.cgi?id=278607
rdar://134624486
Reviewed by Abrar Rahman Protyasha.
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _enableSourceTextAnimationAfterElementWithID:]):
(-[WKWebView _enableFinalTextAnimationForElementWithID:]):
(-[WKWebView _disableTextAnimationWithUUID:]):
(-[WKWebView _enableTextIndicatorStylingAfterElementWithID:]): Deleted.
(-[WKWebView _enableTextIndicatorStylingForElementWithID:]): Deleted.
(-[WKWebView _disableTextIndicatorStylingWithUUID:]): Deleted.
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm:
(TEST(WritingTools, TransparencyMarkersUsingWKWebViewSPI)):
Canonical link: https://commits.webkit.org/282751@main
Canonical link: https://commits.webkit.org/280938.296@safari-7619-branch
Commit: f7dbb440f0b7155823fddacf847e065cbae61363
https://github.com/WebKit/WebKit/commit/f7dbb440f0b7155823fddacf847e065cbae61363
Author: Andy Estes <aestes at apple.com>
Date: 2024-08-30 (Fri, 30 Aug 2024)
Changed paths:
M Source/WTF/wtf/PlatformHave.h
Log Message:
-----------
Cherry-pick 78f72ab7d0ad. rdar://134298669
[iOSMac] Enable AVPictureInPicturePlayerLayerView
https://bugs.webkit.org/show_bug.cgi?id=278658
rdar://134298669
Reviewed by Wenson Hsieh.
Enabled AVPictureInPicturePlayerLayerView on Mac Catalyst.
* Source/WTF/wtf/PlatformHave.h:
* Source/WebCore/page/Page.cpp:
(WebCore::Page::setMuted): Drive-by fixed a Mac Catalyst build error in engineering builds.
Canonical link: https://commits.webkit.org/282764@main
Canonical link: https://commits.webkit.org/280938.297@safari-7619-branch
Commit: f146ecaa595fd3a0759f40c01079559e8a5a4efe
https://github.com/WebKit/WebKit/commit/f146ecaa595fd3a0759f40c01079559e8a5a4efe
Author: Abrar Rahman Protyasha <a_protyasha at apple.com>
Date: 2024-08-30 (Fri, 30 Aug 2024)
Changed paths:
M Source/WTF/wtf/PlatformHave.h
M Source/WebKit/Platform/spi/ios/UIKitSPI.h
M Source/WebKit/UIProcess/ios/WKContentView.mm
Log Message:
-----------
Cherry-pick 4ddf0bdcbfb1. rdar://132918882
Cherry-pick 4bc804e0cef0. rdar://132918882
[iPadOS] Unable to keyboard scroll until interacting with a webpage
https://bugs.webkit.org/show_bug.cgi?id=278097
rdar://132918882
Reviewed by Wenson Hsieh.
This patch attempts to re-land 281001 at main, after addressing upstream
platform issues tracked by rdar://133501552 and rdar://133773329,
respectively.
```
Since WKContentView conforms to UIKeyInput, the focus system treats
it as a text field and defers making it the focused item. This causes
the undesirable effect of having to interact with the webpage before
keyboard scroll takes effect.
Instead, in this PR, we opt out of focus deferral. This maintains our
existing behavior of immediately gain focus. We achieve this by
returning UIFocusItemDeferralModeNever for WKContentView's focus item
deferral mode.
```
* Source/WTF/wtf/PlatformHave.h:
* Source/WebKit/Platform/spi/ios/UIKitSPI.h:
* Source/WebKit/UIProcess/ios/WKContentView.mm:
(-[WKContentView focusItemDeferralMode]):
Canonical link: https://commits.webkit.org/282736@main
Canonical link: https://commits.webkit.org/280938.298@safari-7619-branch
Commit: 6929fc3b0e74e1bacb0f5a9b1eccfead0ef3efce
https://github.com/WebKit/WebKit/commit/6929fc3b0e74e1bacb0f5a9b1eccfead0ef3efce
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2024-08-30 (Fri, 30 Aug 2024)
Changed paths:
M Source/WTF/wtf/ObjectIdentifier.h
M Source/WebCore/Headers.cmake
M Source/WebCore/WebCore.xcodeproj/project.pbxproj
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/DocumentLoader.h
M Source/WebCore/loader/EmptyClients.cpp
M Source/WebCore/loader/EmptyFrameLoaderClient.h
M Source/WebCore/loader/FrameLoaderClient.h
M Source/WebCore/loader/LocalFrameLoaderClient.h
A Source/WebCore/loader/NavigationIdentifier.h
M Source/WebCore/loader/PolicyChecker.cpp
M Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp
M Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h
M Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.serialization.in
M Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
M Source/WebKit/Scripts/webkit/messages.py
M Source/WebKit/Scripts/webkit/tests/MessageArgumentDescriptions.cpp
M Source/WebKit/Shared/GoToBackForwardItemParameters.h
M Source/WebKit/Shared/GoToBackForwardItemParameters.serialization.in
M Source/WebKit/Shared/LoadParameters.h
M Source/WebKit/Shared/LoadParameters.serialization.in
M Source/WebKit/Shared/NavigationActionData.h
M Source/WebKit/Shared/NavigationActionData.serialization.in
M Source/WebKit/Shared/PolicyDecision.h
M Source/WebKit/Shared/PolicyDecision.serialization.in
M Source/WebKit/Shared/WTFArgumentCoders.serialization.in
M Source/WebKit/UIProcess/API/APINavigation.cpp
M Source/WebKit/UIProcess/API/APINavigation.h
M Source/WebKit/UIProcess/Cocoa/NavigationState.mm
M Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
M Source/WebKit/UIProcess/Network/NetworkProcessProxy.h
M Source/WebKit/UIProcess/Network/NetworkProcessProxy.messages.in
M Source/WebKit/UIProcess/PageLoadState.h
M Source/WebKit/UIProcess/ProvisionalPageProxy.cpp
M Source/WebKit/UIProcess/ProvisionalPageProxy.h
M Source/WebKit/UIProcess/RemotePageProxy.cpp
M Source/WebKit/UIProcess/RemotePageProxy.h
M Source/WebKit/UIProcess/SuspendedPageProxy.cpp
M Source/WebKit/UIProcess/SuspendedPageProxy.h
M Source/WebKit/UIProcess/WebFrameProxy.cpp
M Source/WebKit/UIProcess/WebFrameProxy.h
M Source/WebKit/UIProcess/WebNavigationState.cpp
M Source/WebKit/UIProcess/WebNavigationState.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebPageProxy.messages.in
M Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.h
M Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.h
M Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.h
M Source/WebKit/WebProcess/WebPage/WebFrame.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Source/WebKit/WebProcess/WebPage/WebPage.messages.in
M Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.h
M Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.mm
Log Message:
-----------
Cherry-pick 31ed91558aa7. rdar://134982005
Update NavigationID to use a strongly-typed identifier
https://bugs.webkit.org/show_bug.cgi?id=278026
Reviewed by Ryosuke Niwa.
Update NavigationID to use a strongly-typed identifier instead of a uint64_t,
as per as safe coding guidelines.
* Source/WTF/wtf/ObjectIdentifier.h:
(WTF::ObjectIdentifierGeneric::asOptional const):
* Source/WebCore/WebCore.xcodeproj/project.pbxproj:
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::detachFromFrame):
(WebCore::DocumentLoader::setNavigationID):
* Source/WebCore/loader/DocumentLoader.h:
(WebCore::DocumentLoader::navigationID const):
* Source/WebCore/loader/EmptyClients.cpp:
(WebCore::EmptyFrameLoaderClient::dispatchDecidePolicyForNavigationAction):
* Source/WebCore/loader/EmptyFrameLoaderClient.h:
* Source/WebCore/loader/FrameLoaderClient.h:
* Source/WebCore/loader/LocalFrameLoaderClient.h:
* Source/WebCore/loader/NavigationIdentifier.h: Copied from Source/WebCore/loader/FrameLoaderClient.h.
* Source/WebCore/loader/PolicyChecker.cpp:
(WebCore::PolicyChecker::checkNavigationPolicy):
* Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp:
(WebKit::NetworkResourceLoadParameters::NetworkResourceLoadParameters):
* Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h:
* Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.serialization.in:
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::sendDidReceiveResponsePotentiallyInNewBrowsingContextGroup):
* Source/WebKit/Scripts/webkit/messages.py:
(serialized_identifiers):
* Source/WebKit/Shared/GoToBackForwardItemParameters.h:
* Source/WebKit/Shared/GoToBackForwardItemParameters.serialization.in:
* Source/WebKit/Shared/LoadParameters.h:
* Source/WebKit/Shared/LoadParameters.serialization.in:
* Source/WebKit/Shared/NavigationActionData.h:
* Source/WebKit/Shared/NavigationActionData.serialization.in:
* Source/WebKit/Shared/PolicyDecision.h:
* Source/WebKit/Shared/PolicyDecision.serialization.in:
* Source/WebKit/Shared/WTFArgumentCoders.serialization.in:
* Source/WebKit/UIProcess/API/APINavigation.cpp:
(API::Navigation::Navigation):
* Source/WebKit/UIProcess/API/APINavigation.h:
(API::Navigation::create):
(API::Navigation::navigationID const):
* Source/WebKit/UIProcess/Cocoa/NavigationState.mm:
(WebKit::NavigationState::NavigationClient::didSameDocumentNavigation):
* Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::triggerBrowsingContextGroupSwitchForNavigation):
* Source/WebKit/UIProcess/Network/NetworkProcessProxy.h:
* Source/WebKit/UIProcess/Network/NetworkProcessProxy.messages.in:
* Source/WebKit/UIProcess/PageLoadState.h:
* Source/WebKit/UIProcess/ProvisionalPageProxy.cpp:
(WebKit::ProvisionalPageProxy::validateInput):
(WebKit::ProvisionalPageProxy::didStartProvisionalLoadForFrame):
(WebKit::ProvisionalPageProxy::didFailProvisionalLoadForFrame):
(WebKit::ProvisionalPageProxy::didCommitLoadForFrame):
(WebKit::ProvisionalPageProxy::didChangeProvisionalURLForFrame):
(WebKit::ProvisionalPageProxy::decidePolicyForResponse):
(WebKit::ProvisionalPageProxy::didReceiveServerRedirectForProvisionalLoadForFrame):
(WebKit::ProvisionalPageProxy::didDestroyNavigation):
* Source/WebKit/UIProcess/ProvisionalPageProxy.h:
(WebKit::ProvisionalPageProxy::navigationID const):
* Source/WebKit/UIProcess/RemotePageProxy.cpp:
(WebKit::RemotePageProxy::decidePolicyForResponse):
(WebKit::RemotePageProxy::didCommitLoadForFrame):
(WebKit::RemotePageProxy::didFailProvisionalLoadForFrame):
(WebKit::RemotePageProxy::didStartProvisionalLoadForFrame):
(WebKit::RemotePageProxy::didChangeProvisionalURLForFrame):
* Source/WebKit/UIProcess/RemotePageProxy.h:
* Source/WebKit/UIProcess/SuspendedPageProxy.cpp:
(WebKit::SuspendedPageProxy::didDestroyNavigation):
* Source/WebKit/UIProcess/SuspendedPageProxy.h:
* Source/WebKit/UIProcess/WebFrameProxy.cpp:
(WebKit::WebFrameProxy::commitProvisionalFrame):
* Source/WebKit/UIProcess/WebFrameProxy.h:
* Source/WebKit/UIProcess/WebNavigationState.cpp:
(WebKit::WebNavigationState::createLoadRequestNavigation):
(WebKit::WebNavigationState::createBackForwardNavigation):
(WebKit::WebNavigationState::createReloadNavigation):
(WebKit::WebNavigationState::createLoadDataNavigation):
(WebKit::WebNavigationState::createSimulatedLoadWithDataNavigation):
(WebKit::WebNavigationState::navigation):
(WebKit::WebNavigationState::takeNavigation):
(WebKit::WebNavigationState::didDestroyNavigation):
(WebKit::WebNavigationState::clearNavigationsFromProcess):
* Source/WebKit/UIProcess/WebNavigationState.h:
(WebKit::WebNavigationState::hasNavigation const):
(WebKit::WebNavigationState::generateNavigationID): Deleted.
(): Deleted.
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::loadAlternateHTML):
(WebKit::WebPageProxy::receivedNavigationActionPolicyDecision):
(WebKit::WebPageProxy::receivedPolicyDecision):
(WebKit::WebPageProxy::receivedNavigationResponsePolicyDecision):
(WebKit::WebPageProxy::commitProvisionalPage):
(WebKit::WebPageProxy::continueNavigationInNewProcess):
(WebKit::WebPageProxy::didDestroyNavigation):
(WebKit::WebPageProxy::didDestroyNavigationShared):
(WebKit::WebPageProxy::didStartProvisionalLoadForFrame):
(WebKit::WebPageProxy::didStartProvisionalLoadForFrameShared):
(WebKit::WebPageProxy::didReceiveServerRedirectForProvisionalLoadForFrame):
(WebKit::WebPageProxy::didReceiveServerRedirectForProvisionalLoadForFrameShared):
(WebKit::WebPageProxy::didChangeProvisionalURLForFrame):
(WebKit::WebPageProxy::didChangeProvisionalURLForFrameShared):
(WebKit::WebPageProxy::didFailProvisionalLoadForFrame):
(WebKit::WebPageProxy::didFailProvisionalLoadForFrameShared):
(WebKit::WebPageProxy::didCommitLoadForFrame):
(WebKit::WebPageProxy::didFinishDocumentLoadForFrame):
(WebKit::WebPageProxy::didFinishLoadForFrame):
(WebKit::WebPageProxy::didFailLoadForFrame):
(WebKit::WebPageProxy::didSameDocumentNavigationForFrame):
(WebKit::WebPageProxy::decidePolicyForNavigationAction):
(WebKit::WebPageProxy::decidePolicyForResponse):
(WebKit::WebPageProxy::decidePolicyForResponseShared):
(WebKit::WebPageProxy::triggerBrowsingContextGroupSwitchForNavigation):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:
* Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::createWindow):
* Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::navigationActionData const):
(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction):
* Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.h:
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp:
(WebKit::WebLocalFrameLoaderClient::documentLoaderDetached):
(WebKit::WebLocalFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad):
(WebKit::WebLocalFrameLoaderClient::dispatchDidChangeProvisionalURL):
(WebKit::WebLocalFrameLoaderClient::didSameDocumentNavigationForFrameViaJSHistoryAPI):
(WebKit::WebLocalFrameLoaderClient::dispatchDidStartProvisionalLoad):
(WebKit::WebLocalFrameLoaderClient::dispatchDidCommitLoad):
(WebKit::WebLocalFrameLoaderClient::dispatchDidFailProvisionalLoad):
(WebKit::WebLocalFrameLoaderClient::dispatchDidFailLoad):
(WebKit::WebLocalFrameLoaderClient::dispatchDidFinishDocumentLoad):
(WebKit::WebLocalFrameLoaderClient::dispatchDidFinishLoad):
(WebKit::WebLocalFrameLoaderClient::dispatchDecidePolicyForResponse):
(WebKit::WebLocalFrameLoaderClient::dispatchDecidePolicyForNewWindowAction):
(WebKit::WebLocalFrameLoaderClient::dispatchDecidePolicyForNavigationAction):
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.h:
* Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.cpp:
(WebKit::WebRemoteFrameClient::dispatchDecidePolicyForNavigationAction):
* Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.h:
* Source/WebKit/WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::didReceivePolicyDecision):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::loadRequest):
(WebKit::WebPage::loadDataImpl):
(WebKit::WebPage::loadData):
(WebKit::WebPage::reload):
(WebKit::WebPage::goToBackForwardItem):
(WebKit::WebPage::didSameDocumentNavigationForFrame):
(WebKit::WebPage::createDocumentLoader):
(WebKit::WebPage::updateCachedDocumentLoader):
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:
* Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.h:
* Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.mm:
(WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction):
Canonical link: https://commits.webkit.org/282273@main
Canonical link: https://commits.webkit.org/280938.299@safari-7619-branch
Commit: 4c7bf8cca700bd62fd16ae27d55c92398374933e
https://github.com/WebKit/WebKit/commit/4c7bf8cca700bd62fd16ae27d55c92398374933e
Author: Youenn Fablet <youenn at apple.com>
Date: 2024-08-30 (Fri, 30 Aug 2024)
Changed paths:
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
Log Message:
-----------
Cherry-pick 975fa073536d. rdar://130691389
Take a background assertion for processes having muted capture
rdar://130691389
https://bugs.webkit.org/show_bug.cgi?id=278560
Reviewed by Chris Dumez.
When a process has muted capture, it may get quickly suspended.
This for instance happens when switching to another tab in Safari.
This also happens for any WKWebView application that will go to the background, even though the WKWebView application may not get suspended.
We now take a background assertion for any web process that has muted capture.
This will ensure that the web process does not get suspended, as long as the UIProcess is not suspended.
This assertion will not delay UIProcess suspension, contrary to the past incarnation of this patch.
Manually tested by observing that a WebRTC connection continues sending black frames in a backgrounded tab on iOS.
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::updateThrottleState):
* Source/WebKit/UIProcess/WebPageProxy.h:
Canonical link: https://commits.webkit.org/282845@main
Canonical link: https://commits.webkit.org/280938.300@safari-7619-branch
Commit: 330afd77c0c6721c02a4673e6896f9ad3baa61c5
https://github.com/WebKit/WebKit/commit/330afd77c0c6721c02a4673e6896f9ad3baa61c5
Author: Youenn Fablet <youenn at apple.com>
Date: 2024-08-30 (Fri, 30 Aug 2024)
Changed paths:
M Source/WebCore/Modules/webcodecs/WebCodecsAudioDecoder.cpp
M Source/WebCore/Modules/webcodecs/WebCodecsAudioDecoder.h
M Source/WebCore/Modules/webcodecs/WebCodecsAudioEncoder.cpp
M Source/WebCore/Modules/webcodecs/WebCodecsAudioEncoder.h
A Source/WebCore/Modules/webcodecs/WebCodecsBaseClass.h
M Source/WebCore/Modules/webcodecs/WebCodecsVideoDecoder.cpp
M Source/WebCore/Modules/webcodecs/WebCodecsVideoDecoder.h
M Source/WebCore/Modules/webcodecs/WebCodecsVideoEncoder.cpp
M Source/WebCore/Modules/webcodecs/WebCodecsVideoEncoder.h
M Source/WebCore/WebCore.xcodeproj/project.pbxproj
Log Message:
-----------
Cherry-pick 884664eacfb9. rdar://134917736
WebCodecs decode/encode/flush callbacks should not take a pending activity
https://bugs.webkit.org/show_bug.cgi?id=278849
rdar://134917736
Reviewed by Jean-Yves Avenard.
The WebCodecs decode/encode/flush callbacks are not guaranteed to be called and may be destroyed in a different thread than the thread they were created on.
We should therefore not take a pending activity as it is ref counted.
Instead, we introduce a WebCodecsBaseClass and a pending activity counter which is thread safe.
We take a ref to this counter in the callbacks and use the counter in virtualHasPendingActivity.
* Source/WebCore/Modules/webcodecs/WebCodecsAudioDecoder.cpp:
(WebCore::WebCodecsAudioDecoder::decode):
(WebCore::WebCodecsAudioDecoder::flush):
(WebCore::WebCodecsAudioDecoder::virtualHasPendingActivity const):
* Source/WebCore/Modules/webcodecs/WebCodecsAudioDecoder.h:
* Source/WebCore/Modules/webcodecs/WebCodecsAudioEncoder.cpp:
(WebCore::WebCodecsAudioEncoder::configure):
(WebCore::WebCodecsAudioEncoder::encode):
(WebCore::WebCodecsAudioEncoder::flush):
(WebCore::WebCodecsAudioEncoder::virtualHasPendingActivity const):
* Source/WebCore/Modules/webcodecs/WebCodecsAudioEncoder.h:
* Source/WebCore/Modules/webcodecs/WebCodecsBaseClass.h: Added.
(WebCore::WebCodecsBaseClass::PendingActivityCounter::create):
(WebCore::WebCodecsBaseClass::WebCodecsBaseClass):
(WebCore::WebCodecsBaseClass::takePendingWebCodecActivity):
(WebCore::WebCodecsBaseClass::hasPendingWebCodecActivity const):
* Source/WebCore/Modules/webcodecs/WebCodecsVideoDecoder.cpp:
(WebCore::WebCodecsVideoDecoder::decode):
(WebCore::WebCodecsVideoDecoder::flush):
(WebCore::WebCodecsVideoDecoder::virtualHasPendingActivity const):
* Source/WebCore/Modules/webcodecs/WebCodecsVideoDecoder.h:
* Source/WebCore/Modules/webcodecs/WebCodecsVideoEncoder.cpp:
(WebCore::WebCodecsVideoEncoder::configure):
(WebCore::WebCodecsVideoEncoder::encode):
(WebCore::WebCodecsVideoEncoder::flush):
(WebCore::WebCodecsVideoEncoder::virtualHasPendingActivity const):
* Source/WebCore/Modules/webcodecs/WebCodecsVideoEncoder.h:
* Source/WebCore/WebCore.xcodeproj/project.pbxproj:
Canonical link: https://commits.webkit.org/282895@main
Canonical link: https://commits.webkit.org/280938.301@safari-7619-branch
Commit: eb7a0386fc8e2031d64ee1ddd642d20f95809e09
https://github.com/WebKit/WebKit/commit/eb7a0386fc8e2031d64ee1ddd642d20f95809e09
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2024-09-03 (Tue, 03 Sep 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7619.2.5
Canonical link: https://commits.webkit.org/280938.302@safari-7619-branch
Commit: c54b231c174f6dc1b678157fe7e5326eafdb8d10
https://github.com/WebKit/WebKit/commit/c54b231c174f6dc1b678157fe7e5326eafdb8d10
Author: Kiet Ho <tho22 at apple.com>
Date: 2024-09-03 (Tue, 03 Sep 2024)
Changed paths:
M Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp
M Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.h
Log Message:
-----------
delayedRenderingUpdateDetectionTimer should hold a weak pointer to the current RemoteLayerTreeEventDispatcher
https://bugs.webkit.org/show_bug.cgi?id=278943
rdar://133813795
Reviewed by Simon Fraser.
m_delayedRenderingUpdateDetectionTimer invokes
RemoteLayerTreeEventDispatcher::delayedRenderingUpdateDetectionTimerFired
on the current RemoteLayerTreeEventDispatcher object (`this`) when fired. However,
a race condition between when the timer is fired and when `this` is destroyed
can lead to a use-after-free:
1. RemoteLayerTreeEventDispatcherDisplayLinkClient::displayLinkFired is called
on the display link callback thread.
2. Previous method dispatch calls to RemoteLayerTreeEventDispatcher::didRefreshDisplay
in the scrolling thread. Once in the scrolling thread, it calls
RemoteLayerTreeEventDispatcher::scheduleDelayedRenderingUpdateDetectionTimer,
which schedules a one-shot timer to call
RemoteLayerTreeEventDispatcher::delayedRenderingUpdateDetectionTimerFired
within the context of `this`. The timer runs on the same thread as the
thread where it's scheduled - that is, the scrolling thread.
3. The timer is fired and RemoteLayerTreeEventDispatcher::delayedRenderingUpdateDetectionTimerFired
is called in the scrolling thread.
4. Just after the timer is fired and before the method accesses `this`, `this` is
destroyed in another thread.
5. In the scrolling thread, RemoteLayerTreeEventDispatcher::delayedRenderingUpdateDetectionTimerFired
executes without knowing `this` is destroyed. Eventually it accesses one of its
member and causes a UAF.
Fix this by making the timer function hold a weak pointer to `this`.
When fired, it checks if the weak pointer is still valid before using it.
Due to the race condition nature, the original fuzzer test case is flaky,
hence no tests.
* Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:
(WebKit::RemoteLayerTreeEventDispatcher::scheduleDelayedRenderingUpdateDetectionTimer):
Make the timer function hold a weak pointer to `this`.
* Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.h:
Canonical link: https://commits.webkit.org/280938.303@safari-7619-branch
Commit: f27c5d5f036881101fd64f0ada6dc8fee77b1fee
https://github.com/WebKit/WebKit/commit/f27c5d5f036881101fd64f0ada6dc8fee77b1fee
Author: Rupin Mittal <rupin at apple.com>
Date: 2024-09-04 (Wed, 04 Sep 2024)
Changed paths:
M LayoutTests/inspector/indexeddb/clearObjectStore-expected.txt
M LayoutTests/inspector/indexeddb/clearObjectStore.html
M LayoutTests/inspector/indexeddb/requestData-expected.txt
M LayoutTests/inspector/indexeddb/requestData.html
M LayoutTests/inspector/indexeddb/requestDatabase.html
M Source/WebCore/Headers.cmake
A Source/WebCore/Modules/indexeddb/IDBObjectStoreIdentifier.h
M Source/WebCore/Modules/indexeddb/IDBRequest.cpp
M Source/WebCore/Modules/indexeddb/IDBRequest.h
M Source/WebCore/Modules/indexeddb/IDBTransaction.cpp
M Source/WebCore/Modules/indexeddb/IDBTransaction.h
M Source/WebCore/Modules/indexeddb/client/IDBConnectionProxy.cpp
M Source/WebCore/Modules/indexeddb/client/IDBConnectionProxy.h
M Source/WebCore/Modules/indexeddb/client/IDBConnectionToServer.cpp
M Source/WebCore/Modules/indexeddb/client/IDBConnectionToServer.h
M Source/WebCore/Modules/indexeddb/client/IDBConnectionToServerDelegate.h
M Source/WebCore/Modules/indexeddb/client/TransactionOperation.h
M Source/WebCore/Modules/indexeddb/server/IDBBackingStore.h
M Source/WebCore/Modules/indexeddb/server/IDBServer.cpp
M Source/WebCore/Modules/indexeddb/server/IDBServer.h
M Source/WebCore/Modules/indexeddb/server/MemoryIDBBackingStore.cpp
M Source/WebCore/Modules/indexeddb/server/MemoryIDBBackingStore.h
M Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp
M Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.h
M Source/WebCore/Modules/indexeddb/server/SQLiteIDBCursor.cpp
M Source/WebCore/Modules/indexeddb/server/SQLiteIDBCursor.h
M Source/WebCore/Modules/indexeddb/server/SQLiteIDBTransaction.cpp
M Source/WebCore/Modules/indexeddb/server/SQLiteIDBTransaction.h
M Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp
M Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h
M Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp
M Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h
M Source/WebCore/Modules/indexeddb/shared/IDBCursorInfo.cpp
M Source/WebCore/Modules/indexeddb/shared/IDBCursorInfo.h
M Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.cpp
M Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.h
M Source/WebCore/Modules/indexeddb/shared/IDBGetAllRecordsData.h
M Source/WebCore/Modules/indexeddb/shared/IDBIndexInfo.cpp
M Source/WebCore/Modules/indexeddb/shared/IDBIndexInfo.h
M Source/WebCore/Modules/indexeddb/shared/IDBObjectStoreInfo.cpp
M Source/WebCore/Modules/indexeddb/shared/IDBObjectStoreInfo.h
M Source/WebCore/Modules/indexeddb/shared/IDBRequestData.cpp
M Source/WebCore/Modules/indexeddb/shared/IDBRequestData.h
M Source/WebCore/WebCore.xcodeproj/project.pbxproj
M Source/WebCore/loader/EmptyClients.cpp
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.h
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.messages.in
M Source/WebKit/Scripts/webkit/messages.py
M Source/WebKit/Scripts/webkit/tests/MessageArgumentDescriptions.cpp
M Source/WebKit/Shared/WTFArgumentCoders.serialization.in
M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
M Source/WebKit/WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp
M Source/WebKit/WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.h
M Source/WebKitLegacy/Storage/InProcessIDBServer.cpp
M Source/WebKitLegacy/Storage/InProcessIDBServer.h
Log Message:
-----------
Use ObjectIdentifier for IDBObjectStore IDs instead of uint64_t
https://bugs.webkit.org/show_bug.cgi?id=278602
rdar://134411784
Reviewed by Sihui Liu.
As the radar (rdar://134411784) explains:
There are multiple NetworkStorageManager functions that recieve a
uint64_t objectStoreIdentifier as an ID for IDBObjectStore objects.
This objectStoreIdentifier is fully controlled by the WebContent
process which sets it and sends it to the Network process over IPC.
Some of these functions end up using this objectStoreIdentifier as a
key for a HashMap which can lead to memory corruption as shown in
rdar://130158277.
This patch fixes this problem by using a new type called
IDBObjectStoreIdentifier instead of uint64_t for the IDs of
IDBObjectStore objects. The identifier is held by IDBObjectStoreInfo.
Initially, this change caused three tests (requestData.html,
requestDatabase.html, and clearObjectStore.html) to fail. It turns
out that these tests were retrieving ObjectStores using
IDBDatabaseInfo::ObjectStoreNames() and relying on the order of the
ObjectStores being the same every time. These ObjectStores are stored
in a HashMap and this function uses a for-each loop to iterate through
the HashMap and return the ObjectStore names. But HashMaps are not
ordered and so iteration through them does not occur in any guaranteed
order. Yet these tests were relying on this iteration occuring in the
same order each time. When the identifiers changed from uint64_t to
ObjectIdentifiers, the hashes for the ObjectStores changed, and
so the ObjectStores were returned in a different order--causing
the tests to fail. Expecting iteration through a HashMap to occur
in the same order each time is incorrect, so we fix this problem
by sorting the ObjectStores by name after they are returned. This
ensures the order is always what we expect and so the tests pass.
To clearly point out the issue in the code, we can look at
requestData.html. The test calls database.objectStores. This 'database'
is a DatabaseWithObjectStores object, which is a JSON object. We create
this object and give it an objectStores field in the execute() function
in DatabaseLoader in InspectorIndexedDBAgent.cpp. Here, we see that the
objectStores field is set using databaseInfo.objectStoreNames(). This is
where the HashMap is iterated. The test expects the iteration to return
the stores [emptyObjectStore, reviewersObjectStore, statsObjectStore] in
that specific order each time. But there is no guarantee that this will be
the iteration order. We fix this by getting the ObjectStores, sorting them,
and then using them so we can be sure that they're in this order. This code
logic is the same in requestDatabase.html and clearObjectStore.html as well.
* LayoutTests/inspector/indexeddb/clearObjectStore-expected.txt:
* LayoutTests/inspector/indexeddb/clearObjectStore.html:
* LayoutTests/inspector/indexeddb/requestData-expected.txt:
* LayoutTests/inspector/indexeddb/requestData.html:
* LayoutTests/inspector/indexeddb/requestDatabase.html:
* Source/WebCore/Headers.cmake:
* Source/WebCore/Modules/indexeddb/IDBObjectStoreIdentifier.h: Copied from Source/WebCore/Modules/indexeddb/shared/IDBGetAllRecordsData.h.
* Source/WebCore/Modules/indexeddb/IDBRequest.cpp:
(WebCore::IDBRequest::sourceObjectStoreIdentifier const):
* Source/WebCore/Modules/indexeddb/IDBRequest.h:
* Source/WebCore/Modules/indexeddb/IDBTransaction.cpp:
(WebCore::IDBTransaction::abortInternal):
(WebCore::IDBTransaction::renameObjectStore):
(WebCore::IDBTransaction::renameObjectStoreOnServer):
(WebCore::IDBTransaction::renameIndex):
(WebCore::IDBTransaction::renameIndexOnServer):
(WebCore::IDBTransaction::requestClearObjectStore):
(WebCore::IDBTransaction::clearObjectStoreOnServer):
(WebCore::IDBTransaction::deleteIndex):
(WebCore::IDBTransaction::deleteIndexOnServer):
* Source/WebCore/Modules/indexeddb/IDBTransaction.h:
* Source/WebCore/Modules/indexeddb/client/IDBConnectionProxy.cpp:
(WebCore::IDBClient::IDBConnectionProxy::renameObjectStore):
(WebCore::IDBClient::IDBConnectionProxy::renameIndex):
(WebCore::IDBClient::IDBConnectionProxy::clearObjectStore):
(WebCore::IDBClient::IDBConnectionProxy::deleteIndex):
* Source/WebCore/Modules/indexeddb/client/IDBConnectionProxy.h:
* Source/WebCore/Modules/indexeddb/client/IDBConnectionToServer.cpp:
(WebCore::IDBClient::IDBConnectionToServer::renameObjectStore):
(WebCore::IDBClient::IDBConnectionToServer::clearObjectStore):
(WebCore::IDBClient::IDBConnectionToServer::deleteIndex):
(WebCore::IDBClient::IDBConnectionToServer::renameIndex):
* Source/WebCore/Modules/indexeddb/client/IDBConnectionToServer.h:
* Source/WebCore/Modules/indexeddb/client/IDBConnectionToServerDelegate.h:
* Source/WebCore/Modules/indexeddb/client/TransactionOperation.h:
(WebCore::IDBClient::TransactionOperation::objectStoreIdentifier const):
* Source/WebCore/Modules/indexeddb/server/IDBBackingStore.h:
* Source/WebCore/Modules/indexeddb/server/IDBServer.cpp:
(WebCore::IDBServer::IDBServer::renameObjectStore):
(WebCore::IDBServer::IDBServer::clearObjectStore):
(WebCore::IDBServer::IDBServer::deleteIndex):
(WebCore::IDBServer::IDBServer::renameIndex):
* Source/WebCore/Modules/indexeddb/server/IDBServer.h:
* Source/WebCore/Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
(WebCore::IDBServer::MemoryIDBBackingStore::createObjectStore):
(WebCore::IDBServer::MemoryIDBBackingStore::deleteObjectStore):
(WebCore::IDBServer::MemoryIDBBackingStore::renameObjectStore):
(WebCore::IDBServer::MemoryIDBBackingStore::clearObjectStore):
(WebCore::IDBServer::MemoryIDBBackingStore::deleteIndex):
(WebCore::IDBServer::MemoryIDBBackingStore::renameIndex):
(WebCore::IDBServer::MemoryIDBBackingStore::keyExistsInObjectStore):
(WebCore::IDBServer::MemoryIDBBackingStore::deleteRange):
(WebCore::IDBServer::MemoryIDBBackingStore::getRecord):
(WebCore::IDBServer::MemoryIDBBackingStore::getIndexRecord):
(WebCore::IDBServer::MemoryIDBBackingStore::getCount):
(WebCore::IDBServer::MemoryIDBBackingStore::generateKeyNumber):
(WebCore::IDBServer::MemoryIDBBackingStore::revertGeneratedKeyNumber):
(WebCore::IDBServer::MemoryIDBBackingStore::maybeUpdateKeyGeneratorNumber):
(WebCore::IDBServer::MemoryIDBBackingStore::openCursor):
(WebCore::IDBServer::MemoryIDBBackingStore::takeObjectStoreByIdentifier):
(WebCore::IDBServer::MemoryIDBBackingStore::infoForObjectStore):
* Source/WebCore/Modules/indexeddb/server/MemoryIDBBackingStore.h:
* Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
(WebCore::IDBServer::SQLiteIDBBackingStore::migrateIndexInfoTableForIDUpdate):
(WebCore::IDBServer::SQLiteIDBBackingStore::migrateIndexRecordsTableForIDUpdate):
(WebCore::IDBServer::SQLiteIDBBackingStore::addExistingIndex):
(WebCore::IDBServer::SQLiteIDBBackingStore::extractExistingDatabaseInfo):
(WebCore::IDBServer::SQLiteIDBBackingStore::createObjectStore):
(WebCore::IDBServer::SQLiteIDBBackingStore::deleteObjectStore):
(WebCore::IDBServer::SQLiteIDBBackingStore::renameObjectStore):
(WebCore::IDBServer::SQLiteIDBBackingStore::clearObjectStore):
(WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
(WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedPutIndexRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::deleteIndex):
(WebCore::IDBServer::SQLiteIDBBackingStore::renameIndex):
(WebCore::IDBServer::SQLiteIDBBackingStore::keyExistsInObjectStore):
(WebCore::IDBServer::SQLiteIDBBackingStore::deleteRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::deleteRange):
(WebCore::IDBServer::SQLiteIDBBackingStore::updateAllIndexesForAddRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::getRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::getAllObjectStoreRecords):
(WebCore::IDBServer::SQLiteIDBBackingStore::getIndexRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedGetIndexRecordForOneKey):
(WebCore::IDBServer::SQLiteIDBBackingStore::getCount):
(WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedGetKeyGeneratorValue):
(WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedSetKeyGeneratorValue):
(WebCore::IDBServer::SQLiteIDBBackingStore::generateKeyNumber):
(WebCore::IDBServer::SQLiteIDBBackingStore::revertGeneratedKeyNumber):
(WebCore::IDBServer::SQLiteIDBBackingStore::maybeUpdateKeyGeneratorNumber):
(WebCore::IDBServer::SQLiteIDBBackingStore::infoForObjectStore):
* Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.h:
* Source/WebCore/Modules/indexeddb/server/SQLiteIDBCursor.cpp:
(WebCore::IDBServer::SQLiteIDBCursor::maybeCreateBackingStoreCursor):
(WebCore::IDBServer::SQLiteIDBCursor::SQLiteIDBCursor):
(WebCore::IDBServer::SQLiteIDBCursor::establishStatement):
(WebCore::IDBServer::SQLiteIDBCursor::internalFetchNextRecord):
* Source/WebCore/Modules/indexeddb/server/SQLiteIDBCursor.h:
(WebCore::IDBServer::SQLiteIDBCursor::objectStoreID const):
* Source/WebCore/Modules/indexeddb/server/SQLiteIDBTransaction.cpp:
(WebCore::IDBServer::SQLiteIDBTransaction::maybeOpenBackingStoreCursor):
(WebCore::IDBServer::SQLiteIDBTransaction::notifyCursorsOfChanges):
* Source/WebCore/Modules/indexeddb/server/SQLiteIDBTransaction.h:
* Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp:
(WebCore::IDBServer::UniqueIDBDatabase::renameObjectStore):
(WebCore::IDBServer::UniqueIDBDatabase::clearObjectStore):
(WebCore::IDBServer::UniqueIDBDatabase::deleteIndex):
(WebCore::IDBServer::UniqueIDBDatabase::renameIndex):
(WebCore::IDBServer::scopesOverlap):
(WebCore::IDBServer::UniqueIDBDatabase::takeNextRunnableTransaction):
* Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h:
* Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp:
(WebCore::IDBServer::UniqueIDBDatabaseTransaction::renameObjectStore):
(WebCore::IDBServer::UniqueIDBDatabaseTransaction::clearObjectStore):
(WebCore::IDBServer::UniqueIDBDatabaseTransaction::deleteIndex):
(WebCore::IDBServer::UniqueIDBDatabaseTransaction::renameIndex):
(WebCore::IDBServer::UniqueIDBDatabaseTransaction::objectStoreIdentifiers):
* Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h:
* Source/WebCore/Modules/indexeddb/shared/IDBCursorInfo.cpp:
(WebCore::IDBCursorInfo::objectStoreCursor):
(WebCore::IDBCursorInfo::indexCursor):
(WebCore::IDBCursorInfo::IDBCursorInfo):
* Source/WebCore/Modules/indexeddb/shared/IDBCursorInfo.h:
(WebCore::IDBCursorInfo::objectStoreIdentifier const):
* Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.cpp:
(WebCore::IDBDatabaseInfo::IDBDatabaseInfo):
(WebCore::IDBDatabaseInfo::createNewObjectStore):
(WebCore::IDBDatabaseInfo::addExistingObjectStore):
(WebCore::IDBDatabaseInfo::getInfoForExistingObjectStore):
(WebCore::IDBDatabaseInfo::infoForExistingObjectStore const):
(WebCore::IDBDatabaseInfo::infoForExistingObjectStore):
(WebCore::IDBDatabaseInfo::renameObjectStore):
(WebCore::IDBDatabaseInfo::deleteObjectStore):
* Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.h:
(WebCore::IDBDatabaseInfo::IDBDatabaseInfo):
(WebCore::IDBDatabaseInfo::objectStoreMap const):
* Source/WebCore/Modules/indexeddb/shared/IDBGetAllRecordsData.h:
* Source/WebCore/Modules/indexeddb/shared/IDBIndexInfo.cpp:
(WebCore::IDBIndexInfo::IDBIndexInfo):
* Source/WebCore/Modules/indexeddb/shared/IDBIndexInfo.h:
(WebCore::IDBIndexInfo::objectStoreIdentifier const):
(WTF::HashTraits<WebCore::IDBIndexInfo>::emptyValue):
* Source/WebCore/Modules/indexeddb/shared/IDBObjectStoreInfo.cpp:
(WebCore::IDBObjectStoreInfo::IDBObjectStoreInfo):
* Source/WebCore/Modules/indexeddb/shared/IDBObjectStoreInfo.h:
(WebCore::IDBObjectStoreInfo::IDBObjectStoreInfo):
(WebCore::IDBObjectStoreInfo::identifier const):
(WTF::HashTraits<WebCore::IDBObjectStoreInfo>::emptyValue):
* Source/WebCore/Modules/indexeddb/shared/IDBRequestData.cpp:
(WebCore::IDBRequestData::IDBRequestData):
(WebCore::IDBRequestData::objectStoreIdentifier const):
* Source/WebCore/Modules/indexeddb/shared/IDBRequestData.h:
* Source/WebCore/WebCore.xcodeproj/project.pbxproj:
* Source/WebCore/loader/EmptyClients.cpp:
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp:
(WebKit::NetworkStorageManager::renameObjectStore):
(WebKit::NetworkStorageManager::clearObjectStore):
(WebKit::NetworkStorageManager::deleteIndex):
(WebKit::NetworkStorageManager::renameIndex):
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.h:
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.messages.in:
* Source/WebKit/Scripts/webkit/messages.py:
(serialized_identifiers):
* Source/WebKit/Scripts/webkit/tests/MessageArgumentDescriptions.cpp:
(IPC::serializedIdentifiers):
* Source/WebKit/Shared/WTFArgumentCoders.serialization.in:
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
* Source/WebKit/WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:
(WebKit::WebIDBConnectionToServer::renameObjectStore):
(WebKit::WebIDBConnectionToServer::clearObjectStore):
(WebKit::WebIDBConnectionToServer::deleteIndex):
(WebKit::WebIDBConnectionToServer::renameIndex):
* Source/WebKit/WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.h:
* Source/WebKitLegacy/Storage/InProcessIDBServer.cpp:
(InProcessIDBServer::renameObjectStore):
(InProcessIDBServer::clearObjectStore):
(InProcessIDBServer::deleteIndex):
(InProcessIDBServer::renameIndex):
* Source/WebKitLegacy/Storage/InProcessIDBServer.h:
Canonical link: https://commits.webkit.org/280938.304@safari-7619-branch
Commit: a2e9a52e04f5a381c2abae2781a02d2a4eb709f1
https://github.com/WebKit/WebKit/commit/a2e9a52e04f5a381c2abae2781a02d2a4eb709f1
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-09-05 (Thu, 05 Sep 2024)
Changed paths:
M Source/WebCore/page/writing-tools/WritingToolsController.h
M Source/WebCore/page/writing-tools/WritingToolsController.mm
M Source/WebCore/testing/Internals.cpp
M Source/WebCore/testing/Internals.h
M Source/WebCore/testing/Internals.idl
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm
Log Message:
-----------
Cherry-pick f4b28e23dc40. rdar://133809455
[Writing Tools] Stylized text disappears when clicking on show original
https://bugs.webkit.org/show_bug.cgi?id=278573
rdar://133809455
Reviewed by Abrar Rahman Protyasha.
Persist the transparent document markers after a replacement occurs to ensure that they do not
erroneously get re-added after undo-ing as a result of "Show Original".
* Source/WebCore/page/writing-tools/WritingToolsController.h:
* Source/WebCore/page/writing-tools/WritingToolsController.mm:
(WebCore::WritingToolsController::showSelection const):
(WebCore::WritingToolsController::compositionSessionDidReceiveTextWithReplacementRangeAsync):
* Source/WebCore/testing/Internals.cpp:
(WebCore::Internals::hasTransparentContentMarker):
* Source/WebCore/testing/Internals.h:
* Source/WebCore/testing/Internals.idl:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm:
(TEST(WritingTools, CompositionShowOriginalHasNoTransparentMarkers)):
Canonical link: https://commits.webkit.org/282750@main
Canonical link: https://commits.webkit.org/280938.305@safari-7619-branch
Commit: 1072928b9a303bfc63c560efc5c5ef2d8a4a9cfa
https://github.com/WebKit/WebKit/commit/1072928b9a303bfc63c560efc5c5ef2d8a4a9cfa
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-09-05 (Thu, 05 Sep 2024)
Changed paths:
M Source/WebCore/page/ChromeClient.h
M Source/WebCore/page/writing-tools/WritingToolsController.mm
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm
Log Message:
-----------
Cherry-pick 4079ede8dbe5. rdar://132887398
[Writing Tools] Undoing (cmd + z) after a rewrite displays multiples of the text
https://bugs.webkit.org/show_bug.cgi?id=278750
rdar://132887398
Reviewed by Abrar Rahman Protyasha.
When clicking "Show Rewrite", a redo operation is effectively done within WritingToolsController.
However, since this is not an actual redo and it just re-applies the command itself, a new undo
step ends up getting added erroneously within `WebEditorClient::registerUndoStep`. This is because
`m_page->isInRedo()` is `false`, when it should be true.
Fix by ensuring the page is "in redo" when the WTC reapplies the command.
Drive-by fix: Remove an incorrect assertion in WTC.
* Source/WebCore/page/ChromeClient.h:
(WebCore::ChromeClient::setIsInRedo):
* Source/WebCore/page/writing-tools/WritingToolsController.mm:
(WebCore::WritingToolsController::showSelection const):
(WebCore::WritingToolsController::showRewrittenCompositionForSession):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::setIsInRedo):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h:
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::reapplyEditCommand):
* Source/WebKit/WebProcess/WebPage/WebPage.h:
(WebKit::WebPage::setIsInRedo):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm:
(TEST(WritingTools, CompositionWithMultipleUndoAfterEndingAfterShowOriginalAndRewritten)):
Canonical link: https://commits.webkit.org/282823@main
Canonical link: https://commits.webkit.org/280938.306@safari-7619-branch
Commit: 01865bda0ed5c770e27fca7efc6f3364448f9fe2
https://github.com/WebKit/WebKit/commit/01865bda0ed5c770e27fca7efc6f3364448f9fe2
Author: Timothy Hatcher <timothy at apple.com>
Date: 2024-09-05 (Thu, 05 Sep 2024)
Changed paths:
M Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIPortCocoa.mm
M Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIRuntimeCocoa.mm
M Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPITabsCocoa.mm
M Source/WebKit/UIProcess/Extensions/WebExtensionContext.h
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIRuntime.mm
Log Message:
-----------
Cherry-pick 84aa82da3f5b. rdar://133501214
Web Extension ports can not receive messages in content scripts.
https://webkit.org/b/278817
rdar://133501214
Reviewed by Brian Weinstein and Jeff Miller.
When sending the queued message we were sending them to the wrong process,
since `fireQueuedPortMessageEventsIfNeeded()` was being passed in a process
and not using the same delivery logic as `portPostMessage()`.
Factor the code to send the message event out of `portPostMessage()` into a new
`firePortMessageEventsIfNeeded()` method and use that in both places. We also need
call it for both target and source world types, since messages can queue for both.
This impacted content script or web page externally connectable, since the worlds
are different, as compared to main world to main world connections.
* Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIPortCocoa.mm:
(WebKit::WebExtensionContext::portPostMessage): Use firePortMessageEventsIfNeeded.
(WebKit::WebExtensionContext::firePortMessageEventsIfNeeded): Added.
(WebKit::WebExtensionContext::fireQueuedPortMessageEventsIfNeeded): Use firePortMessageEventsIfNeeded.
(WebKit::WebExtensionContext::clearQueuedPortMessages): Added logging.
* Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIRuntimeCocoa.mm:
(WebKit::WebExtensionContext::runtimeConnect): Call fireQueuedPortMessageEventsIfNeeded and
clearQueuedPortMessages for both worlds.
(WebKit::WebExtensionContext::runtimeWebPageConnect): Ditto.
* Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPITabsCocoa.mm:
(WebKit::WebExtensionContext::tabsConnect): Ditto.
* Source/WebKit/UIProcess/Extensions/WebExtensionContext.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIRuntime.mm:
(TestWebKitAPI::TEST(WKWebExtensionAPIRuntime, ConnectFromContentScriptWithImmediateMessage)): Added.
(TestWebKitAPI::TEST(WKWebExtensionAPIRuntime, ConnectFromWebPageWithImmediateMessage)): Added.
Canonical link: https://commits.webkit.org/283006@main
Build fixes
Canonical link: https://commits.webkit.org/280938.307@safari-7619-branch
Commit: 8905ca10cfc402b9e6b122b939496b06d048c78c
https://github.com/WebKit/WebKit/commit/8905ca10cfc402b9e6b122b939496b06d048c78c
Author: Sihui Liu <sihui_liu at apple.com>
Date: 2024-09-06 (Fri, 06 Sep 2024)
Changed paths:
M Source/WebKit/NetworkProcess/cache/NetworkCacheStorage.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WebsiteDataStoreCustomPaths.mm
Log Message:
-----------
Cherry-pick 1e4bf82ac6e8. rdar://121547438
Ensure network cache files and directories created by WebKit are excluded from backup
https://bugs.webkit.org/show_bug.cgi?id=278944
rdar://121547438
Reviewed by Chris Dumez.
When client sets custom path for network cache storage, the path may not be excluded from backup as the default WebKit
network cache directory. WebKit cannot mark the custom path as excluded from backup as client may store some other
data in the directory, but WebKit can mark the files created by WebKit as excluded because those files are not expected
to be backed up.
API test: WebKit.NetworkCacheExcludedFromBackup
* Source/WebKit/NetworkProcess/cache/NetworkCacheStorage.cpp:
(WebKit::NetworkCache::Storage::open):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WebsiteDataStoreCustomPaths.mm:
(TEST(WebKit, NetworkCacheExcludedFromBackup)):
Canonical link: https://commits.webkit.org/283002@main
Canonical link: https://commits.webkit.org/280938.308@safari-7619-branch
Commit: 61f89b53269421a65d7ca3c5ab1547e3922dd732
https://github.com/WebKit/WebKit/commit/61f89b53269421a65d7ca3c5ab1547e3922dd732
Author: Matthew Finkel <m_finkel at apple.com>
Date: 2024-09-06 (Fri, 06 Sep 2024)
Changed paths:
M Source/WebKit/UIProcess/WebPageProxy.cpp
Log Message:
-----------
Improve matching webarchive file extension when loading in ephemeral datastore
https://bugs.webkit.org/show_bug.cgi?id=279226
rdar://135302982
Reviewed by Darin Adler.
This change ensures we only look at the file path instead of the entire URL
string.
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::receivedNavigationActionPolicyDecision):
Canonical link: https://commits.webkit.org/280938.309@safari-7619-branch
Commit: eb5a1e97b064c1a02aca8f75e74a5cf2eb4e272f
https://github.com/WebKit/WebKit/commit/eb5a1e97b064c1a02aca8f75e74a5cf2eb4e272f
Author: Pascoe <pascoe at apple.com>
Date: 2024-09-06 (Fri, 06 Sep 2024)
Changed paths:
M Source/WebKit/UIProcess/Cocoa/NavigationState.mm
Log Message:
-----------
Cherry-pick 61868ae02c5f. rdar://78929424
Blob url downloads fail when triggered from webextension
rdar://78929424
https://bugs.webkit.org/show_bug.cgi?id=226440
Reviewed by Timothy Hatcher.
Web Extensions can have anchor tags to blobs with download attributes
that are expected to download, but are prevented by isUnsupportedWebExtensionNavigation.
isUnsupportedWebExtensionNavigation is about preventing navigations away from extensions,
but downloads do not cause the page to navigate away. Therefore adding a case for downloads
here should be okay.
* Source/WebKit/UIProcess/Cocoa/NavigationState.mm:
(WebKit::isUnsupportedWebExtensionNavigation):
Canonical link: https://commits.webkit.org/283220@main
Canonical link: https://commits.webkit.org/280938.310@safari-7619-branch
Commit: 3b7cd3b4db5a2ca56e742fe406b5db514fb4b738
https://github.com/WebKit/WebKit/commit/3b7cd3b4db5a2ca56e742fe406b5db514fb4b738
Author: Charlie Wolfe <charliew at apple.com>
Date: 2024-09-06 (Fri, 06 Sep 2024)
Changed paths:
M Source/WTF/wtf/PlatformHave.h
M Source/WebCore/platform/network/cocoa/CookieCocoa.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKHTTPCookieStore.mm
Log Message:
-----------
Cherry-pick 45ce92c14115. rdar://135312438
iOS 18 does not allow a client application to specify SameSite=None
https://bugs.webkit.org/show_bug.cgi?id=279153
rdar://135312438
Reviewed by Pascoe and Alex Christensen.
In the iOS 18 and macOS Sequoia betas, CFNetwork began treating cookies as SameSite=Lax by default. This
caused an issue where, when WebKit converts from its internal enum `Cookie::SameSitePolicy` to
`NSHTTPCookieStringPolicy`, we return nil for `SameSitePolicy::None`, which CFNetwork now interprets as
lax instead of none.
WebKit should explicitly return none when converting `WebCore::Cookie` to an `NSHTTPCookie`. We should
use a string constant for none, but one is not currently available in the SDK.
* Source/WTF/wtf/PlatformHave.h:
* Source/WebCore/platform/network/cocoa/CookieCocoa.mm:
(WebCore::coreSameSitePolicy):
(WebCore::nsSameSitePolicy):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKHTTPCookieStore.mm:
(TEST(WKHTTPCookieStore, SetSameSiteCookiePolicies)):
(TEST(WKHTTPCookieStore, SetSameSiteCookiePoliciesNonPersistentStore)):
Canonical link: https://commits.webkit.org/283230@main
Canonical link: https://commits.webkit.org/280938.311@safari-7619-branch
Commit: 923df28edf7f38dad9d890b6df0e48fef1b0a60d
https://github.com/WebKit/WebKit/commit/923df28edf7f38dad9d890b6df0e48fef1b0a60d
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-09-06 (Fri, 06 Sep 2024)
Changed paths:
M Source/WebCore/page/writing-tools/WritingToolsController.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm
Log Message:
-----------
Cherry-pick 77b319164fe7. rdar://135032816
[Writing Tools] Tools should be supported even when there is no selection
https://bugs.webkit.org/show_bug.cgi?id=278940
rdar://135032816
Reviewed by Abrar Rahman Protyasha and Wenson Hsieh.
When there is no selection, Writing Tools should operate on the entire contents
of the document.
* Source/WebCore/page/writing-tools/WritingToolsController.mm:
(WebCore::contextRangeForSession):
(WebCore::WritingToolsController::willBeginWritingToolsSession):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm:
(TEST(WritingTools, ContextRangeWithNoSelection)):
Canonical link: https://commits.webkit.org/282997@main
Canonical link: https://commits.webkit.org/280938.312@safari-7619-branch
Commit: dd1f5ba61bca8497f36f6bac88aefb3487a5a784
https://github.com/WebKit/WebKit/commit/dd1f5ba61bca8497f36f6bac88aefb3487a5a784
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-09-06 (Fri, 06 Sep 2024)
Changed paths:
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h
M Source/WebKit/UIProcess/API/mac/WKWebViewMac.mm
M Source/WebKit/UIProcess/mac/WebViewImpl.h
M Source/WebKit/UIProcess/mac/WebViewImpl.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm
Log Message:
-----------
Cherry-pick 1c1d099cf602. rdar://134965328
[macOS][Writing Tools] Add `WKWebView` SPI to display the panel
https://bugs.webkit.org/show_bug.cgi?id=278939
rdar://134965328
Reviewed by Richard Robinson and Wenson Hsieh.
Add SPI to let clients programmatically show the Writing Tools panel.
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h:
* Source/WebKit/UIProcess/API/mac/WKWebViewMac.mm:
(-[WKWebView _showWritingTools]):
* Source/WebKit/UIProcess/mac/WebViewImpl.h:
* Source/WebKit/UIProcess/mac/WebViewImpl.mm:
(WebKit::WebViewImpl::showWritingTools):
If there is no selection, or the selection is a caret the panel will be anchored
to the view. Otherwise, it will be anchored to the selection.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm:
(TEST(WritingTools, ShowPanelWithNoSelection)):
(TEST(WritingTools, ShowPanelWithCaretSelection)):
(TEST(WritingTools, ShowPanelWithRangedSelection)):
Canonical link: https://commits.webkit.org/282998@main
Canonical link: https://commits.webkit.org/280938.313@safari-7619-branch
Commit: dbd4a3eb978450f676bde36256ea45c94128b95c
https://github.com/WebKit/WebKit/commit/dbd4a3eb978450f676bde36256ea45c94128b95c
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-09-06 (Fri, 06 Sep 2024)
Changed paths:
M Source/WebCore/page/ChromeClient.h
M Source/WebCore/page/Page.cpp
M Source/WebCore/page/Page.h
M Source/WebCore/page/writing-tools/WritingToolsController.h
M Source/WebCore/page/writing-tools/WritingToolsController.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h
M Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Source/WebKit/WebProcess/WebPage/WebPage.messages.in
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm
Log Message:
-----------
Cherry-pick b0f15e338732. rdar://134458783
[Writing Tools] Inline animation doesn’t look great in Mail smart reply
https://bugs.webkit.org/show_bug.cgi?id=278884
rdar://134458783
Reviewed by Aditya Keerthi.
Ensure that the writing tools controller and intelligence text animation controller only have their
states reset after all animations have completed, or after the Writing Tools session is ended,
whichever is last.
* Source/WebCore/page/ChromeClient.h:
(WebCore::ChromeClient::removeTransparentMarkersForActiveWritingToolsSession): Deleted.
* Source/WebCore/page/Page.cpp:
(WebCore::Page::intelligenceTextAnimationsDidComplete):
(WebCore::Page::showSelectionForActiveWritingToolsSession const): Deleted.
* Source/WebCore/page/Page.h:
* Source/WebCore/page/writing-tools/WritingToolsController.h:
* Source/WebCore/page/writing-tools/WritingToolsController.mm:
(WebCore::WritingToolsController::intelligenceTextAnimationsDidComplete):
(WebCore::WritingToolsController::didEndWritingToolsSession<WritingTools::Session::Type::Proofreading>):
(WebCore::WritingToolsController::didEndWritingToolsSession<WritingTools::Session::Type::Composition>):
(WebCore::WritingToolsController::didEndWritingToolsSession):
(WebCore::WritingToolsController::showSelection const): Deleted.
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _didEndPartialIntelligenceTextPonderingAnimation]):
* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::intelligenceTextAnimationsDidComplete):
(WebKit::WebPageProxy::showSelectionForActiveWritingToolsSession): Deleted.
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm:
(-[WKTextAnimationManager updateIsTextVisible:forChunk:completion:]):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::removeTransparentMarkersForActiveWritingToolsSession): Deleted.
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h:
* Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm:
(WebKit::WebPage::intelligenceTextAnimationsDidComplete):
(WebKit::WebPage::showSelectionForActiveWritingToolsSession): Deleted.
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:
Canonical link: https://commits.webkit.org/283109@main
Canonical link: https://commits.webkit.org/280938.314@safari-7619-branch
Commit: faa1e5a56d2ace3b15316e3eb8f8b7b9de1bc8d0
https://github.com/WebKit/WebKit/commit/faa1e5a56d2ace3b15316e3eb8f8b7b9de1bc8d0
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-09-06 (Fri, 06 Sep 2024)
Changed paths:
M Source/WebCore/page/writing-tools/WritingToolsController.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm
Log Message:
-----------
Cherry-pick 03433cf8ea04. rdar://134991317
[Writing Tools] During the rewrite animation, some text temporarily is hidden and the animation looks broken
https://bugs.webkit.org/show_bug.cgi?id=279231
rdar://134991317
Reviewed by Aditya Keerthi.
Effectively revert 282750 at main, which ended up inadvertently adding transparent document markers to incorrect ranges.
Note that the bug that 282750 at main fixed still remains fixed, since 283109 at main inadvertently also fixes it by clearing
document markers after the animation finishes.
* Source/WebCore/page/writing-tools/WritingToolsController.mm:
(WebCore::WritingToolsController::compositionSessionDidReceiveTextWithReplacementRangeAsync):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm:
(TEST(WritingTools, CompositionShowOriginalHasNoTransparentMarkers)):
Canonical link: https://commits.webkit.org/283238@main
Canonical link: https://commits.webkit.org/280938.315@safari-7619-branch
Commit: b33e3f6e7b59ef79b213260e6f8f5893a19ead67
https://github.com/WebKit/WebKit/commit/b33e3f6e7b59ef79b213260e6f8f5893a19ead67
Author: Megan Gardner <megan_gardner at apple.com>
Date: 2024-09-09 (Mon, 09 Sep 2024)
Changed paths:
M Source/WebCore/dom/Document.h
M Source/WebCore/editing/Editor.cpp
M Source/WebCore/page/ChromeClient.h
M Source/WebCore/page/TextAnimationTypes.h
M Source/WebCore/page/writing-tools/WritingToolsController.h
M Source/WebCore/page/writing-tools/WritingToolsController.mm
M Source/WebKit/Shared/TextAnimationTypes.serialization.in
M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebPageProxyInternals.h
M Source/WebKit/UIProcess/ios/WKContentViewInteraction.h
M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
M Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm
M Source/WebKit/WebKitSwift/TextAnimation/TextAnimationManager.swift
M Source/WebKit/WebKitSwift/TextAnimation/WKSTextAnimationSourceDelegate.h
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm
M Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm
Log Message:
-----------
Cherry-pick da92dcfbdd3a. rdar://132367375
Writing tools animations on iOS don't have the second part of the animation.
https://bugs.webkit.org/show_bug.cgi?id=279161
rdar://132367375
Reviewed by Aditya Keerthi.
iOS animations have a completely different shape than mac
animations. Also, we weren't correctly determining if something
was the final text replacement and bailing out of that animations.
We also needed to ensure that smart replies still worked correctly.
* Source/WebCore/dom/Document.h:
(WebCore::Document::setPlaceholderTextIndicatorData):
(WebCore::Document::placeholderTextIndicatorData):
* Source/WebCore/editing/Editor.cpp:
(WebCore::Editor::insertTextPlaceholder):
* Source/WebCore/page/ChromeClient.h:
(WebCore::ChromeClient::addSourceTextAnimationForActiveWritingToolsSession):
(WebCore::ChromeClient::addDestinationTextAnimationForActiveWritingToolsSession):
* Source/WebCore/page/TextAnimationTypes.h:
* Source/WebCore/page/writing-tools/WritingToolsController.h:
* Source/WebCore/page/writing-tools/WritingToolsController.mm:
(WebCore::WritingToolsController::compositionSessionDidFinishReplacement):
(WebCore::WritingToolsController::compositionSessionDidReceiveTextWithReplacementRangeAsync):
(WebCore::WritingToolsController::compositionSessionDidReceiveTextWithReplacementRange):
* Source/WebKit/Shared/TextAnimationTypes.serialization.in:
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _addTextAnimationForAnimationID:withData:]):
(-[WKWebView _enableSourceTextAnimationAfterElementWithID:]):
(-[WKWebView _enableFinalTextAnimationForElementWithID:]):
(toWKTextAnimationType): Deleted.
* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::addTextAnimationForAnimationIDWithCompletionHandler):
(WebKit::WebPageProxy::storeDestinationCompletionHandlerForAnimationID):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxyInternals.h:
* Source/WebKit/UIProcess/ios/WKContentViewInteraction.h:
* Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView setUpInteraction]):
(-[WKContentView updateUnderlyingTextVisibilityForTextAnimationID:visible:completionHandler:]):
(-[WKContentView callCompletionHandlerForAnimationID:]):
(-[WKContentView callCompletionHandlerForAnimationID:completionHandler:]):
(toWKTextAnimationType):
(-[WKContentView addTextAnimationForAnimationID:withData:]):
(-[WKContentView addTextAnimationForAnimationID:withStyleType:]): Deleted.
* Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm:
(-[WKTextAnimationManager restoreTextAnimationType]):
* Source/WebKit/UIProcess/mac/WebViewImpl.mm:
(WebKit::WebViewImpl::addTextAnimationForAnimationID):
* Source/WebKit/WebKitSwift/TextAnimation/TextAnimationManager.swift:
(beginEffect(for:style:)):
(TextAnimationManager.performReplacementAndGeneratePreview(for:effect:animation:)):
* Source/WebKit/WebKitSwift/TextAnimation/WKSTextAnimationSourceDelegate.h:
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::addSourceTextAnimationForActiveWritingToolsSession):
(WebKit::WebChromeClient::addDestinationTextAnimationForActiveWritingToolsSession):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h:
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h:
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm:
(WebKit::TextAnimationController::addInitialTextAnimationForActiveWritingToolsSession):
(WebKit::TextAnimationController::addSourceTextAnimationForActiveWritingToolsSession):
(WebKit::TextAnimationController::addDestinationTextAnimationForActiveWritingToolsSession):
(WebKit::TextAnimationController::updateUnderlyingTextVisibilityForTextAnimationID):
(WebKit::TextAnimationController::createTextIndicatorForRange):
* Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm:
(WebKit::WebPage::addSourceTextAnimationForActiveWritingToolsSession):
(WebKit::WebPage::addDestinationTextAnimationForActiveWritingToolsSession):
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm:
(TEST(WritingTools, SuggestedTextIsSelectedAfterSmartReply)):
Canonical link: https://commits.webkit.org/283248@main
Canonical link: https://commits.webkit.org/280938.316@safari-7619-branch
Commit: fd43eec4b13e9af1b9e12f81ac85df5812dae4c3
https://github.com/WebKit/WebKit/commit/fd43eec4b13e9af1b9e12f81ac85df5812dae4c3
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-09-09 (Mon, 09 Sep 2024)
Changed paths:
M Source/WebKit/UIProcess/mac/PageClientImplMac.mm
M Source/WebKit/UIProcess/mac/WKTextAnimationManager.h
M Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm
M Source/WebKit/UIProcess/mac/WebViewImpl.h
M Source/WebKit/UIProcess/mac/WebViewImpl.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm
Log Message:
-----------
Cherry-pick 3918b513f4cd. rdar://135281189
[macOS] Cannot click to move cursor focus to mail body after using smart reply and clicking in subject field
https://bugs.webkit.org/show_bug.cgi?id=279234
rdar://135281189
Reviewed by Wenson Hsieh, Richard Robinson, and Abrar Rahman Protyasha.
A `_WTTextEffectView` is inserted into the view hierarchy when performing
Writing Tools animations. However, it is currently not being removed once the
animations are complete. This is problematic, as the `_WTTextEffectView`
prevents the `WKWebView` from becoming first responder, when clicking over the
web view.
Fix by removing the effect view once animations are complete.
Additionally, resolve memory leaks and actually remove text effects from a map
when they are finished. That is the signal used to remove the effect view.
* Source/WebKit/UIProcess/mac/PageClientImplMac.mm:
(WebKit::PageClientImpl::didCommitLoadForMainFrame):
Remove the effect view when navigating to a different page.
* Source/WebKit/UIProcess/mac/WKTextAnimationManager.h:
* Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm:
(-[WKTextAnimationManager addTextAnimationForAnimationID:withData:]):
Add a completion handler for the source animation, in order to keep the
map of effects up-to-date and remove a memory leak.
Add the effect view to the view hierarchy when needed.
(-[WKTextAnimationManager removeTextAnimationForAnimationID:]):
Remove the effect view if there are no active effects.
(-[WKTextAnimationManager hideTextAnimationView]):
* Source/WebKit/UIProcess/mac/WebViewImpl.h:
* Source/WebKit/UIProcess/mac/WebViewImpl.mm:
(WebKit::WebViewImpl::hideTextAnimationView):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm:
(TEST(WritingTools, FocusWebViewAfterAnimation)):
Canonical link: https://commits.webkit.org/283274@main
Canonical link: https://commits.webkit.org/280938.317@safari-7619-branch
Commit: e260eedb6167a6da4d775b371ac7f0e73d324395
https://github.com/WebKit/WebKit/commit/e260eedb6167a6da4d775b371ac7f0e73d324395
Author: Mohsin Qureshi <mohsinq at apple.com>
Date: 2024-09-09 (Mon, 09 Sep 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7619.2.6
Commit: 492695f485bfd4c99a2c823b6be728e70caa97ac
https://github.com/WebKit/WebKit/commit/492695f485bfd4c99a2c823b6be728e70caa97ac
Author: Mohsin Qureshi <mohsinq at apple.com>
Date: 2024-09-09 (Mon, 09 Sep 2024)
Changed paths:
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm
Log Message:
-----------
Unreviewed build fix
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h:
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm:
(WebKit::TextAnimationController::saveSnapshotOfTextPlaceholderForAnimation):
Commit: 259cfea017d3d6dbe15e3d6dedd462aed97803ba
https://github.com/WebKit/WebKit/commit/259cfea017d3d6dbe15e3d6dedd462aed97803ba
Author: Mohsin Qureshi <mohsinq at apple.com>
Date: 2024-09-09 (Mon, 09 Sep 2024)
Changed paths:
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm
Log Message:
-----------
Revert "Unreviewed build fix"
This reverts commit 492695f485bfd4c99a2c823b6be728e70caa97ac.
Commit: a7d88f9c1982e52c2a281d361124af98b153c385
https://github.com/WebKit/WebKit/commit/a7d88f9c1982e52c2a281d361124af98b153c385
Author: Mohsin Qureshi <mohsinq at apple.com>
Date: 2024-09-09 (Mon, 09 Sep 2024)
Changed paths:
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm
Log Message:
-----------
Unreviewed build fix
(cherry picked from commit f3c52aff96f7897e3c958a6402f89ad407dc64f5)
Commit: a7afa8f046413dd56f8387974742c6d36b73a473
https://github.com/WebKit/WebKit/commit/a7afa8f046413dd56f8387974742c6d36b73a473
Author: Tadeu Zagallo <tzagallo at apple.com>
Date: 2024-09-10 (Tue, 10 Sep 2024)
Changed paths:
M Source/ThirdParty/ANGLE/src/compiler/translator/Types.h
M Source/ThirdParty/ANGLE/src/compiler/translator/msl/EmitMetal.cpp
M Source/ThirdParty/ANGLE/src/compiler/translator/msl/ProgramPrelude.cpp
Log Message:
-----------
[ANGLE] Avoid undefined behavior in arithmetic operations
https://bugs.webkit.org/show_bug.cgi
rdar://116020685
Reviewed by Kimmo Kinnunen.
Avoid undefined behavior in the following operations:
- division by zero
- modulo by zero
- binary shifts of negative numbers or that exceed bit width
- integer overflow in addition, subtraction and multiplication.
- floating-point to integral conversions
* Source/ThirdParty/ANGLE/src/compiler/translator/msl/EmitMetal.cpp:
(GetOperatorString):
(IsSymbolicOperator):
(GenMetalTraverser::visitBinary):
* Source/ThirdParty/ANGLE/src/compiler/translator/msl/ProgramPrelude.cpp:
Canonical link: https://commits.webkit.org/280938.322@safari-7619-branch
Commit: 8898391fae623a3a93f065fc5cf0f84d636b0d46
https://github.com/WebKit/WebKit/commit/8898391fae623a3a93f065fc5cf0f84d636b0d46
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2024-09-10 (Tue, 10 Sep 2024)
Changed paths:
M Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h
M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp
Log Message:
-----------
[JSC] Catch entering stack map computation in OMG is wrong for CallRef
https://bugs.webkit.org/show_bug.cgi?id=279480
rdar://133868556
Reviewed by David Degazio.
preparePatchpointForExceptions was assuming that we are appending stack
map generation constraints at the end of the sequence in Patchpoint.
But this is wrong for CallRef since we append a value after we set up
these stack map constraints. As a result, generated stack map is
offsetted by 2 in CallRef, using wrong values. This patch makes these
computation more robust: saving the current params offset and children
offset and use it later. This makes it possible to put stack map
generation whenever we would like to do.
* Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h:
(JSC::Wasm::PatchpointExceptionHandle::PatchpointExceptionHandle):
(JSC::Wasm::PatchpointExceptionHandle::generate const):
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp:
(JSC::Wasm::OMGIRGenerator::preparePatchpointForExceptions):
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp:
(JSC::Wasm::OMGIRGenerator::preparePatchpointForExceptions):
Canonical link: https://commits.webkit.org/280938.323@safari-7619-branch
Commit: f77c08f58187174cb313edb8015a34d29d481206
https://github.com/WebKit/WebKit/commit/f77c08f58187174cb313edb8015a34d29d481206
Author: Sammy Gill <sammy.gill at apple.com>
Date: 2024-09-11 (Wed, 11 Sep 2024)
Changed paths:
A LayoutTests/imported/w3c/web-platform-tests/css/css-contain/content-visibility/content-visibility-on-display-contents-expected.html
A LayoutTests/imported/w3c/web-platform-tests/css/css-contain/content-visibility/content-visibility-on-display-contents.html
M Source/WebCore/rendering/style/RenderStyleInlines.h
Log Message:
-----------
Cherry-pick 76f7fe96cdbb. rdar://134436437
[Content Visibility] onedrive.live.com: content-visibility does not apply to display: contents elements.
https://bugs.webkit.org/show_bug.cgi?id=278477
rdar://134436437
Reviewed by Alan Baradlay.
We attempt to apply some content-visibility: auto logic to a
display: contents item which results in descendant content not appearing
on OneDrive since the root element does not have an associated renderer.
The spec actually handles this case by stating that content-visibility
applies to: "elements for which size containment can apply." The size
containment portion of the spec then states size containment has no
effect if, "if the element does not generate a principal box (as is the
case with display: contents or display: none)."
https://drafts.csswg.org/css-contain-2/#content-visibility
https://drafts.csswg.org/css-contain-2/#size-containment
We can handle this by checking the display type in isSkippedContentRoot
which is used for, among other things, propagating the
usedContentVisibility value to descendant renderers. As a result, we
should not be propagating this content visibility information to
descendant renderers and they should go through layout as if
content-visibility was not set on the display: contents element.
* LayoutTests/imported/w3c/web-platform-tests/css/css-contain/content-visibility/content-visibility-on-display-contents-expected.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-contain/content-visibility/content-visibility-on-display-contents.html: Added.
* Source/WebCore/rendering/style/RenderStyleInlines.h:
(WebCore::isSkippedContentRoot):
Canonical link: https://commits.webkit.org/283345@main
Canonical link: https://commits.webkit.org/280938.324@safari-7619-branch
Commit: 0d389aeac1e41749c7975e6c8f8ddef269fd5e98
https://github.com/WebKit/WebKit/commit/0d389aeac1e41749c7975e6c8f8ddef269fd5e98
Author: Timothy Hatcher <timothy at apple.com>
Date: 2024-09-11 (Wed, 11 Sep 2024)
Changed paths:
M Source/WebKit/Shared/Extensions/WebExtensionConstants.h
M Source/WebKit/Shared/Extensions/_WKWebExtensionSQLiteStatement.mm
M Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIStorageCocoa.mm
M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionContextCocoa.mm
M Source/WebKit/UIProcess/Extensions/WebExtensionContext.h
Log Message:
-----------
Cherry-pick 6cb5017d237e. rdar://131762857
"Exceeded storage quota" error even with unlimitedStorage permission.
https://webkit.org/b/279385
rdar://131762857
Reviewed by Brian Weinstein.
The `webExtensionUnlimitedStorageQuotaBytes` global was incorrectly defined as a `double`, while
`quotaForStorageType()` returns a `size_t`. This mismatch caused type truncation issues, leading
to the quota check failing.
Additionally, a crash was occurring when deleting the last storage value. The issue was due to
finalizing an SQLite statement asynchronously after the database had been closed and deleted.
* Source/WebKit/Shared/Extensions/WebExtensionConstants.h:
* Source/WebKit/Shared/Extensions/_WKWebExtensionSQLiteStatement.mm:
(-[_WKWebExtensionSQLiteStatement dealloc]): Make sure the database is not closed.
* Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIStorageCocoa.mm:
(WebKit::WebExtensionContext::storageSet): Fix typo for quotaForStorageType.
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionContextCocoa.mm:
(WebKit::WebExtensionContext::quotaForStorageType): Renamed to fix typo.
(WebKit::WebExtensionContext::quoataForStorageType): Deleted.
* Source/WebKit/UIProcess/Extensions/WebExtensionContext.h:
Canonical link: https://commits.webkit.org/283383@main
Canonical link: https://commits.webkit.org/280938.325@safari-7619-branch
Commit: 08080b41c1a74040313bfbc499e9cb3f3a98053e
https://github.com/WebKit/WebKit/commit/08080b41c1a74040313bfbc499e9cb3f3a98053e
Author: Dan Hecht <dan.hecht at apple.com>
Date: 2024-09-11 (Wed, 11 Sep 2024)
Changed paths:
M Source/JavaScriptCore/bytecode/CodeBlock.cpp
M Source/JavaScriptCore/bytecode/CodeBlock.h
M Source/JavaScriptCore/bytecode/CodeBlockInlines.h
M Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.cpp
M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
M Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp
M Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h
M Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.cpp
M Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.h
M Source/JavaScriptCore/dfg/DFGAdaptiveStructureWatchpoint.cpp
Log Message:
-----------
Cherry-pick 9ce98e026db3. rdar://122375587
[JSC] Ensure StructureStubInfoClearingWatchpoint does not outlive its CodeBlock
https://bugs.webkit.org/show_bug.cgi?id=279384
rdar://122375587
Reviewed by Yusuke Suzuki.
StructureStubInfoClearingWatchpoint is kept alive by references from
both the CodeBlock and the Executable. If the CodeBlock is destructed
first and the Executable destruction is delayed, the watchpoint could
fire after the CodeBlock destruction and the JSCell:isLive() call for
the CodeBlock could try to walk a MarkedBlock that has already been
freed, leading to crashes.
Instead, proactively free the watchpoint when the CodeBlock is being
destructed.
Also add some debug-only code to help catch these sort of lifetime
issues involving CodeBlock and Watchpoint.
* Source/JavaScriptCore/bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::destroy):
(JSC::CodeBlock::findStubInfo):
(JSC::CodeBlock::resetBaselineJITData): Deleted.
* Source/JavaScriptCore/bytecode/CodeBlock.h:
* Source/JavaScriptCore/bytecode/CodeBlockInlines.h:
(JSC::CodeBlock::wasDestructed):
* Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.cpp:
(JSC::CodeBlockJettisoningWatchpoint::fireInternal):
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheHandler::aboutToDie):
* Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
(JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::~LLIntPrototypeLoadAdaptiveStructureWatchpoint):
(JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
* Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
* Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.cpp:
(JSC::StructureStubInfoClearingWatchpoint::~StructureStubInfoClearingWatchpoint):
(JSC::StructureStubInfoClearingWatchpoint::fireInternal):
* Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.h:
* Source/JavaScriptCore/dfg/DFGAdaptiveStructureWatchpoint.cpp:
(JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
Canonical link: https://commits.webkit.org/283454@main
Canonical link: https://commits.webkit.org/280938.326@safari-7619-branch
Commit: 4e72c3f134d4566ed688701a9e3bfd18720b2899
https://github.com/WebKit/WebKit/commit/4e72c3f134d4566ed688701a9e3bfd18720b2899
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-09-11 (Wed, 11 Sep 2024)
Changed paths:
A LayoutTests/editing/deleting/delete-picture-expected.txt
A LayoutTests/editing/deleting/delete-picture.html
A LayoutTests/editing/deleting/delete-text-before-picture-expected.txt
A LayoutTests/editing/deleting/delete-text-before-picture.html
M Source/WebCore/editing/DeleteSelectionCommand.cpp
Log Message:
-----------
Cherry-pick 1d56845bb42e. rdar://128100106
Deleting content immediately before a `<picture>` unexpectedly removes `<source>`s
https://bugs.webkit.org/show_bug.cgi?id=279467
rdar://128100106
Reviewed by Wenson Hsieh and Abrar Rahman Protyasha.
`<picture>` elements may contain one or more `<source>` elements (which are not
rendered) and an `<img>` element. When making selections around a `<picture>`
element, the selection is anchored before or after the `<img>` child.
Consequently, when the selection is visually before a `<picture>` element, and
deletion is performed, all `<source>` elements before the selection are also
removed. This is incorrect, as the `<picture>` element and all its children should
be left intact.
Fix by avoiding removal of nodes that have a parent node which cannot have
children for editing. Only the direct parent is checked, since traversal is
performed in document order.
A longer term solution would be to (again) experiment with making
`canContainRangeEndPoint` return `false` for `HTMLPictureElement`. That change would
solve this issue by ensuring the selection could never be inside a `<picture>`.
However, that change is much higher risk, and also causes other selection related
issues, which need to be investigated independently.
* LayoutTests/editing/deleting/delete-picture-expected.txt: Added.
* LayoutTests/editing/deleting/delete-picture.html: Added.
Test already working behavior to delete a `<picture> element.
* LayoutTests/editing/deleting/delete-text-before-picture-expected.txt: Added.
* LayoutTests/editing/deleting/delete-text-before-picture.html: Added.
Test the issue fixed by this patch.
* Source/WebCore/editing/DeleteSelectionCommand.cpp:
(WebCore::DeleteSelectionCommand::handleGeneralDelete):
Canonical link: https://commits.webkit.org/283457@main
Canonical link: https://commits.webkit.org/280938.327@safari-7619-branch
Commit: 519097f7b4544054b92bf1e113046c8d3af7842c
https://github.com/WebKit/WebKit/commit/519097f7b4544054b92bf1e113046c8d3af7842c
Author: Marcus Plutowski <marcus_plutowski at apple.com>
Date: 2024-09-11 (Wed, 11 Sep 2024)
Changed paths:
M Source/WTF/wtf/posix/OSAllocatorPOSIX.cpp
Log Message:
-----------
Cherry-pick 341e30e628ef. rdar://135430256
Remove OSAllocator's legacy manual impl of ASLR on x86
https://bugs.webkit.org/show_bug.cgi?id=279273
rdar://135430256
Reviewed by Yusuke Suzuki and Sam Weinig.
This has not been necessary for a long time: if you pass mmap a nullptr
for the address, the kernel will select a suitably random location on
its own.
Doing it ourselves is bad for multiple reasons:
1) it’s slower,
2) it's confusing,
3) selecting a specific location in memory is generally suspicious, and
could stress kernel-internal code paths which are not used much
elsewhere -- increasing the likelihood of running into a bug.
However, this situation does raise the specter of Chesterton’s Fence: if
the OS does this automatically, then why did we ever implement code to
do it ourselves? The answer is that this code is just really old: the
first patch adding this to the codebase (34933 at main) was committed in
April 2009, and the code has not been touched since December 2010
(63979 at main). ASLR was only implemented on Mac OS X in version 10.5
(Leopard, released October 2007) and only expanded to cover all
applications in 10.7 (Lion, July 2011). So this code was written during
a time when we _did_ need to implement it ourselves; as that is no
longer the case, we should stop doing so.
* Source/WTF/wtf/posix/OSAllocatorPOSIX.cpp:
(WTF::OSAllocator::tryReserveAndCommit): stop rolling our own ASLR
Canonical link: https://commits.webkit.org/283483@main
Canonical link: https://commits.webkit.org/280938.328@safari-7619-branch
Commit: ba52e5dc13c91c7048396bcedb3441d66c873a0f
https://github.com/WebKit/WebKit/commit/ba52e5dc13c91c7048396bcedb3441d66c873a0f
Author: Chris Dumez <cdumez at apple.com>
Date: 2024-09-12 (Thu, 12 Sep 2024)
Changed paths:
M Source/WebKit/Platform/IPC/Decoder.cpp
Log Message:
-----------
Do more validation of IPC::Decoder's destinationID
https://bugs.webkit.org/show_bug.cgi?id=279574
rdar://135525328
Reviewed by Darin Adler.
Do more validation of IPC::Decoder's destinationID. We have to keep allowing 0
since it is a valid destinationID. However, we can reject -1 which is the
HashTable's deleted value.
This is important since we sometimes constructor ObjectIdentifiers from the
decoder's destinationID and these ObjectIdentifiers may be used to look up
in a HashMap.
283525 at main also added more validation of the raw identifier when constructing
an ObjectIdentifier which will further protect us.
* Source/WebKit/Platform/IPC/Decoder.cpp:
Canonical link: https://commits.webkit.org/280938.329@safari-7619-branch
Commit: fdbf2460a3133468432d52dea1d4d9adf1ce4783
https://github.com/WebKit/WebKit/commit/fdbf2460a3133468432d52dea1d4d9adf1ce4783
Author: Megan Gardner <megan_gardner at apple.com>
Date: 2024-09-12 (Thu, 12 Sep 2024)
Changed paths:
M Source/WebCore/html/shadow/TextPlaceholderElement.cpp
Log Message:
-----------
Cherry-pick 67952f140c3d. rdar://135770744
[Writing Tools] Smart Replies show no text after animation finishes.
https://bugs.webkit.org/show_bug.cgi?id=279560
rdar://135770744
Reviewed by Aditya Keerthi.
The placeholder element had a zero width, so we would fail to
make a text indicator from it. Change the placeholder element to not
set the width if it is zero so it defaults to an actual width,
allowing us to make a snapshot of it.
* Source/WebCore/html/shadow/TextPlaceholderElement.cpp:
Canonical link: https://commits.webkit.org/283562@main
Canonical link: https://commits.webkit.org/280938.330@safari-7619-branch
Commit: c92971e92a26115e22b904aa5bfe703770081c93
https://github.com/WebKit/WebKit/commit/c92971e92a26115e22b904aa5bfe703770081c93
Author: Kimmo Kinnunen <kkinnunen at apple.com>
Date: 2024-09-13 (Fri, 13 Sep 2024)
Changed paths:
M Source/WebKit/Platform/IPC/StreamServerConnection.cpp
M Source/WebKit/Platform/IPC/StreamServerConnection.h
M Source/WebKit/Shared/IPCStreamTester.cpp
M Source/WebKit/Shared/IPCStreamTester.h
M Source/WebKit/Shared/IPCStreamTester.messages.in
M Tools/TestWebKitAPI/Tests/IPC/StreamConnectionTests.cpp
Log Message:
-----------
Cherry-pick efa2afee8f4a. rdar://133004320
IPC stream sync message send hangs sometimes when using NotStreamEncodableReply
https://bugs.webkit.org/show_bug.cgi?id=279188
rdar://133004320
Reviewed by Simon Fraser.
Normal stream IPC sync message reply protocol is that the reply would be
written to the beginning of the message buffer and the whole buffer
would be released to the client.
In case of NotStreamEncodableReply, the buffer would be released to the
client but the out of stream (OOS) message would be sent via
IPC::Connection. This would be done to support replying with
kernel-transferred objects.
There was be a race condition with the implementation, where the OOS
message would be sent by the server and received by the client before
the server would continue. This would cause the client to write the
subsequent messages to the unexpected index of the message buffer. Once
the server would continue, it would release the message buffer to the
client, overwriting the clients index values.
Fix by first releasing the buffer to the client and then sending the OOS
message.
* Source/WebKit/Platform/IPC/StreamServerConnection.cpp:
(IPC::StreamServerConnection::dispatchStreamMessage):
* Source/WebKit/Platform/IPC/StreamServerConnection.h:
(IPC::StreamServerConnection::sendSyncReply):
* Source/WebKit/Shared/IPCStreamTester.cpp:
(WebKit::IPCStreamTester::syncMessage):
(WebKit::IPCStreamTester::syncMessageNotStreamEncodableReply):
(WebKit::IPCStreamTester::emptyMessage):
* Source/WebKit/Shared/IPCStreamTester.h:
* Source/WebKit/Shared/IPCStreamTester.messages.in:
* Tools/TestWebKitAPI/Tests/IPC/StreamConnectionTests.cpp:
(TestWebKitAPI::TEST_P):
Canonical link: https://commits.webkit.org/283237@main
Canonical link: https://commits.webkit.org/280938.331@safari-7619-branch
Commit: 0ef93809cc4af102cff655c2a61090f93c7776ae
https://github.com/WebKit/WebKit/commit/0ef93809cc4af102cff655c2a61090f93c7776ae
Author: Chris Dumez <cdumez at apple.com>
Date: 2024-09-14 (Sat, 14 Sep 2024)
Changed paths:
M Source/WebKit/GPUProcess/media/RemoteCDMFactoryProxy.cpp
M Source/WebKit/GPUProcess/media/RemoteLegacyCDMFactoryProxy.cpp
M Source/WebKit/GPUProcess/media/RemoteMediaPlayerManagerProxy.cpp
M Source/WebKit/GPUProcess/webrtc/RemoteMediaRecorderManager.cpp
M Source/WebKit/ModelProcess/ModelProcessModelPlayerManagerProxy.cpp
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
M Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp
Log Message:
-----------
Guard against constructor an ObjectIdentifier from a IPC::Decoder::destinationID that is 0
https://bugs.webkit.org/show_bug.cgi?id=279640
rdar://135928568
Reviewed by Darin Adler.
* Source/WebKit/GPUProcess/media/RemoteCDMFactoryProxy.cpp:
(WebKit::RemoteCDMFactoryProxy::didReceiveCDMMessage):
(WebKit::RemoteCDMFactoryProxy::didReceiveCDMInstanceMessage):
(WebKit::RemoteCDMFactoryProxy::didReceiveCDMInstanceSessionMessage):
(WebKit::RemoteCDMFactoryProxy::didReceiveSyncCDMMessage):
(WebKit::RemoteCDMFactoryProxy::didReceiveSyncCDMInstanceMessage):
(WebKit::RemoteCDMFactoryProxy::didReceiveSyncCDMInstanceSessionMessage):
* Source/WebKit/GPUProcess/media/RemoteLegacyCDMFactoryProxy.cpp:
(WebKit::RemoteLegacyCDMFactoryProxy::didReceiveCDMMessage):
(WebKit::RemoteLegacyCDMFactoryProxy::didReceiveCDMSessionMessage):
(WebKit::RemoteLegacyCDMFactoryProxy::didReceiveSyncCDMMessage):
(WebKit::RemoteLegacyCDMFactoryProxy::didReceiveSyncCDMSessionMessage):
* Source/WebKit/GPUProcess/media/RemoteMediaPlayerManagerProxy.cpp:
(WebKit::RemoteMediaPlayerManagerProxy::didReceivePlayerMessage):
(WebKit::RemoteMediaPlayerManagerProxy::didReceiveSyncPlayerMessage):
* Source/WebKit/GPUProcess/webrtc/RemoteMediaRecorderManager.cpp:
(WebKit::RemoteMediaRecorderManager::didReceiveRemoteMediaRecorderMessage):
* Source/WebKit/ModelProcess/ModelProcessModelPlayerManagerProxy.cpp:
(WebKit::ModelProcessModelPlayerManagerProxy::didReceivePlayerMessage):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::didReceiveMessage):
* Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp:
(WebKit::WebSWServerToContextConnection::didReceiveFetchTaskMessage):
Canonical link: https://commits.webkit.org/280938.332@safari-7619-branch
Commit: 97f10bf9519a88def7b2565ea82db97112a7c34d
https://github.com/WebKit/WebKit/commit/97f10bf9519a88def7b2565ea82db97112a7c34d
Author: Youenn Fablet <youenn at apple.com>
Date: 2024-09-16 (Mon, 16 Sep 2024)
Changed paths:
M Source/ThirdParty/libwebrtc/Source/third_party/libyuv/source/scale.cc
M Source/ThirdParty/libwebrtc/Source/third_party/libyuv/unit_test/scale_test.cc
Log Message:
-----------
Potential 'segmentation fault' issue commited to upstream libwebrtc (libyuv)
rdar://135934122
Reviewed by Chris Dumez.
Cherry-picking of 4620f1705822fd6ab99939f43ce63099bd3d9ae0.
* Source/ThirdParty/libwebrtc/Source/third_party/libyuv/source/scale.cc:
* Source/ThirdParty/libwebrtc/Source/third_party/libyuv/unit_test/scale_test.cc:
Canonical link: https://commits.webkit.org/280938.333@safari-7619-branch
Commit: 7a620af7fd96a0cdf12af1d8ff9c69a2598c2917
https://github.com/WebKit/WebKit/commit/7a620af7fd96a0cdf12af1d8ff9c69a2598c2917
Author: Per Arne Vollan <pvollan at apple.com>
Date: 2024-09-16 (Mon, 16 Sep 2024)
Changed paths:
M Source/WTF/wtf/spi/darwin/SandboxSPI.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
Log Message:
-----------
Cherry-pick 63e1147ab47b. rdar://134101098
Check sandbox access in the WebContent process before opening local file
https://bugs.webkit.org/show_bug.cgi?id=278745
rdar://134101098
Reviewed by Chris Dumez and Darin Adler.
Check sandbox access in the WebContent process before deciding whether a sandbox extension should be created when opening local files.
This call is made from the UI process and will return the sandbox read access status for the given file at this point in time.
* Source/WTF/wtf/spi/darwin/SandboxSPI.h:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::maybeInitializeSandboxExtensionHandle):
Canonical link: https://commits.webkit.org/282882@main
Canonical link: https://commits.webkit.org/280938.334@safari-7619-branch
Commit: 63a7dcaae6ea4ddd3084bfaa998e9f9e3ae171f6
https://github.com/WebKit/WebKit/commit/63a7dcaae6ea4ddd3084bfaa998e9f9e3ae171f6
Author: Megan Gardner <megan_gardner at apple.com>
Date: 2024-09-16 (Mon, 16 Sep 2024)
Changed paths:
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm
Log Message:
-----------
Cherry-pick 3aeaf8d06ed9. rdar://135603636
Remaining text still visible when animation is running.
https://bugs.webkit.org/show_bug.cgi?id=279389
rdar://135603636
Reviewed by Aditya Keerthi.
The range to turn off visibility was not set properly.
Also took the opportunity to give this a more descriptive name.
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.h:
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm:
(WebKit::TextAnimationController::contextRangeForTextAnimationID const):
(WebKit::TextAnimationController::removeTransparentMarkersForActiveWritingToolsSession):
(WebKit::TextAnimationController::addDestinationTextAnimationForActiveWritingToolsSession):
(WebKit::TextAnimationController::updateUnderlyingTextVisibilityForTextAnimationID):
(WebKit::TextAnimationController::saveSnapshotOfTextPlaceholderForAnimation):
(WebKit::TextAnimationController::clearAnimationsForActiveWritingToolsSession):
Canonical link: https://commits.webkit.org/283440@main
Canonical link: https://commits.webkit.org/280938.335@safari-7619-branch
Commit: c7b3fa6113d5e800fe7c3f0e9ca47cfef8b4ba1e
https://github.com/WebKit/WebKit/commit/c7b3fa6113d5e800fe7c3f0e9ca47cfef8b4ba1e
Author: Megan Gardner <megan_gardner at apple.com>
Date: 2024-09-16 (Mon, 16 Sep 2024)
Changed paths:
M Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm
M Source/WebKit/WebKitSwift/TextAnimation/TextAnimationManager.swift
Log Message:
-----------
Cherry-pick 37834a3ed1fb. rdar://135760840
[Writing Tools] Text Animations overrun recipient and subject lines when content is scrolled.
https://bugs.webkit.org/show_bug.cgi?id=279475
rdar://135760840
Reviewed by Aditya Keerthi.
Views no longer clip to bounds by default, so we need to set that flag
to keep the view from extending beyond the frame of the web view.
* Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm:
(-[WKTextAnimationManager initWithWebViewImpl:]):
Canonical link: https://commits.webkit.org/283552@main
Canonical link: https://commits.webkit.org/280938.336@safari-7619-branch
Commit: 1648dc5022174574c24220e8be46a519a083937b
https://github.com/WebKit/WebKit/commit/1648dc5022174574c24220e8be46a519a083937b
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2024-09-16 (Mon, 16 Sep 2024)
Changed paths:
A JSTests/stress/object-allocation-sinking-phi-insertion-for-pointers.js
M Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp
Log Message:
-----------
Cherry-pick ba44420c913e. rdar://135851156
[JSC] ObjectAllocationSinking should not omit phi insertion when pointer follows to the same value
https://bugs.webkit.org/show_bug.cgi?id=279570
rdar://135851156
Reviewed by Keith Miller.
Let's consider the following FTL graph.
BB#0
@0 = NewObject()
Jump #1
BB#1
PutByOffset(@0, 0, @x)
Jump #2
BB#2
...
@z = ...
@1 = GetByOffset(@x, 0)
Branch(@1, #3, #4)
BB#3
PutByOffset(@0, 0, @z)
Jump #5
BB#4
PutByOffset(@0, 0, @z)
Jump #5
BB#5
Jump #2
Now, we would like to eliminate @0 object allocation. And we are
computing SSA for pointers of fields of the that object which gets
eliminated. Consider about @x's fields' SSA. PutByOffset becomes Def
and GetByOffset becomes Use. And the same field will get the same SSA
variable. So we first puts Defs and compute Phis based on that.
In ObjectAllocationSinking phase, we had a fast path when the both SSA
variable is following to the same value. Let's see BB#5. Because BB#3
and BB#4 defines Defs, dominance frontier BB#5 will need to introduce
Phi. But interestingly, both SSA variable is following to the same @z.
As a result, we were not inserting Phi for this case.
But this is wrong. Inserted Phi is a Def, and based on that, we will
further introduce Phis with that. If we omit inserting Phi in BB#5,
we will not insert Phi into BB#2 while BB#2 will merge BB#1's Def And
BB#5's Phi's Def. As a result, in BB#2, we think this variable is
following to BB#1's Def. But that's wrong and BB#5's Phi exists.
This patch removes this fast path to fix the issue.
* JSTests/stress/object-allocation-sinking-phi-insertion-for-pointers.js: Added.
(Queue):
(Queue.prototype.enqueue):
(Queue.prototype.dequeue):
(i.queue.dequeue):
* Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp:
Canonical link: https://commits.webkit.org/283558@main
Canonical link: https://commits.webkit.org/280938.337@safari-7619-branch
Commit: f7c9e214a8fa41ecaae7b3815eae465e8efb22b4
https://github.com/WebKit/WebKit/commit/f7c9e214a8fa41ecaae7b3815eae465e8efb22b4
Author: Matt Woodrow <mattwoodrow at apple.com>
Date: 2024-09-16 (Mon, 16 Sep 2024)
Changed paths:
A LayoutTests/compositing/shared-backing/multiple-backing-sharing-providers-expected.html
A LayoutTests/compositing/shared-backing/multiple-backing-sharing-providers.html
M LayoutTests/fast/scrolling/ios/event-region-scale-transform-shared-expected.txt
M LayoutTests/fast/scrolling/ios/event-region-translate-transform-shared-expected.txt
M Source/WebCore/rendering/RenderLayerCompositor.cpp
M Source/WebCore/rendering/RenderLayerCompositor.h
Log Message:
-----------
Cherry-pick 73e553cb3575. rdar://134911588
REGRESSION(279868 at main) Alaska Airlines sign in popup loads behind the website's search field.
https://bugs.webkit.org/show_bug.cgi?id=279036
<rdar://134911588>
Reviewed by Simon Fraser.
This webpage had multiple backing store providers, and content was incorrectly
added to the back one, despite overlapping the front one.
The overlap test uses the bounds of the provider, not the to-be-added layer to
check if it overlaps, and the providers themselves didn't overlap.
This restricts multiple backing store providers to only be used when they're
clipped (as was previously the case), so we can be sure the added layer doesn't
extend beyond the bounds of the provider. This shouldn't break the performance
improvement, since we still allow other composited layers to be added infront.
It does mean in some cases we keep the scroll clipped backing store provider
open, and prevent accumulating sharing layers into a further forward unclipped
backing provider. I think given the support for multiple open clipped providers,
this is a good tradeoff.
Ideally, we'd allow accumulating bounds and adding to any provider, but that
seems like a riskier change, as we have to account for scrolling.
This also does a bit of cleanup, unifying the BackingSharingSnapshot and
preDescendantProviderStartLayer using a generation counter. It also adds a few
more comments, as I found the logic of why we end backing sharing sequences to
be hard to follow.
* LayoutTests/compositing/shared-backing/multiple-backing-sharing-providers-expected.html: Added.
* LayoutTests/compositing/shared-backing/multiple-backing-sharing-providers.html: Added.
* Source/WebCore/rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::BackingSharingState::snapshot const):
(WebCore::RenderLayerCompositor::BackingSharingState::generation const):
(WebCore::RenderLayerCompositor::BackingSharingState::addBackingSharingCandidate):
(WebCore::RenderLayerCompositor::BackingSharingState::endBackingSharingSequence):
(WebCore::RenderLayerCompositor::BackingSharingState::backingProviderCandidateForLayer):
(WebCore::RenderLayerCompositor::computeCompositingRequirements):
(WebCore::RenderLayerCompositor::traverseUnchangedSubtree):
(WebCore::RenderLayerCompositor::updateBackingSharingBeforeDescendantTraversal):
(WebCore::RenderLayerCompositor::updateBackingSharingAfterDescendantTraversal):
* Source/WebCore/rendering/RenderLayerCompositor.h:
Canonical link: https://commits.webkit.org/283515@main
Canonical link: https://commits.webkit.org/280938.338@safari-7619-branch
Commit: e99a4acc1d02894886fd46239707808a0bc80e01
https://github.com/WebKit/WebKit/commit/e99a4acc1d02894886fd46239707808a0bc80e01
Author: Megan Gardner <megan_gardner at apple.com>
Date: 2024-09-16 (Mon, 16 Sep 2024)
Changed paths:
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm
Log Message:
-----------
Cherry-pick 6d738e331c97. rdar://135760174
[Writing Tools] Initial animations don't clear if the text replacments come in quickly, like for a list.
https://bugs.webkit.org/show_bug.cgi?id=279474
rdar://135760174
Reviewed by Aditya Keerthi.
If the animations come in too quickly, we don't keep the UUID for the previous initial
animation around, and it ends up animating infinitely. We should clear any initial
animation that is active before starting a new one.
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm:
(WebKit::TextAnimationController::addInitialTextAnimationForActiveWritingToolsSession):
Canonical link: https://commits.webkit.org/283561@main
Canonical link: https://commits.webkit.org/280938.339@safari-7619-branch
Commit: a0dece736f45ee8e2d3ec1845c900cfb52798cd9
https://github.com/WebKit/WebKit/commit/a0dece736f45ee8e2d3ec1845c900cfb52798cd9
Author: Megan Gardner <megan_gardner at apple.com>
Date: 2024-09-16 (Mon, 16 Sep 2024)
Changed paths:
M Source/WebKit/WebKitSwift/TextAnimation/TextAnimationManager.swift
Log Message:
-----------
Cherry-pick 0f4ddf17cb97. rdar://135968031
[Writing Tools] No intelligence text animations show on iOS.
https://bugs.webkit.org/show_bug.cgi?id=279687
rdar://135968031
Reviewed by Aditya Keerthi.
Clipping this view to bounds clips the view out of existence.
* Source/WebKit/WebKitSwift/TextAnimation/TextAnimationManager.swift:
Canonical link: https://commits.webkit.org/283646@main
Canonical link: https://commits.webkit.org/280938.340@safari-7619-branch
Commit: f426b4ee06efa4b679c141b2b7eb213f00a96b42
https://github.com/WebKit/WebKit/commit/f426b4ee06efa4b679c141b2b7eb213f00a96b42
Author: Megan Gardner <megan_gardner at apple.com>
Date: 2024-09-16 (Mon, 16 Sep 2024)
Changed paths:
M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h
M Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.h
M Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm
M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
M Source/WebKit/UIProcess/PageClient.h
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebPageProxy.messages.in
M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
M Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm
M Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm
M Source/WebKit/WebProcess/WebPage/WebPage.h
Log Message:
-----------
Cherry-pick 10fc68dfe56c. rdar://135912178
[Writing Tools] Rename partialIntelligenceTextPonderingAnimation to partialIntelligenceTextAnimation since it isn't actually associated with pondering at all.
https://bugs.webkit.org/show_bug.cgi?id=279622
rdar://135912178
Reviewed by Aditya Keerthi.
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView compositionSession:didReceiveText:replacementRange:inContext:finished:]):
(-[WKWebView writingToolsSession:didReceiveAction:]):
(-[WKWebView _didEndPartialIntelligenceTextAnimation]):
(-[WKWebView _didEndPartialIntelligenceTextPonderingAnimation]): Deleted.
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h:
* Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.h:
* Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm:
(WebKit::PageClientImplCocoa::didEndPartialIntelligenceTextAnimation):
(WebKit::PageClientImplCocoa::didEndPartialIntelligenceTextPonderingAnimation): Deleted.
* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::didEndPartialIntelligenceTextAnimationImpl):
(WebKit::WebPageProxy::didEndPartialIntelligenceTextAnimation):
(WebKit::WebPageProxy::didEndPartialIntelligenceTextPonderingAnimationImpl): Deleted.
(WebKit::WebPageProxy::didEndPartialIntelligenceTextPonderingAnimation): Deleted.
* Source/WebKit/UIProcess/PageClient.h:
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:
* Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView replacementEffectDidComplete]):
* Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm:
(-[WKTextAnimationManager addTextAnimationForAnimationID:withData:]):
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm:
(WebKit::TextAnimationController::addDestinationTextAnimationForActiveWritingToolsSession):
* Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm:
(WebKit::WebPage::didEndPartialIntelligenceTextAnimation):
(WebKit::WebPage::didEndPartialIntelligenceTextPonderingAnimation): Deleted.
* Source/WebKit/WebProcess/WebPage/WebPage.h:
Canonical link: https://commits.webkit.org/283583@main
Canonical link: https://commits.webkit.org/280938.341@safari-7619-branch
Commit: 70c5ef46aa14d3bf98dcf359ca0ccc62006976c4
https://github.com/WebKit/WebKit/commit/70c5ef46aa14d3bf98dcf359ca0ccc62006976c4
Author: Timothy Hatcher <timothy at apple.com>
Date: 2024-09-16 (Mon, 16 Sep 2024)
Changed paths:
M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionActionCocoa.mm
M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionContextCocoa.mm
M Source/WebKit/UIProcess/Extensions/WebExtensionContext.h
Log Message:
-----------
Cherry-pick 4b8ccccbb028. rdar://135651344
File input types does not show open panel in Web Extension on Mac.
https://webkit.org/b/279417
rdar://135651344
Reviewed by Jeff Miller.
Implement the `webView:runOpenPanelWithParameters:initiatedByFrame:completionHandler:` delegate method on Mac
and use `NSOpenPanel` for an implementation. Hook it up to the background page, action, and sidebar web views.
This is not trivially testable in an API test due to the UI interaction required to complete. Tested manually
with a sample extension.
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionActionCocoa.mm:
(-[_WKWebExtensionActionWebViewDelegate webView:runOpenPanelWithParameters:initiatedByFrame:completionHandler:]): Added.
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionContextCocoa.mm:
(-[_WKWebExtensionContextDelegate webView:runOpenPanelWithParameters:initiatedByFrame:completionHandler:]): Added.
(WebKit::WebExtensionContext::runOpenPanel): Added.
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionSidebarCocoa.mm:
(-[_WKWebExtensionSidebarWebViewDelegate webView:runOpenPanelWithParameters:initiatedByFrame:completionHandler:]): Added.
* Source/WebKit/UIProcess/Extensions/WebExtensionContext.h:
Canonical link: https://commits.webkit.org/283418@main
Canonical link: https://commits.webkit.org/280938.342@safari-7619-branch
Commit: 7cdad7428f4d0d04e71cdaa9edec423fe17915a8
https://github.com/WebKit/WebKit/commit/7cdad7428f4d0d04e71cdaa9edec423fe17915a8
Author: Youenn Fablet <youenn at apple.com>
Date: 2024-09-17 (Tue, 17 Sep 2024)
Changed paths:
A LayoutTests/fast/mediastream/getDisplayMedia-max-constraints5-expected.txt
A LayoutTests/fast/mediastream/getDisplayMedia-max-constraints5.html
M LayoutTests/platform/glib/TestExpectations
M LayoutTests/platform/ios/TestExpectations
M LayoutTests/platform/mac-site-isolation/TestExpectations
M Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp
Log Message:
-----------
Cherry-pick e1dc7148f9e6. rdar://133611004
getDisplayMedia track clone does not copy its video constraints
rdar://133611004
https://bugs.webkit.org/show_bug.cgi?id=279605
Reviewed by Jean-Yves Avenard.
When cloning, we were copying current settings and constraints, but not the video constraints themselves.
These video constraints are used in case of configuration change, for to apply max size constraints in case of source video frame size change.
Video frame size change is happening for real display sources as we do not know the actual size until getting the first video frame.
When cloning before receiving the first video frame, our size computation would be wrong.
And whenever a window resize happens, it would also be wrong.
To prevent this, we copy the video constraints to the clone track like we do for settings.
Covered by a layout test that clones a track, and then trigger a source configuration change.
* LayoutTests/fast/mediastream/getDisplayMedia-max-constraints5-expected.txt: Added.
* LayoutTests/fast/mediastream/getDisplayMedia-max-constraints5.html: Added.
* LayoutTests/platform/glib/TestExpectations:
* LayoutTests/platform/ios/TestExpectations:
* LayoutTests/platform/mac-site-isolation/TestExpectations:
* Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp:
Canonical link: https://commits.webkit.org/283612@main
Canonical link: https://commits.webkit.org/280938.343@safari-7619-branch
Commit: 48f3a77e14a5abaa67927823aa9d5927f5e03597
https://github.com/WebKit/WebKit/commit/48f3a77e14a5abaa67927823aa9d5927f5e03597
Author: Megan Gardner <megan_gardner at apple.com>
Date: 2024-09-17 (Tue, 17 Sep 2024)
Changed paths:
M Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm
Log Message:
-----------
Cherry-pick 4a826bf145c6. rdar://135918945
[WritingTools] All text disappears upon animation of rewrite retry in Mail compose.
rdar://135918945
https://bugs.webkit.org/show_bug.cgi?id=279709
Reviewed by Aditya Keerthi.
Completion handler and active animation were not being reset, so on
a restart we got into a bad state and crashed.
* Source/WebKit/WebProcess/WebPage/Cocoa/TextAnimationController.mm:
(WebKit::TextAnimationController::addSourceTextAnimationForActiveWritingToolsSession):
(WebKit::TextAnimationController::addDestinationTextAnimationForActiveWritingToolsSession):
(WebKit::TextAnimationController::clearAnimationsForActiveWritingToolsSession):
Canonical link: https://commits.webkit.org/283722@main
Commit: 77592f3b8e280c0e4b18659049443a96c6a120cd
https://github.com/WebKit/WebKit/commit/77592f3b8e280c0e4b18659049443a96c6a120cd
Author: Youenn Fablet <youenn at apple.com>
Date: 2024-09-17 (Tue, 17 Sep 2024)
Changed paths:
A LayoutTests/imported/w3c/web-platform-tests/cors/preflight-cache-partitioning.sub.window-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/cors/preflight-cache-partitioning.sub.window.html
A LayoutTests/imported/w3c/web-platform-tests/cors/preflight-cache-partitioning.sub.window.js
A LayoutTests/imported/w3c/web-platform-tests/cors/resources/preflight-cache-partitioning-iframe.sub.html
A LayoutTests/imported/w3c/web-platform-tests/cors/resources/preflight-cache-partitioning.sub.html
A LayoutTests/imported/w3c/web-platform-tests/cors/resources/preflight-partitioning.py
M Source/WebCore/loader/CrossOriginAccessControl.cpp
M Source/WebCore/loader/CrossOriginAccessControl.h
M Source/WebCore/loader/CrossOriginPreflightChecker.cpp
M Source/WebCore/loader/CrossOriginPreflightResultCache.cpp
M Source/WebCore/loader/CrossOriginPreflightResultCache.h
M Source/WebCore/loader/DocumentThreadableLoader.cpp
M Source/WebCore/loader/DocumentThreadableLoader.h
M Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp
M Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.h
M Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
Log Message:
-----------
CORS-preflight cache is not partitioned by top-level site
rdar://135272104
Reviewed by Anne van Kesteren.
We were keying the preflight cache with a partition based on the fetch context origin.
After this patch, the partitioning will be based on the fetch context client origin (aka top context origin and fetch context origin).
This follows how other stored data like service workers or IDB are keyed.
This patch is switching NetworkCORSPreflightChecker topOrigin from a RefPtr to a Ref.
NetworkCORSPreflightChecker gets it from NetworkLoadChecker which is created by PingLoad and NetworkResourceLoader from its NetworkResourceLoadParameters.
As can be seen from WebLoaderStrategy code, NetworkResourceLoadParameters source origin and top origin are set even though they are made as RefPtr.
A follow-up patch should change NetworkResourceLoadParameters to use Ref instead of RefPtr.
Covered by imported WPT test.
* LayoutTests/imported/w3c/web-platform-tests/cors/preflight-cache-partitioning.sub.window-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/cors/preflight-cache-partitioning.sub.window.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/cors/preflight-cache-partitioning.sub.window.js: Added.
(promise_test.async t):
* LayoutTests/imported/w3c/web-platform-tests/cors/resources/preflight-cache-partitioning-iframe.sub.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/cors/resources/preflight-cache-partitioning.sub.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/cors/resources/preflight-partitioning.py: Added.
(main):
* Source/WebCore/loader/CrossOriginAccessControl.cpp:
(WebCore::validatePreflightResponse):
* Source/WebCore/loader/CrossOriginAccessControl.h:
* Source/WebCore/loader/CrossOriginPreflightChecker.cpp:
(WebCore::CrossOriginPreflightChecker::validatePreflightResponse):
* Source/WebCore/loader/CrossOriginPreflightResultCache.cpp:
(WebCore::CrossOriginPreflightResultCache::appendEntry):
(WebCore::CrossOriginPreflightResultCache::canSkipPreflight):
* Source/WebCore/loader/CrossOriginPreflightResultCache.h:
* Source/WebCore/loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
(WebCore::DocumentThreadableLoader::topOrigin const):
* Source/WebCore/loader/DocumentThreadableLoader.h:
* Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp:
(WebKit::NetworkCORSPreflightChecker::didReceiveChallenge):
(WebKit::NetworkCORSPreflightChecker::didCompleteWithError):
* Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.h:
* Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::checkCORSRequestWithPreflight):
Canonical link: https://commits.webkit.org/280938.345@safari-7619-branch
Commit: cb7a744125bac19662f1387eac6d58d73ca2fd8d
https://github.com/WebKit/WebKit/commit/cb7a744125bac19662f1387eac6d58d73ca2fd8d
Author: Mohsin Qureshi <mohsinq at apple.com>
Date: 2024-09-17 (Tue, 17 Sep 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7619.2.7
Commit: 769f3e2d397c6ac66fa41d69e4adb71ca72ad79e
https://github.com/WebKit/WebKit/commit/769f3e2d397c6ac66fa41d69e4adb71ca72ad79e
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-09-17 (Tue, 17 Sep 2024)
Changed paths:
M Source/WebCore/editing/WritingToolsCompositionCommand.cpp
M Source/WebCore/editing/WritingToolsCompositionCommand.h
M Source/WebCore/page/writing-tools/WritingToolsController.h
M Source/WebCore/page/writing-tools/WritingToolsController.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm
Log Message:
-----------
Cherry-pick addeb52fffc6. rdar://135741279
[Writing Tools] Text underneath replaced range does not animate smoothly
https://bugs.webkit.org/show_bug.cgi?id=279600
rdar://135741279
Reviewed by Richard Robinson.
Writing Tools supplies text to its delegate using
`-[WTWritingToolsDelegate compositionSession:didReceiveText:replacementRange:inContext:finished:]`.
However, the last replacement can end up calling the method twice with the same
content, varying only the finished parameter.
This is problematic for the animations, as an animation is only initiated on
the first call with `finished=false`, but both calls perform the same
replacement. The second, redundant, replacement results in text being modified
before the animation is complete, resulting in a bad animation.
Fix by removing the redundant replacement.
* Source/WebCore/editing/WritingToolsCompositionCommand.cpp:
(WebCore::WritingToolsCompositionCommand::replaceContentsOfRangeWithFragment):
(WebCore::WritingToolsCompositionCommand::commit):
* Source/WebCore/editing/WritingToolsCompositionCommand.h:
* Source/WebCore/page/writing-tools/WritingToolsController.h:
* Source/WebCore/page/writing-tools/WritingToolsController.mm:
(WebCore::WritingToolsController::compositionSessionDidReceiveTextWithReplacementRangeAsync):
Commit the command immediately after performing replacement if the finished flag was
observed with the same range.
(WebCore::WritingToolsController::compositionSessionDidReceiveTextWithReplacementRange):
If `finished` is true and the same replaced range is observed, simply commit
the overall replacement to the undo stack, and skip animations and redundant
replacement.
This is correct as replaced ranges will always have the same prefix. Additionally,
comparing to the replaced range keeps the logic robust against clients that
only send `finished=true` for the last replacement without a `finished=false`,
such as smart replies.
If the `finished` flag comes in while the same range is still pending application,
the command will be committed in `compositionSessionDidReceiveTextWithReplacementRangeAsync`.
(WebCore::WritingToolsController::restartCompositionForSession):
Reset the replaced range when a composition is restarted.
(WebCore::WritingToolsController::commitComposition):
Helper method to apply the command to the undo stack.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm:
Adjust tests to use the delegate in the same way that Writing Tools does.
(TEST(WritingTools, CompositionWithAttemptedEditing)):
(TEST(WritingTools, Composition)):
(TEST(WritingTools, CompositionRevert)):
(TEST(WritingTools, CompositionWithAttributedStringAttributes)):
(TEST(WritingTools, CompositionWithList)):
(TEST(WritingTools, CompositionWithTextAttachment)):
(TEST(WritingTools, CompositionWithNonImageAttachmentRoundTrip)):
(TEST(WritingTools, CompositionWithMultipleChunks)):
(TEST(WritingTools, CompositionWithTrailingNewlines)):
(TEST(WritingTools, CompositionWithTrailingBreaks)):
(TEST(WritingTools, ContextRangeWithNoSelection)):
(TEST(WritingTools, ContextRangeFromCaretSelection)):
(TEST(WritingTools, ContextRangeFromRangeSelection)):
Canonical link: https://commits.webkit.org/283725@main
Canonical link: https://commits.webkit.org/280938.347@safari-7619-branch
Commit: 40d1d040a0c70ac356b5cadf1c36b2b92b5ed6bd
https://github.com/WebKit/WebKit/commit/40d1d040a0c70ac356b5cadf1c36b2b92b5ed6bd
Author: Timothy Hatcher <timothy at apple.com>
Date: 2024-09-17 (Tue, 17 Sep 2024)
Changed paths:
M Source/WebKit/Shared/Extensions/_WKWebExtensionSQLiteStore.h
M Source/WebKit/Shared/Extensions/_WKWebExtensionSQLiteStore.mm
M Source/WebKit/UIProcess/Extensions/Cocoa/_WKWebExtensionStorageSQLiteStore.mm
Log Message:
-----------
Cherry-pick 4b61f0414c2c. rdar://136159837
DATA LOSS: currentDatabaseSchemaVersion is incorrect for Web Extension storage.
https://webkit.org/b/279831
rdar://problem/136159837
Reviewed by Brian Weinstein.
Safari shipped with a database schema version of 2, but when migrating to WebKit, the version was
incorrectly marked as 1. This mismatch was triggering a database schema reset, erasing all storage
data. However, since the schema for version 2 (Safari) and version 1 (WebKit) are identical, we simply
set the version and return the current version to avoid unnecessary data loss.
* Source/WebKit/Shared/Extensions/_WKWebExtensionSQLiteStore.h:
* Source/WebKit/Shared/Extensions/_WKWebExtensionSQLiteStore.mm:
(currentDatabaseSchemaVersion): Set to 2, matching Safari.
(-[_WKWebExtensionSQLiteStore _migrateToCurrentSchemaVersionIfNeeded]): Use _databaseSchemaVersion.
(-[_WKWebExtensionSQLiteStore _databaseSchemaVersion]): Added.
(-[_WKWebExtensionSQLiteStore _setDatabaseSchemaVersion:]): Removed "return 0;" dead code.
* Source/WebKit/UIProcess/Extensions/Cocoa/_WKWebExtensionStorageSQLiteStore.mm:
(-[_WKWebExtensionStorageSQLiteStore _migrateToCurrentSchemaVersionIfNeeded]): Added.
Canonical link: https://commits.webkit.org/283802@main
Canonical link: https://commits.webkit.org/280938.348@safari-7619-branch
Commit: a0d254158f58f5416c9dcc453c73a69ba6f54bd7
https://github.com/WebKit/WebKit/commit/a0d254158f58f5416c9dcc453c73a69ba6f54bd7
Author: Wenson Hsieh <wenson_hsieh at apple.com>
Date: 2024-09-17 (Tue, 17 Sep 2024)
Changed paths:
M Source/WTF/wtf/cocoa/RuntimeApplicationChecksCocoa.cpp
M Source/WTF/wtf/cocoa/RuntimeApplicationChecksCocoa.h
M Source/WebCore/loader/cache/CachedResourceLoader.cpp
M Source/WebCore/platform/RuntimeApplicationChecks.h
M Source/WebCore/platform/cocoa/RuntimeApplicationChecksCocoa.mm
M Source/WebCore/platform/network/DNS.cpp
Log Message:
-----------
Cherry-pick 4c19011fb597. rdar://134204964
REGRESSION (279835 at main): "My Ride K-12" iOS app fails to load
https://bugs.webkit.org/show_bug.cgi?id=278614
rdar://134204964
Reviewed by Chris Dumez.
The "My Ride K-12" app on iOS currently relies on navigating a web view to `0.0.0.0` for login.
After the changes in 279835 at main, this no longer works because the load is blocked.
Mitigate this by adding a linked-on-or-after check guarded behind an additional app bundle ID check,
so that the app will be forced to adapt to this change in order to move to the iOS 18 SDK (and then
we can subsequently remove this code).
* Source/WTF/wtf/cocoa/RuntimeApplicationChecksCocoa.cpp:
(WTF::computeSDKAlignedBehaviors):
* Source/WTF/wtf/cocoa/RuntimeApplicationChecksCocoa.h:
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestResource):
* Source/WebCore/platform/RuntimeApplicationChecks.h:
* Source/WebCore/platform/cocoa/RuntimeApplicationChecksCocoa.mm:
(WebCore::IOSApplication::isMyRideK12):
* Source/WebCore/platform/network/DNS.cpp:
(WebCore::isIPAddressDisallowed):
Canonical link: https://commits.webkit.org/282709@main
Canonical link: https://commits.webkit.org/280938.349@safari-7619-branch
Commit: 2050e7b0924fea8111d624499d1359b7337eded3
https://github.com/WebKit/WebKit/commit/2050e7b0924fea8111d624499d1359b7337eded3
Author: Jer Noble <jer.noble at apple.com>
Date: 2024-09-18 (Wed, 18 Sep 2024)
Changed paths:
M Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h
M Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm
Log Message:
-----------
Cherry-pick db72dcabba7e. rdar://134811678
[MSE][Cocoa] Playback pauses when HTMLMediaElement renderer is destroyed
rdar://134811678
https://bugs.webkit.org/show_bug.cgi?id=278945
Reviewed by Eric Carlson.
MediaPlayerPrivateMediaSourceAVFObjC will destroy any display layers when its HTMLMediaElement
is removed from the render tree (e.g., through being removed from the DOM or display:none).
When it does this, it querys whether all the renderers have video or audio for display, and if not
will pause the synchronizer and stall playback.
The check to see whether all the renderers have something to display should query whether any
renderers exist, not just whether a video track exists.
* Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::maybeCompleteSeek):
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::updateAllRenderersHaveAvailableSamples):
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setReadyState):
Canonical link: https://commits.webkit.org/283161@main
Canonical link: https://commits.webkit.org/280938.350@safari-7619-branch
Commit: beefe2561599798c281093cab71a06502deb2650
https://github.com/WebKit/WebKit/commit/beefe2561599798c281093cab71a06502deb2650
Author: Joshua Hoffman <jhoffman23 at apple.com>
Date: 2024-09-18 (Wed, 18 Sep 2024)
Changed paths:
A LayoutTests/accessibility/iframe-content-inert-expected.txt
A LayoutTests/accessibility/iframe-content-inert.html
A LayoutTests/accessibility/iframe-content-visibility-expected.txt
A LayoutTests/accessibility/iframe-content-visibility.html
A LayoutTests/accessibility/resources/iframe-button.html
M Source/WebCore/accessibility/AXObjectCache.cpp
M Source/WebCore/accessibility/AccessibilityObject.cpp
M Source/WebCore/accessibility/AccessibilityObject.h
M Source/WebCore/accessibility/AccessibilityRenderObject.h
M Source/WebCore/accessibility/AccessibilityScrollView.cpp
M Source/WebCore/accessibility/AccessibilityScrollView.h
M Source/WebCore/rendering/RenderElement.cpp
Log Message:
-----------
Cherry-pick 3d864212d2b1. rdar://134318347
AX: iframe within inert, hidden element is exposed to ATs
https://bugs.webkit.org/show_bug.cgi?id=278370
rdar://134318347
Reviewed by Tyler Wilcock.
This patch fixes an issue where iFrames with a style of `visibility: hidden` or the inert attribute,
both of which should hide the element and its children to ATs, fails to hide the iFrame's children.
To fix this, isIgnored() needs to iterate up the web areas and their iFrame renderers, to check whether
they are non-visible or if they are effectively inert. These properties/styles don't get passed from
the iFrame's parent document to the iFrame's document, so this iteration is necessary.
For the isolated tree to update properly, the children of the iframe need to dirty its subtree. However,
when AXObjectCache::handleChildrenChanged tries to handle a ScrollView (which happens when attributes on
the iFrame element are changed), we bail before dirtying the subtree because scroll views don't have
nodes nor renderers. To resolve this, this patch adds logic in handleChildrenChanged to propogate
setNeedsToUpdateSubtree and setNeedsToUpdateChildren down to the iFrame's WebArea.
* LayoutTests/accessibility/iframe-content-inert-expected.txt: Added.
* LayoutTests/accessibility/iframe-content-inert.html: Added.
* LayoutTests/accessibility/iframe-content-visibility-expected.txt: Added.
* LayoutTests/accessibility/iframe-content-visibility.html: Added.
* LayoutTests/accessibility/resources/iframe-button.html: Added.
New tests to test `visibility: hidden`, `inert` style/attribute on iFrames.
* Source/WebCore/accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::handleChildrenChanged):
* Source/WebCore/accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::defaultObjectInclusion const):
(WebCore::AccessibilityObject::webArea const):
* Source/WebCore/accessibility/AccessibilityObject.h:
(WebCore::AccessibilityObject::shouldWebAreaExposeChildren const):
* Source/WebCore/accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::shouldWebAreaExposeChildren const):
* Source/WebCore/accessibility/AccessibilityRenderObject.h:
* Source/WebCore/accessibility/AccessibilityScrollView.cpp:
(WebCore::AccessibilityScrollView::updateScrollbars):
(WebCore::AccessibilityScrollView::removeChildScrollbar):
* Source/WebCore/accessibility/AccessibilityScrollView.h:
* Source/WebCore/rendering/RenderWidget.cpp:
(WebCore::RenderWidget::styleDidChange):
Canonical link: https://commits.webkit.org/283416@main
Canonical link: https://commits.webkit.org/280938.351@safari-7619-branch
Commit: f8f150d2bc41cf85d4c735770fe9f06dd78412ff
https://github.com/WebKit/WebKit/commit/f8f150d2bc41cf85d4c735770fe9f06dd78412ff
Author: Kimmo Kinnunen <kkinnunen at apple.com>
Date: 2024-09-18 (Wed, 18 Sep 2024)
Changed paths:
M Source/WebCore/html/HTMLVideoElement.cpp
M Source/WebCore/html/HTMLVideoElement.h
M Source/WebCore/html/ImageBitmap.cpp
M Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp
M Source/WebCore/platform/VideoFrame.cpp
M Source/WebCore/platform/VideoFrame.h
M Source/WebCore/platform/graphics/BifurcatedGraphicsContext.cpp
M Source/WebCore/platform/graphics/BifurcatedGraphicsContext.h
M Source/WebCore/platform/graphics/GraphicsContext.cpp
M Source/WebCore/platform/graphics/GraphicsContext.h
M Source/WebCore/platform/graphics/GraphicsContextGL.cpp
M Source/WebCore/platform/graphics/MediaPlayer.cpp
M Source/WebCore/platform/graphics/MediaPlayer.h
M Source/WebCore/platform/graphics/NullGraphicsContext.h
M Source/WebCore/platform/graphics/cv/VideoFrameCV.mm
M Source/WebCore/platform/graphics/displaylists/DisplayListItem.h
M Source/WebCore/platform/graphics/displaylists/DisplayListItems.cpp
M Source/WebCore/platform/graphics/displaylists/DisplayListItems.h
M Source/WebCore/platform/graphics/displaylists/DisplayListRecorder.cpp
M Source/WebCore/platform/graphics/displaylists/DisplayListRecorder.h
M Source/WebCore/platform/graphics/displaylists/DisplayListRecorderImpl.cpp
M Source/WebCore/platform/graphics/displaylists/DisplayListRecorderImpl.h
M Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp
M Source/WebCore/platform/graphics/gstreamer/VideoFrameGStreamer.cpp
M Source/WebCore/platform/graphics/nicosia/cairo/NicosiaCairoOperationRecorder.cpp
M Source/WebCore/platform/graphics/nicosia/cairo/NicosiaCairoOperationRecorder.h
M Source/WebCore/rendering/RenderVideo.cpp
M Source/WebKit/GPUProcess/graphics/RemoteDisplayListRecorder.cpp
M Source/WebKit/GPUProcess/graphics/RemoteDisplayListRecorder.h
M Source/WebKit/GPUProcess/graphics/RemoteDisplayListRecorder.messages.in
M Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.h
M Source/WebKit/Shared/DisplayListArgumentCoders.serialization.in
M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
M Source/WebKit/WebProcess/GPU/graphics/RemoteDisplayListRecorderProxy.cpp
M Source/WebKit/WebProcess/GPU/graphics/RemoteDisplayListRecorderProxy.h
M Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp
M Source/WebKit/WebProcess/GPU/media/cocoa/MediaPlayerPrivateRemoteCocoa.mm
Log Message:
-----------
Cherry-pick 63ca1cca5ba5. rdar://98523368
GPUP deadlock shutting down RemoteRenderingBackend while drawing a MediaPlayer
https://bugs.webkit.org/show_bug.cgi?id=243838
rdar://98523368
Reviewed by Youenn Fablet.
GPUP would deadlock in scenario where:
- RemoteRenderingBackend would be torn down due to, say, connection
closing. GPUP main thread would wait to complete to shut down RRB
work queue.
- RRB would execute RemoteDisplayListRecorder::paintFrameForMedia
which would try to run a synchronous task from RRB work queue
in main thread, painting the media player to a ImageBuffer
Since main thread would be waiting, it wouldn't run the
paintFrameForMedia.
The paintFrameForMedia is a command that draws current frame of media player
into the GraphicsContext. This doesn't particularly make sense, as
the "current time" would refer to the original draw time in WCP, but
as implemented, the frame would be snapshot at the actual draw command
execution time.
Instead, do:
- Obtain reference to current video frame from the media player
- Draw that video frame
In GPUP, remote media players create the frames in their queue
(main thread). Remote rendering accesses the video frames by their
read references through the video frame object heap.
* Source/WebCore/html/HTMLVideoElement.cpp:
(WebCore::HTMLVideoElement::paint):
Added the plain paint() function to signify paint from render objects.
This probably existed at some point, as a caller to VideoPlayer::paint().
Otherwise snapshots and WKTR captures would make the video element
signal that the video element is needed for 2d context/WebGL, and
force updates, failing media/video-page-visibility-restriction.html.
The added function uses MediaPlayer::paint(), which was dead code
previously.
(WebCore::HTMLVideoElement::paintCurrentFrameInContext):
* Source/WebCore/html/HTMLVideoElement.h:
* Source/WebCore/html/ImageBitmap.cpp:
(WebCore::ImageBitmap::createCompletionHandler):
* Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp:
(WebCore::CanvasRenderingContext2DBase::drawImage):
* Source/WebCore/platform/VideoFrame.cpp:
(WebCore::VideoFrame::draw):
(WebCore::VideoFrame::paintInContext): Deleted.
* Source/WebCore/platform/VideoFrame.h:
* Source/WebCore/platform/graphics/BifurcatedGraphicsContext.cpp:
(WebCore::BifurcatedGraphicsContext::drawVideoFrame):
(WebCore::BifurcatedGraphicsContext::paintFrameForMedia): Deleted.
* Source/WebCore/platform/graphics/BifurcatedGraphicsContext.h:
* Source/WebCore/platform/graphics/GraphicsContext.cpp:
(WebCore::GraphicsContext::drawVideoFrame):
(WebCore::GraphicsContext::paintFrameForMedia): Deleted.
(WebCore::GraphicsContext::paintVideoFrame): Deleted.
* Source/WebCore/platform/graphics/GraphicsContext.h:
* Source/WebCore/platform/graphics/GraphicsContextGL.cpp:
(WebCore::GraphicsContextGL::videoFrameToImage):
* Source/WebCore/platform/graphics/NullGraphicsContext.h:
* Source/WebCore/platform/graphics/cv/VideoFrameCV.mm:
(WebCore::VideoFrame::draw):
(WebCore::VideoFrame::paintInContext): Deleted.
* Source/WebCore/platform/graphics/displaylists/DisplayListItem.h:
* Source/WebCore/platform/graphics/displaylists/DisplayListItems.cpp:
(WebCore::DisplayList::PaintFrameForMedia::PaintFrameForMedia): Deleted.
(WebCore::DisplayList::PaintFrameForMedia::apply const): Deleted.
(WebCore::DisplayList::PaintFrameForMedia::dump const): Deleted.
* Source/WebCore/platform/graphics/displaylists/DisplayListItems.h:
(WebCore::DisplayList::PaintFrameForMedia::identifier const): Deleted.
(WebCore::DisplayList::PaintFrameForMedia::destination const): Deleted.
(WebCore::DisplayList::PaintFrameForMedia::isValid const): Deleted.
* Source/WebCore/platform/graphics/displaylists/DisplayListRecorder.cpp:
(WebCore::DisplayList::Recorder::drawVideoFrame):
(WebCore::DisplayList::Recorder::paintFrameForMedia): Deleted.
(WebCore::DisplayList::Recorder::paintVideoFrame): Deleted.
* Source/WebCore/platform/graphics/displaylists/DisplayListRecorder.h:
* Source/WebCore/platform/graphics/displaylists/DisplayListRecorderImpl.cpp:
(WebCore::DisplayList::RecorderImpl::recordDrawVideoFrame):
(WebCore::DisplayList::RecorderImpl::recordPaintFrameForMedia): Deleted.
(WebCore::DisplayList::RecorderImpl::recordPaintVideoFrame): Deleted.
* Source/WebCore/platform/graphics/displaylists/DisplayListRecorderImpl.h:
* Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
(WebCore::MediaPlayerPrivateGStreamer::paint):
* Source/WebCore/platform/graphics/gstreamer/VideoFrameGStreamer.cpp:
(WebCore::VideoFrame::draw):
(WebCore::VideoFrame::paintInContext): Deleted.
* Source/WebCore/platform/graphics/nicosia/cairo/NicosiaCairoOperationRecorder.cpp:
(Nicosia::CairoOperationRecorder::drawVideoFrame):
(Nicosia::CairoOperationRecorder::paintFrameForMedia): Deleted.
* Source/WebCore/platform/graphics/nicosia/cairo/NicosiaCairoOperationRecorder.h:
* Source/WebCore/rendering/RenderVideo.cpp:
(WebCore::RenderVideo::paintReplaced):
* Source/WebKit/GPUProcess/graphics/RemoteDisplayListRecorder.cpp:
(WebKit::RemoteDisplayListRecorder::drawVideoFrame):
(WebKit::RemoteDisplayListRecorder::paintFrameForMedia): Deleted.
(WebKit::RemoteDisplayListRecorder::paintVideoFrame): Deleted.
* Source/WebKit/GPUProcess/graphics/RemoteDisplayListRecorder.h:
* Source/WebKit/GPUProcess/graphics/RemoteDisplayListRecorder.messages.in:
* Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.h:
* Source/WebKit/Shared/DisplayListArgumentCoders.serialization.in:
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
* Source/WebKit/WebProcess/GPU/graphics/RemoteDisplayListRecorderProxy.cpp:
(WebKit::RemoteDisplayListRecorderProxy::recordDrawVideoFrame):
(WebKit::RemoteDisplayListRecorderProxy::recordPaintFrameForMedia): Deleted.
(WebKit::RemoteDisplayListRecorderProxy::recordPaintVideoFrame): Deleted.
* Source/WebKit/WebProcess/GPU/graphics/RemoteDisplayListRecorderProxy.h:
Canonical link: https://commits.webkit.org/283637@main
Canonical link: https://commits.webkit.org/280938.352@safari-7619-branch
Commit: 85d061be2854ab38354be01ae4fc4307b038f67f
https://github.com/WebKit/WebKit/commit/85d061be2854ab38354be01ae4fc4307b038f67f
Author: Daniel Liu <danlliu at umich.edu>
Date: 2024-09-18 (Wed, 18 Sep 2024)
Changed paths:
M JSTests/stress/regexp-vflag-property-of-strings.js
M Source/JavaScriptCore/yarr/YarrPattern.cpp
Log Message:
-----------
Perform a second sort on characters in case-insensitive disjunction
https://bugs.webkit.org/show_bug.cgi?id=279780
rdar://135576504
Reviewed by Yusuke Suzuki and Michael Saboff.
Certain ASCII characters can introduce Unicode characters (and vice versa)
when we add all case variations in a case insensitive regex. This leads to
incorrect behavior in performSetOpWithMatches, since we assume that the
matches are in sorted order.
* Source/JavaScriptCore/yarr/YarrPattern.cpp:
(JSC::Yarr::CharacterClassConstructor::atomClassStringDisjunction):
Canonical link: https://commits.webkit.org/280938.353@safari-7619-branch
Commit: c79fe02b4274a55c71ef3fb2484bacc35c7000a5
https://github.com/WebKit/WebKit/commit/c79fe02b4274a55c71ef3fb2484bacc35c7000a5
Author: Chris Dumez <cdumez at apple.com>
Date: 2024-09-18 (Wed, 18 Sep 2024)
Changed paths:
M Source/WebKit/Shared/WebProcessCreationParameters.h
M Source/WebKit/Shared/WebProcessCreationParameters.serialization.in
Log Message:
-----------
Cherry-pick 9d89447e8030. rdar://136183540
Unreviewed Catalyst build fix after 283795 at main
https://bugs.webkit.org/show_bug.cgi?id=279850
rdar://136183540
* Source/WebKit/Shared/WebProcessCreationParameters.h:
Canonical link: https://commits.webkit.org/283809@main
Canonical link: https://commits.webkit.org/280938.354@safari-7619-branch
Commit: 16fd7c65d34bd5fe9c650ccc559bfc6592ba2db9
https://github.com/WebKit/WebKit/commit/16fd7c65d34bd5fe9c650ccc559bfc6592ba2db9
Author: Per Arne Vollan <pvollan at apple.com>
Date: 2024-09-18 (Wed, 18 Sep 2024)
Changed paths:
M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
M Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebPageProxy.messages.in
M Source/WebKit/UIProcess/WebPageProxyInternals.h
M Source/WebKit/UIProcess/WebProcessPool.h
M Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm
Log Message:
-----------
Cherry-pick 1ce83d6be586. rdar://133245137
Get hardware keyboard state off the main thread
https://bugs.webkit.org/show_bug.cgi?id=278885
rdar://133245137
Reviewed by Chris Dumez.
In order to avoid blocking the main thread, get the hardware keyboard state off the main thread.
This is being done in the Web process pool, which holds the cached value for the keyboard state.
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _initializeWithConfiguration:]):
* Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::platformInitialize):
(WebKit::WebProcessPool::cachedHardwareKeyboardState):
(WebKit::WebProcessPool::setCachedHardwareKeyboardState):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::creationParameters):
* Source/WebKit/UIProcess/WebPageProxyInternals.h:
* Source/WebKit/UIProcess/WebProcessPool.h:
* Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm:
(WebKit::WebPageProxy::platformInitialize):
(WebKit::WebPageProxy::hardwareKeyboardAvailabilityChanged):
Canonical link: https://commits.webkit.org/283035@main
Canonical link: https://commits.webkit.org/280938.355@safari-7619-branch
Commit: f632e3bb527cc354af1968e680bf5143e20638c6
https://github.com/WebKit/WebKit/commit/f632e3bb527cc354af1968e680bf5143e20638c6
Author: Antti Koivisto <antti at apple.com>
Date: 2024-09-18 (Wed, 18 Sep 2024)
Changed paths:
A LayoutTests/imported/w3c/web-platform-tests/css/css-contain/container-queries/style-query-document-element-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/css/css-contain/container-queries/style-query-document-element.html
M Source/WebCore/style/ContainerQueryEvaluator.cpp
Log Message:
-----------
Cherry-pick 8388b64db456. rdar://124875999
Styled container query does not work on body tag
https://bugs.webkit.org/show_bug.cgi?id=271040
rdar://124875999
Reviewed by Antoine Quint.
Document element can't currently be a style container.
* LayoutTests/imported/w3c/web-platform-tests/css/css-conditional/container-queries/style-query-document-element-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-conditional/container-queries/style-query-document-element.html: Added.
* Source/WebCore/style/ContainerQueryEvaluator.cpp:
(WebCore::Style::ContainerQueryEvaluator::featureEvaluationContextForQuery const):
In case of root element container, use its own style as parent style, similar to what is done in Style::Resolver.
Canonical link: https://commits.webkit.org/283480@main
Canonical link: https://commits.webkit.org/280938.356@safari-7619-branch
Commit: bd4ee0e04d7168b796b26cb22035aea61ad37805
https://github.com/WebKit/WebKit/commit/bd4ee0e04d7168b796b26cb22035aea61ad37805
Author: Timothy Hatcher <timothy at apple.com>
Date: 2024-09-18 (Wed, 18 Sep 2024)
Changed paths:
M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionContextCocoa.mm
M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionURLSchemeHandlerCocoa.mm
M Source/WebKit/UIProcess/Extensions/WebExtensionContext.h
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPILocalization.mm
Log Message:
-----------
Cherry-pick 7f56575f47fc. rdar://135814395
Web Extensions do not replace @@extension_id in CSS resources.
https://webkit.org/b/279546
rdar://135814395
Reviewed by Jeff Miller and Brian Weinstein.
Have `WebExtensionContext` contain a copy of the localization for CSS resources.
The `WebExtension` localization cannot hold the extension identifier since each context has its own
identifier, derived from the base URL. We previously addressed this for `WebExtensionContextProxy`
in the WebProcess, but missed doing so for CSS resources in the UI process.
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionContextCocoa.mm:
(WebKit::WebExtensionContext::localization): Added.
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionURLSchemeHandlerCocoa.mm:
(WebKit::WebExtensionURLSchemeHandler::platformStartTask): Use the localization from the extension context.
* Source/WebKit/UIProcess/Extensions/WebExtensionContext.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPILocalization.mm:
(TestWebKitAPI::TEST(WKWebExtensionAPILocalization, CSSLocalization)): Added.
Canonical link: https://commits.webkit.org/283522@main
Update Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPILocalization.mm
Co-authored-by: Timothy Hatcher <timothy at hatcher.name>
Update Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPILocalization.mm
Co-authored-by: Timothy Hatcher <timothy at hatcher.name>
Update Source/WebKit/UIProcess/Extensions/WebExtensionContext.h
Co-authored-by: Timothy Hatcher <timothy at hatcher.name>
Conflict resolution suggestions
* Source/WebKit/UIProcess/Extensions/WebExtensionContext.h:
Canonical link: https://commits.webkit.org/280938.357@safari-7619-branch
Commit: d98dfa9f17b5fa12502ca042adf4cb8c12e3ab2e
https://github.com/WebKit/WebKit/commit/d98dfa9f17b5fa12502ca042adf4cb8c12e3ab2e
Author: Per Arne Vollan <pvollan at apple.com>
Date: 2024-09-18 (Wed, 18 Sep 2024)
Changed paths:
M Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
M Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm
Log Message:
-----------
Cherry-pick f67104ca0804. rdar://133272264
AVIF not shown in MacCatalyst WKWebView
https://bugs.webkit.org/show_bug.cgi?id=279813
rdar://133272264
Reviewed by Brent Fulgham, Said Abou-Hallawa, and Chris Dumez.
On macOS, we create a Mach sandbox extension to trustd, if TRUSTD_BLOCKING_IN_WEBCONTENT is not enabled.
We should do the same on MacCatalyst, which will grant temporary access to trustd and enable rendering
of AVIF images.
* Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::platformInitializeWebProcess):
* Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeWebProcess):
Canonical link: https://commits.webkit.org/283795@main
Canonical link: https://commits.webkit.org/280938.358@safari-7619-branch
Commit: e131721d29ab9ee380fdda535a661d74bee40a85
https://github.com/WebKit/WebKit/commit/e131721d29ab9ee380fdda535a661d74bee40a85
Author: Chris Dumez <cdumez at apple.com>
Date: 2024-09-19 (Thu, 19 Sep 2024)
Changed paths:
M Source/WebKit/UIProcess/WebPageProxy.cpp
Log Message:
-----------
Cherry-pick 031f29e819. rdar://135517174
Null dereference crash of pageClient under WebPageProxy::performDragOperation()
https://bugs.webkit.org/show_bug.cgi?id=279843
rdar://135517174
Reviewed by Ryosuke Niwa.
Null check the pageClient before using it.
In a follow-up, I'll make this API less error prone but I'm intentionally
keeping this PR small so it can get cherry-picked.
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::performDragOperation):
Canonical link: https://commits.webkit.org/280938.359@safari-7619-branch
Commit: 784e40007987a400fb63b42caa2a84fd0c5f163d
https://github.com/WebKit/WebKit/commit/784e40007987a400fb63b42caa2a84fd0c5f163d
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-09-19 (Thu, 19 Sep 2024)
Changed paths:
M Source/WebCore/editing/cocoa/HTMLConverter.h
M Source/WebCore/editing/cocoa/HTMLConverter.mm
M Source/WebCore/page/writing-tools/WritingToolsController.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm
Log Message:
-----------
Cherry-pick 78c0b4e87065. rdar://135890006
[Writing Tools] Rewrite and other Writing Tools functions may rarely fail when selecting specific types of complex content in Safari
https://bugs.webkit.org/show_bug.cgi?id=279791
rdar://135890006
Reviewed by Aditya Keerthi.
Certain types of HTML content may result in a node which contains text but which does not have a renderer,
such as when there is an omit-able trailing newline in flex content. Currently, the attributed string logic
skips over these cases, but iterating with TextIterator does not. This results in mismatched range lengths.
Fix by having the attributed string logic not skip these cases and match the TextIterator behavior. To reduce
risk, only apply this change when the corresponding option is specified.
Add a test for this.
Drive-by fix: Clean up another test by removing some duplicated code.
* Source/WebCore/editing/cocoa/HTMLConverter.h:
* Source/WebCore/editing/cocoa/HTMLConverter.mm:
(hasAncestorQualifyingForWritingToolsPreservation):
(setAttributesWithStyle):
(WebCore::editingAttributedString):
* Source/WebCore/page/writing-tools/WritingToolsController.mm:
(WebCore::WritingToolsController::willBeginWritingToolsSession):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm:
(TEST(WritingTools, SuggestedTextIsSelectedAfterSmartReply)):
(TEST(WritingTools, CompositionWithOmittedTrailingWhitespaceContent)):
Canonical link: https://commits.webkit.org/283781@main
Canonical link: https://commits.webkit.org/280938.360@safari-7619-branch
Commit: 687d4c968228d15fc58d8c29b341f1e9698d214a
https://github.com/WebKit/WebKit/commit/687d4c968228d15fc58d8c29b341f1e9698d214a
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-09-19 (Thu, 19 Sep 2024)
Changed paths:
M Source/WebCore/page/writing-tools/WritingToolsController.mm
Log Message:
-----------
Cherry-pick 80fc229f71fe. rdar://136199712
REGRESSION (283725 at main): [Writing Tools] Rewritten text is selected during replacement animation
https://bugs.webkit.org/show_bug.cgi?id=279868
rdar://136199712
Reviewed by Richard Robinson.
Writing Tools rewrites are performed using `ReplaceSelectionCommand` with the
`SelectReplacement` option. However, the user should only see the updated
selection once all animations are complete. To support this, intermediate
selections are cleared after replacement, and only the final content is selected
in `WritingToolsController::intelligenceTextAnimationsDidComplete`.
283725 at main applied the replacement command after the call to clear the
selection, resulting in the selection being set too early, before the call to
`WritingToolsController::intelligenceTextAnimationsDidComplete`.
Fix by re-ordering the command application to occur before clearing the selection.
* Source/WebCore/page/writing-tools/WritingToolsController.mm:
(WebCore::WritingToolsController::compositionSessionDidReceiveTextWithReplacementRangeAsync):
Canonical link: https://commits.webkit.org/283827@main
Canonical link: https://commits.webkit.org/280938.361@safari-7619-branch
Commit: 31b3eb1c56702333d0e8cb54f53f71928db16697
https://github.com/WebKit/WebKit/commit/31b3eb1c56702333d0e8cb54f53f71928db16697
Author: Mohsin Qureshi <mohsinq at apple.com>
Date: 2024-09-20 (Fri, 20 Sep 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7619.2.8
Commit: 6a7988d906673dd3da949f63574d79cf7b0969b2
https://github.com/WebKit/WebKit/commit/6a7988d906673dd3da949f63574d79cf7b0969b2
Author: Frédéric Wang <fwang at igalia.com>
Date: 2024-09-20 (Fri, 20 Sep 2024)
Changed paths:
A LayoutTests/platform/glib/svg/stroke/nan-stroke-width-crash-expected.txt
A LayoutTests/platform/ios/svg/stroke/nan-stroke-width-crash-expected.txt
A LayoutTests/platform/mac/svg/stroke/nan-stroke-width-crash-expected.txt
A LayoutTests/svg/stroke/nan-stroke-width-crash.html
M Source/WebCore/rendering/svg/RenderSVGShape.cpp
M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGShape.cpp
Log Message:
-----------
Cherry-pick 280938.2 at webkit-2024.7-embargoed (c044da77e2dd). rdar://126635831
Interpret NaN values in (Legacy)RenderSVGShape::strokeWidth() as 0.
https://bugs.webkit.org/show_bug.cgi?id=276898
rdar://126635831
Reviewed by Simon Fraser.
* LayoutTests/platform/gtk/svg/stroke/nan-stroke-width-crash-expected.txt: Added.
* LayoutTests/svg/stroke/nan-stroke-width-crash.html: Added.
* Source/WebCore/rendering/svg/RenderSVGShape.cpp:
(WebCore::RenderSVGShape::strokeWidth const): Map NaN values to 0.
* Source/WebCore/rendering/svg/legacy/LegacyRenderSVGShape.cpp:
(WebCore::LegacyRenderSVGShape::strokeWidth const): Ditto.
Canonical link: https://commits.webkit.org/280938.2@webkit-2024.7-embargoed
Canonical link: https://commits.webkit.org/280938.363@safari-7619-branch
Commit: ba211c276818d8b08e4ce7438804c44a500eb083
https://github.com/WebKit/WebKit/commit/ba211c276818d8b08e4ce7438804c44a500eb083
Author: Frédéric Wang <fwang at igalia.com>
Date: 2024-09-20 (Fri, 20 Sep 2024)
Changed paths:
A LayoutTests/media/modern-media-controls/css/transformed-media-crash-expected.txt
A LayoutTests/media/modern-media-controls/css/transformed-media-crash.html
M Source/WebCore/platform/graphics/ca/TileGrid.cpp
Log Message:
-----------
Cherry-pick 280938.3 at webkit-2024.7-embargoed (4505ee60c56b). rdar://127498217
Prevent pathological case when tiling coverage rect
https://bugs.webkit.org/show_bug.cgi?id=273698
rdar://127498217
Reviewed by Simon Fraser.
GraphicsLayerCA::computeVisibleAndCoverageRect() calculates coverage
rect by taking the bounding box of a planar quad with inverse
accumulated transforms applied. For some transforms (e.g. skewing along
an axis by a close-to-90° angle) this bounding box can become very large
while at the same time the dimension of tiles returned by
TileController::computeTileSize() is upper-bounded by some constant.
As a consequence, TileGrid::ensureTilesForRect() can generate a very
large number of tiled-backing-tile layers. Committing these layer
creations/changes can lead to sending a message that exceeds the
limit of the low-level IPC library (cf MACH_SEND_TOO_LARGE error code).
To work around that, we impose a limit over the number of tiles.
* LayoutTests/media/modern-media-controls/css/transformed-media-crash-expected.txt: Added.
* LayoutTests/media/modern-media-controls/css/transformed-media-crash.html: Added.
* Source/WebCore/platform/graphics/ca/TileGrid.cpp:
(WebCore::TileGrid::ensureTilesForRect): Introduce a maximum number of tiles.
Canonical link: https://commits.webkit.org/280938.3@webkit-2024.7-embargoed
Canonical link: https://commits.webkit.org/280938.364@safari-7619-branch
Commit: a57209052b19c80e3ea60a6ae383d5a46191988b
https://github.com/WebKit/WebKit/commit/a57209052b19c80e3ea60a6ae383d5a46191988b
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-09-20 (Fri, 20 Sep 2024)
Changed paths:
M Source/WebCore/editing/cocoa/HTMLConverter.mm
M Source/WebCore/page/writing-tools/WritingToolsController.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm
Log Message:
-----------
Cherry-pick 958f4375433b. rdar://136234063
[Writing Tools] Lists are sometimes erroneously preserved after performing a Rewrite
https://bugs.webkit.org/show_bug.cgi?id=279907
rdar://136234063
Reviewed by Abrar Rahman Protyasha and Aditya Keerthi.
When rewriting some content that has lists within it, the tab characters preceding and succeeding the tab bullet
points mistakenly get the `WTWritingToolsPreserved` attribute applied to them. This is because currently, all elements
with `whitespace:pre` have the attribute added. However, tabs are unique because when inserting a tab character, WebKit
automatically generates a span and applies the `whitespace:pre` property to it.
Fix by checking for this special case and avoiding the attribute.
This fix also has the benefit of slightly improving the rewrite animations, since there are less partial replacements
involved now.
Also add a test.
* Source/WebCore/editing/cocoa/HTMLConverter.mm:
(elementQualifiesForWritingToolsPreservation):
(hasAncestorQualifyingForWritingToolsPreservation):
* Source/WebCore/page/writing-tools/WritingToolsController.mm:
(WebCore::WritingToolsController::compositionSessionDidReceiveTextWithReplacementRange):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm:
(TEST(WritingTools, CompositionWithTabCharacters)):
Canonical link: https://commits.webkit.org/283883@main
Canonical link: https://commits.webkit.org/280938.365@safari-7619-branch
Commit: 3ea2f93b780300b15aa15c2231521693cf2e3cb0
https://github.com/WebKit/WebKit/commit/3ea2f93b780300b15aa15c2231521693cf2e3cb0
Author: Tyler Wilcock <tyler_w at apple.com>
Date: 2024-09-20 (Fri, 20 Sep 2024)
Changed paths:
M Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp
M Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.h
Log Message:
-----------
Cherry-pick c432de069570. rdar://136329962
REGRESSION(282266 at main): Accessibility tree updates on large webpages are slow due to repeated m_pendingProtectedFromDeletionIDs.formUnion() calls
https://bugs.webkit.org/show_bug.cgi?id=280031
rdar://136329962
Reviewed by Andres Gonzalez and Chris Fleizach.
In https://commits.webkit.org/282266@main, we changed this code in `queueRemovalsLocked` from:
m_pendingProtectedFromDeletionIDs.formUnion(std::exchange(m_protectedFromDeletionIDs, { }));
to:
if (m_protectedFromDeletionIDsIsDirty)
m_pendingProtectedFromDeletionIDs.formUnion(m_protectedFromDeletionIDs);
The thought was that m_protectedFromDeletionIDsIsDirty would rarely become dirty and then get flushed, so the O(n)
behavior introduced would be fine. However, some webpages behave in ways that constantly dirty this list, and
m_protectedFromDeletionIDs can get extremely large, making the constant formUnion calls expensive.
The only reason formUnion(std::exchange(m_protectedFromDeletionIDs, { })) was problematic in the first place was because some
AXIsolatedTree::updateChildren iterations would queueRemovals separately from queueing appends, meaning we could delete
objects we shouldn't have been deleting. With this commit, we move back to std::exchange(m_protectedFromDeletionIDs, { }),
and solve the problem in a more logical way — force AXIsolatedTree::updateChildren to queue its appends and removals
at the same time by removing the else branch at the bottom of updateChildren:
if (resolveNodeChanges == ResolveNodeChanges::Yes)
queueRemovalsAndUnresolvedChanges(WTFMove(oldChildrenIDs));
else // removed
queueRemovals(WTFMove(oldChildrenIDs));
We now accumulate removals in a new list, AXIsolatedTree::m_subtreesToRemove, and flush them to m_pendingSubtreeRemovals
at the same time we flush our appends.
This is better in every way: simpler, avoids the expensive formUnion calls, results in fewer lock acquisitions,
and removes the Vector<AXID> parameter to queueRemovalsAndUnresolvedChanges that only one code path actually passed in.
https://commits.webkit.org/282266@main introduced two new layout tests — both still pass after this change with 100 iterations.
I have also manually tested the webpages those testcases came from, and have confirmed the missing content bugs are not
reintroduced with this change.
* Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp:
(WebCore::AXIsolatedTree::generateSubtree):
(WebCore::AXIsolatedTree::queueRemovalsLocked):
(WebCore::AXIsolatedTree::queueRemovalsAndUnresolvedChanges):
(WebCore::AXIsolatedTree::queueAppendsAndRemovals):
(WebCore::AXIsolatedTree::collectNodeChangesForSubtree):
(WebCore::AXIsolatedTree::updateChildren):
(WebCore::AXIsolatedTree::updateChildrenForObjects):
(WebCore::AXIsolatedTree::processQueuedNodeUpdates):
(WebCore::AXIsolatedTree::protectFromDeletion): Deleted.
* Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.h:
Canonical link: https://commits.webkit.org/283983@main
Canonical link: https://commits.webkit.org/280938.366@safari-7619-branch
Commit: 2391962f4ab7d50d592ebcc8c7300b3abaccf9da
https://github.com/WebKit/WebKit/commit/2391962f4ab7d50d592ebcc8c7300b3abaccf9da
Author: Commit Queue <commit-queue at webkit.org>
Date: 2024-09-20 (Fri, 20 Sep 2024)
Changed paths:
M Source/WTF/wtf/PlatformHave.h
M Source/WebCore/platform/network/cocoa/CookieCocoa.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKHTTPCookieStore.mm
Log Message:
-----------
Cherry-pick f30d4606699e. rdar://136378955
Unreviewed, reverting 283230 at main.
https://bugs.webkit.org/show_bug.cgi?id=280080
Reverted changeset:
"iOS 18 does not allow a client application to specify SameSite=None"
https://bugs.webkit.org/show_bug.cgi?id=279153
https://commits.webkit.org/283230@main
Canonical link: https://commits.webkit.org/284002@main
Canonical link: https://commits.webkit.org/280938.367@safari-7619-branch
Commit: f74787a2ec743c045a9a9b7a7956b4c0a864cd4a
https://github.com/WebKit/WebKit/commit/f74787a2ec743c045a9a9b7a7956b4c0a864cd4a
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-09-20 (Fri, 20 Sep 2024)
Changed paths:
M Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm
Log Message:
-----------
Cherry-pick e1f85b19921a. rdar://136334757
[Writing Tools] There is a brief flicker where there is no text during a rewrite animation
https://bugs.webkit.org/show_bug.cgi?id=280038
rdar://136334757
Reviewed by Aditya Keerthi, Wenson Hsieh, and Abrar Rahman Protyasha.
A sample sequence of events with regards to when intelligence text animations begin and end is
* initial animation created
* initial animation removed [0 ongoing animations]
* source animation created
* final animation created
* final animation removed
* initial animation created
* source animation removed
* initial animation removed [0 ongoing animations]
* source animation created
* final animation created
* final animation removed
* initial animation created
* source animation removed
* initial animation removed [0 ongoing animations]
* source animation created
* final animation created
* final animation removed
* source animation removed [0 ongoing animations]
Prior to 283274 at main, the text effect view was never being removed. Following that commit, it is removed
whenever an animation was removed such that there are 0 ongoing animations. As a result, after each
initial animation removal, the effect view is removed momentarily, and then is re-added when the following
source animation gets added. This manifests visually as a flicker of the text content in the message.
Fix by only removing the effect view when there are 0 ongoing animations following a source or destination
animation and not following an initial animation.
* Source/WebKit/UIProcess/mac/WKTextAnimationManager.mm:
(-[WKTextAnimationManager addTextAnimationForAnimationID:withData:]):
(-[WKTextAnimationManager removeTextAnimationForAnimationID:]):
(-[WKTextAnimationManager textPreviewsForChunk:completion:]):
(-[WKTextAnimationManager textPreviewForRect:completion:]):
(-[WKTextAnimationManager updateIsTextVisible:forChunk:completion:]):
Canonical link: https://commits.webkit.org/284003@main
Canonical link: https://commits.webkit.org/280938.368@safari-7619-branch
Commit: 7dd07c5aeda3d7d48308c2caf39f29923757bbef
https://github.com/WebKit/WebKit/commit/7dd07c5aeda3d7d48308c2caf39f29923757bbef
Author: Aditya Keerthi <akeerthi at apple.com>
Date: 2024-09-23 (Mon, 23 Sep 2024)
Changed paths:
M Source/WebKit/UIProcess/ios/WKContentViewInteraction.h
M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm
Log Message:
-----------
Cherry-pick dc6108c72c6a. rdar://136177733
[Writing Tools] Form accessory view shows above panel when invoked on editable content in Safari
https://bugs.webkit.org/show_bug.cgi?id=280028
rdar://136177733
Reviewed by Richard Robinson.
Following recent UIKit changes it is the responsibility of the Writing Tools
client to ensure the input accessory view is hidden when the panel is visible.
This is achieved by keeping track of panel visibility using methods on the
`UITextInput` protocol, and returning a `nil` `inputAccessoryView` as needed.
* Source/WebKit/UIProcess/ios/WKContentViewInteraction.h:
* Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView requiresAccessoryView]):
(-[WKContentView willPresentWritingTools]):
UIKit currently has a bug where `reloadInputViews` has does not update the
input accessory view when the Writing Tools panel is visible.
Consequently, workaround the bug for now by manually showing/hiding WebKit's
accessory view. This will not fix custom views, but WebKit should not be
modifying views it doesn't own.
(-[WKContentView didDismissWritingTools]):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WritingTools.mm:
(TEST(WritingTools, PanelHidesInputAccessoryView)):
Canonical link: https://commits.webkit.org/284005@main
Canonical link: https://commits.webkit.org/280938.369@safari-7619-branch
Commit: d55adb5dfa4557d14f6e85ebadcc5f64a3d24a3d
https://github.com/WebKit/WebKit/commit/d55adb5dfa4557d14f6e85ebadcc5f64a3d24a3d
Author: Timothy Hatcher <timothy at apple.com>
Date: 2024-09-23 (Mon, 23 Sep 2024)
Changed paths:
M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionActionCocoa.mm
Log Message:
-----------
Cherry-pick cdd75cea26ce. rdar://135439066
1Password popup size ignoring width and height set on body on iPadOS 18.
https://webkit.org/b/280092
rdar://135439066
Reviewed by Brian Weinstein.
We were mistakenly factoring `boundsSize` into the min-width and min-height calculations, causing the
1Password popover to display at 375pt instead of the intended 600pt. This change corrects that
behavior to align with Safari 17's size handling.
Tested with 1Password, CardPointers, Grammarly, and Noir — all now render as expected.
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionActionCocoa.mm:
(-[_WKWebExtensionActionViewController _updatePopoverContentSize]): Remove `boundsSize`.
Canonical link: https://commits.webkit.org/284020@main
Canonical link: https://commits.webkit.org/280938.370@safari-7619-branch
Commit: 1537ec1e553df65a96a95542dbf97b0fd920b806
https://github.com/WebKit/WebKit/commit/1537ec1e553df65a96a95542dbf97b0fd920b806
Author: Sammy Gill <sammy.gill at apple.com>
Date: 2024-09-24 (Tue, 24 Sep 2024)
Changed paths:
A LayoutTests/fast/grid/subgrid-inherited-line-names-crash-expected.txt
A LayoutTests/fast/grid/subgrid-inherited-line-names-crash.html
M Source/WebCore/rendering/style/GridPositionsResolver.cpp
Log Message:
-----------
Cherry-pick 65ecac43a67a. rdar://136174078
[Subgrid] Implicitly named lines can be empty due to inherited named lines
https://bugs.webkit.org/show_bug.cgi?id=280068
rdar://136174078
Reviewed by Alan Baradlay.
For subgrids when we try to resolve a grid-area to line names we will first generate the
implicit lines associated with that area. If we end up actually generating these implicit
line names we will then override these line names with the line names that we inherited
from the actual grid. During this process we not actually end up inheriting any lines for
the particular name we are looking for (the one specified by the grid-area property)
because that track may be beyond the bounds specified for the subgrid. As a result, this
could end up in an empty Vector for the implicitly named lines.
In the testcase the subgrid attempts to create two named columns but that does not work
because the subgrid is only contained within the first column of the parent grid. As a
result, the subgrid's item cannot resolve the names of the lines associated with the
grid-area.
* LayoutTests/fast/grid/subgrid-inherited-line-names-crash-expected.txt: Added.
* LayoutTests/fast/grid/subgrid-inherited-line-names-crash.html: Added.
* Source/WebCore/rendering/style/GridPositionsResolver.cpp:
(WebCore::NamedLineCollectionBase::hasNamedLines const):
Canonical link: https://commits.webkit.org/283998@main
Canonical link: https://commits.webkit.org/280938.371@safari-7619-branch
Commit: c084a301df9730db86ef105650ef7e0b3014f79e
https://github.com/WebKit/WebKit/commit/c084a301df9730db86ef105650ef7e0b3014f79e
Author: Richard Robinson <richard_robinson2 at apple.com>
Date: 2024-09-24 (Tue, 24 Sep 2024)
Changed paths:
M Source/WebCore/page/writing-tools/WritingToolsController.mm
Log Message:
-----------
Cherry-pick ca8e47993532. rdar://136158646
[Writing Tools] Pondering animation never stops if a session is ended and no replacement text is received
https://bugs.webkit.org/show_bug.cgi?id=280088
rdar://136158646
Reviewed by Aditya Keerthi.
Ensure that intelligence text animations are considered to be "complete" even if no replacement text has been received.
* Source/WebCore/page/writing-tools/WritingToolsController.mm:
(WebCore::WritingToolsController::intelligenceTextAnimationsDidComplete):
(WebCore::WritingToolsController::didEndWritingToolsSession<WritingTools::Session::Type::Composition>):
Canonical link: https://commits.webkit.org/284085@main
Canonical link: https://commits.webkit.org/280938.372@safari-7619-branch
Commit: f4756285b285ff7dbdd127be11dbbd0d6010e536
https://github.com/WebKit/WebKit/commit/f4756285b285ff7dbdd127be11dbbd0d6010e536
Author: Charlie Wolfe <charliew at apple.com>
Date: 2024-09-24 (Tue, 24 Sep 2024)
Changed paths:
M Source/WebKit/UIProcess/mac/TextCheckerMac.mm
Log Message:
-----------
Cherry-pick 0d08a5fd7147. rdar://133862081
Use LazyNeverDestroyed in `static TextCheckerState& mutableState()`
https://bugs.webkit.org/show_bug.cgi?id=280209
rdar://133862081
Reviewed by Alex Christensen.
Speculative fix. Crash reports indicate that mutableState() can be corrupted such that it contains
non-bool values. Use LazyNeverDestroyed + dispatch_once to avoid issues when statically initializing this
object from multiple threads.
* Source/WebKit/UIProcess/mac/TextCheckerMac.mm:
(WebKit::mutableState):
Canonical link: https://commits.webkit.org/284120@main
Canonical link: https://commits.webkit.org/280938.373@safari-7619-branch
Compare: https://github.com/WebKit/WebKit/compare/f07b6f6aebe4...f4756285b285
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list