Merge 88496 - 2011-06-09 James Robinson <jamesr@chromium.org>

Source/WebCore/ChangeLog

+2011-06-09  James Robinson  <jamesr@chromium.org>
+
+        Reviewed by Kenneth Russell.
+
+        [chromium] Scissor rect not set for clipping layers set offscreen
+        https://bugs.webkit.org/show_bug.cgi?id=62339
+
+        We set a scissorRect on each layer, but only layers with masksToBounds and their descendants should actually set
+        a scissor.  Layers that didn't need to scissor had empty scissorRects.  Unfortunately layers with masksToBounds
+        and their descendants that are scrolled offscreen also end up with an empty clipped scissor rect.
+
+        This patch sets an explicit bit on each layer that should scissor and then checks that bit instead of checking
+        for an empty scissor rect at draw time.  RenderSurfaceChromiums have different requirements for
+        setScissorToRect, so the old behavior is still available with a flag.  This can probably be cleaned up more.
+
+        Test: platform/chromium/compositing/scissor-out-of-viewport.html
+
+        * platform/graphics/chromium/LayerRendererChromium.cpp:
+        (WebCore::LayerRendererChromium::updatePropertiesAndRenderSurfaces):
+        (WebCore::LayerRendererChromium::drawLayer):
+        (WebCore::LayerRendererChromium::setScissorToRect):
+        * platform/graphics/chromium/LayerRendererChromium.h:
+        * platform/graphics/chromium/RenderSurfaceChromium.cpp:
+        (WebCore::RenderSurfaceChromium::draw):
+        * platform/graphics/chromium/cc/CCLayerImpl.cpp:
+        (WebCore::CCLayerImpl::CCLayerImpl):
+        * platform/graphics/chromium/cc/CCLayerImpl.h:
+        (WebCore::CCLayerImpl::setUsesLayerScissor):
+        (WebCore::CCLayerImpl::usesLayerScissor):
+
+2011-06-09  Sheriff Bot  <webkit.review.bot@gmail.com>
+
+        Unreviewed, rolling out r88468.
+        http://trac.webkit.org/changeset/88468
+        https://bugs.webkit.org/show_bug.cgi?id=62408
+
+        It broke build if !ENABLE(FULLSCREEN_API) (Requested by Ossy
+        on #webkit).
+
+        * dom/Element.cpp:
+        (WebCore::adjustForLocalZoom):
+        * dom/Element.h:
+        * html/HTMLMediaElement.cpp:
+        * html/HTMLMediaElement.h:
+
+2011-06-09  Kenneth Russell  <kbr@google.com>
+
+        Reviewed by Adam Barth.
+
+        Disallow use of cross-domain media (images, video) in WebGL
+        https://bugs.webkit.org/show_bug.cgi?id=62257
+
+        Updated WebGL implementation to track recent spec updates in this area.
+
+        Tests: http/tests/security/webgl-remote-read-remote-image-allowed-with-credentials.html
+               http/tests/security/webgl-remote-read-remote-image-allowed.html
+               http/tests/security/webgl-remote-read-remote-image-blocked-no-crossorigin.html
+
+        * html/canvas/CanvasRenderingContext.cpp:
+        (WebCore::CanvasRenderingContext::wouldTaintOrigin):
+        (WebCore::CanvasRenderingContext::checkOrigin):
+        * html/canvas/CanvasRenderingContext.h:
+        (WebCore::CanvasRenderingContext::checkOrigin):
+        * html/canvas/WebGLRenderingContext.cpp:
+        (WebCore::WebGLRenderingContext::readPixels):
+        (WebCore::WebGLRenderingContext::texImage2D):
+        (WebCore::WebGLRenderingContext::videoFrameToImage):
+        (WebCore::WebGLRenderingContext::texSubImage2D):
+        * html/canvas/WebGLRenderingContext.h:
+
+2011-06-09  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        Add an ASSERT to HTMLTreeBuilder
+        https://bugs.webkit.org/show_bug.cgi?id=62403
+
+        This ASSERT was useful in investigating a re-entrancy bug.  We should
+        keep it.
+
+        * html/parser/HTMLTreeBuilder.cpp:
+        (WebCore::HTMLTreeBuilder::processEndOfFile):
+
+2011-06-09  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Fix a regression from r88478.
+
+        * platform/graphics/mac/ComplexTextControllerCoreText.cpp:
+        (WebCore::ComplexTextController::collectComplexTextRunsForCharactersCoreText): Add the runs
+        in reverse order in the RTL case here, since the whole vector is reversed by collectComplexTextRuns()
+        afterwards.
+
+2011-06-09  Julien Chaffraix  <jchaffraix@codeaurora.org>
+
+        Reviewed by Antti Koivisto.
+
+        REGRESSION(84329): Stylesheets on some pages do not load
+        https://bugs.webkit.org/show_bug.cgi?id=61400
+
+        Test: fast/css/link-disabled-attr.html
+
+        Fixed r84329: the change did not take into account the fact
+        that HTMLLinkElement did already contain the disabled information
+        and the 2 information were not linked as they should have!
+
+        The new logic pushes the information to the stylesheet as this
+        is what the spec mandates and what FF is doing. Also it keeps
+        one bit of information (that JS enabled the stylesheet) as it
+        is needed for the recalcStyleSelector logic.
+
+        * dom/Document.cpp:
+        (WebCore::Document::recalcStyleSelector): s/isDisabled/disabled.
+
+        * html/HTMLLinkElement.cpp:
+        (WebCore::HTMLLinkElement::HTMLLinkElement): Removed m_disabledState,
+        replaced by m_isEnabledViaScript.
+        (WebCore::HTMLLinkElement::setDisabled): Updated the logic after
+        m_disabledState removal. It also matches the spec by forwarding
+        the disabled state to our stylesheet if we have one.
+        (WebCore::HTMLLinkElement::parseMappedAttribute): Removed harmful
+        handling of the disabledAttr.
+        (WebCore::HTMLLinkElement::process): Updated after m_disabledState removal.
+        * html/HTMLLinkElement.h:
+        (WebCore::HTMLLinkElement::isEnabledViaScript): Ditto.
+        (WebCore::HTMLLinkElement::isAlternate): Ditto.
+
+2011-06-09  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Simplify ComplexTextController::collectComplexTextRuns()
+        https://bugs.webkit.org/show_bug.cgi?id=62387
+
+        No new test, since functionality is unchanged.
+
+        * platform/graphics/mac/ComplexTextController.cpp:
+        (WebCore::ComplexTextController::collectComplexTextRuns): Always iterate characters in logical order,
+        then reverse the run vector for RTL.
+
+2011-06-09  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Reviewed by Kent Tamura.
+
+        Fold isShadowBoundary into isShadowRoot.
+        https://bugs.webkit.org/show_bug.cgi?id=62317
+
+        Since there are no longer cases where Node::isShadowBoundary() != Node::isShadowRoot, we can remove this function.
+
+        In one case where isShadowBoundary was also tested to find ShadowContentElemnt, added a new isContentElement function.
+
+        Refactoring, covered by existing tests.
+
+        * css/CSSStyleSelector.cpp:
+        (WebCore::isAtShadowBoundary): Changed to use isShadowRoot.
+        * dom/Element.cpp:
+        (WebCore::Element::isSpellCheckingEnabled): Ditto.
+        * dom/Node.cpp:
+        (WebCore::Node::nonBoundaryShadowTreeRootNode): Ditto.
+        (WebCore::Node::nonShadowBoundaryParentNode): Ditto.
+        * dom/Node.h:
+        (WebCore::Node::isContentElement): Added.
+        * dom/NodeRenderingContext.cpp:
+        (WebCore::NodeRenderingContext::NodeRenderingContext): Changed to use isShadowRoot.
+        * dom/Position.cpp:
+        (WebCore::Position::Position): Ditto.
+        * dom/ShadowContentElement.h:
+        (WebCore::ShadowContentElement::isContentElement): Added.
+        * dom/ShadowRoot.cpp:
+        (WebCore::ShadowRoot::hasContentElement): Changed to use isContentElement.
+        * editing/CompositeEditCommand.cpp:
+        (WebCore::CompositeEditCommand::insertNodeAfter): Changed to use isShadowRoot.
+        * editing/htmlediting.cpp:
+        (WebCore::visiblePositionBeforeNode): Ditto.
+        (WebCore::visiblePositionAfterNode): Ditto.
+        * page/DragController.cpp:
+        (WebCore::asFileInput): Ditto.
+        * rendering/RenderTreeAsText.cpp:
+        (WebCore::nodePosition): Ditto.
+
+2011-06-09  Simon Fraser  <simon.fraser@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Crashes in RenderLayerBacking::paintingGoesToWindow
+        https://bugs.webkit.org/show_bug.cgi?id=61159
+
+        Speculative fix for unreproducible crash that can occur when RenderObject::repaintUsingContainer()
+        finds a repaintContainer that is not the RenderView, but that is also not
+        composited (for unknown reasons), by checking to see if the layer is
+        compositing before using backing(). An assertion remains to try to catch
+        this in debug builds.
+
+        * rendering/RenderLayer.cpp:
+        (WebCore::RenderLayer::setBackingNeedsRepaintInRect):
+
+2011-06-09  Julien Chaffraix  <jchaffraix@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        WebCore::WebKitCSSKeyframesRuleInternal::nameAttrSetter() - crash
+        https://bugs.webkit.org/show_bug.cgi?id=62384
+
+        Test: fast/css/webkit-keyframes-crash.html
+
+        * css/WebKitCSSKeyframesRule.cpp:
+        (WebCore::WebKitCSSKeyframesRule::setName): stylesheet() is never garanteed
+        to return a non-null pointer. Thus null-check here like the rest of the code.
+
+2011-06-09  Julien Chaffraix  <jchaffraix@codeaurora.org>
+
+        Reviewed by David Hyatt.
+
+        chrome.dll!WebCore::RenderStyle::fontMetrics ReadAV@NULL (two crashes)
+        https://bugs.webkit.org/show_bug.cgi?id=57756
+
+        Tests: fast/css/fontMetric-border-radius-null-crash.html
+               fast/css/fontMetric-webkit-border-end-width-null-crash.html
+
+        * css/CSSStyleSelector.cpp:
+        (WebCore::CSSStyleSelector::styleForElement): Added a call to Font::update
+        so that our FontFallbackList is allocated if we ever need it when applying our
+        style rules.
+
+2011-06-09  Cary Clark  <caryclark@google.com>
+
+        Reviewed by Eric Seidel.
+
+        Create local CG context for Mac UI elements when Skia is renderer
+        https://bugs.webkit.org/show_bug.cgi?id=62213
+
+        When building Mac Chrome using Skia as the WebKit renderer,
+        add state to LocalCurrentGraphicsContext to convert the SkCanvas
+        context passed by WebKit into the CGContext needed by UI
+        rendering.
+
+        No new tests.  The define typo in question is
+        not yet enabled, so this change has no functional
+        impact.
+
+        * platform/mac/LocalCurrentGraphicsContext.h:
+        Add SkiaBitLocker to create and release the converted CGContext.
+        Add ContextContainer, a class for Skia to create and release
+        the converted CGContext. If Skia is not used, the class has no effect.
+
+        * platform/mac/LocalCurrentGraphicsContext.mm:
+        (WebCore::LocalCurrentGraphicsContext::LocalCurrentGraphicsContext):
+        When building with Skia, create the CGContext before passing it on.
+
+        (WebCore::LocalCurrentGraphicsContext::cgContext):
+        Get the CGContext from the SkiaBitLocker, or the saved context,
+        as appropriate.
+
+        * rendering/RenderThemeMac.mm:
+        Get the CGContext from Skia conversion or native, as appropriate.
+        Use the LocalCurrentGraphicsContext if there is one. Otherwise,
+        add a ContextContainer to house the SkCanvas to CGContext conversion.
+
+        (WebCore::RenderThemeMac::paintCapsLockIndicator):
+        (WebCore::RenderThemeMac::paintProgressBar):
+        (WebCore::RenderThemeMac::paintMenuListButtonGradients):
+        (WebCore::RenderThemeMac::paintSliderTrack):
+        (WebCore::RenderThemeMac::paintMediaFullscreenButton):
+        (WebCore::RenderThemeMac::paintMediaMuteButton):
+        (WebCore::RenderThemeMac::paintMediaPlayButton):
+        (WebCore::RenderThemeMac::paintMediaSeekBackButton):
+        (WebCore::RenderThemeMac::paintMediaSeekForwardButton):
+        (WebCore::RenderThemeMac::paintMediaSliderTrack):
+        (WebCore::RenderThemeMac::paintMediaSliderThumb):
+        (WebCore::RenderThemeMac::paintMediaRewindButton):
+        (WebCore::RenderThemeMac::paintMediaReturnToRealtimeButton):
+        (WebCore::RenderThemeMac::paintMediaToggleClosedCaptionsButton):
+        (WebCore::RenderThemeMac::paintMediaControlsBackground):
+        (WebCore::RenderThemeMac::paintMediaCurrentTime):
+        (WebCore::RenderThemeMac::paintMediaTimeRemaining):
+        (WebCore::RenderThemeMac::paintMediaVolumeSliderContainer):
+        (WebCore::RenderThemeMac::paintMediaVolumeSliderTrack):
+        (WebCore::RenderThemeMac::paintMediaVolumeSliderThumb):
+
+2011-06-02  Jer Noble  <jer.noble@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        REGRESSION: Page layout messed up after exiting full screen after video ends at jerryseinfeld.com
+        https://bugs.webkit.org/show_bug.cgi?id=61911
+        <rdar://problem/9523017>
+
+        Test: fullscreen/full-screen-video-offset.html
+
+        When the video element is taken full-screen in the new element full-screen API, return the
+        offset width and height of the placeholder renderer which is filling in for the full-screen
+        element.  To do so, override offsetWidth, Height, Left, and Top from Element.  These are
+        non-virtual functions, so make them virtual.
+
+        * dom/Element.cpp:
+        (WebCore::Element::adjustForLocalZoom): Made into a class-static function.
+        * dom/Element.h: Made offset functions virtual.
+        * html/HTMLMediaElement.cpp:
+        (WebCore::elementPlaceholder): Added; utility function.
+        (WebCore::HTMLMediaElement::offsetLeft): Added; virtual override of the 
+            Element function. Will be called directly via javascript.
+        (WebCore::HTMLMediaElement::offsetTop): Ditto.
+        (WebCore::HTMLMediaElement::offsetWidth): Ditto.
+        (WebCore::HTMLMediaElement::offsetHeight): Ditto.
+        * html/HTMLMediaElement.h:
+
+2011-06-09  Dave Tapuska  <dtapuska@rim.com>
+
+        Reviewed by Daniel Bates.
+
+        PingLoader destructor could dereference 0 if the Resource
+        Handle creation failed.
+
+        https://bugs.webkit.org/show_bug.cgi?id=62304
+
+        * loader/PingLoader.cpp:
+        (WebCore::PingLoader::~PingLoader):
+
+2011-06-08  Abhishek Arya  <inferno@chromium.org>
+
+        Reviewed by Ryosuke Niwa.
+
+        Make indexForVisiblePosition and isSelectableElement static.
+        https://bugs.webkit.org/show_bug.cgi?id=62329
+
+        This protects us when converting frame->selection->start() or end()
+        to VisiblePosition which blows away the RenderTextControl from
+        underneath (due to layout update).
+
+        Test: fast/forms/text-control-selection-crash.html
+
+        * accessibility/AccessibilityRenderObject.cpp:
+        (WebCore::AccessibilityRenderObject::indexForVisiblePosition):
+        * rendering/RenderTextControl.cpp:
+        (WebCore::RenderTextControl::selectionStart):
+        (WebCore::RenderTextControl::selectionEnd):
+        (WebCore::RenderTextControl::isSelectableElement):
+        (WebCore::RenderTextControl::indexForVisiblePosition):
+        * rendering/RenderTextControl.h:
+
+2011-06-09  Ben Murdoch  <benm@google.com>
+
+        Reviewed by Yury Semikhatsky.
+
+        Build break in ScriptProfile.cpp and inspector disabled.
+        https://bugs.webkit.org/show_bug.cgi?id=62373
+
+        No new tests - build fix only.
+
+        * bindings/v8/ScriptProfile.cpp: Add necessary guards.
+        * bindings/v8/ScriptProfile.h: ditto.
+
+2011-06-09  Vsevolod Vlasov  <vsevik@chromium.org>
+
+        Reviewed by Yury Semikhatsky.
+
+        Web Inspector: Network panel preview tab does not reattach SourceFrame when switching between preview and response tabs.
+        https://bugs.webkit.org/show_bug.cgi?id=62298
+
+        * inspector/front-end/ResourcePreviewView.js:
+        (WebInspector.ResourcePreviewView.prototype._ensureInnerViewShown.callback):
+        (WebInspector.ResourcePreviewView.prototype._ensureInnerViewShown):
+
+2011-06-09  Csaba Osztrogonác  <ossy@webkit.org>
+
+        [Qt][Mac] Speculative buildfix after r88286.
+
+        * platform/graphics/IntPoint.h:
+
+2011-06-09  Mike Lawther  <mikelawther@chromium.org>
+
+        Reviewed by Kent Tamura.
+
+        Parsing issue with -webkit-calc
+        https://bugs.webkit.org/show_bug.cgi?id=62276
+
+        Set the CSSParserString for the calc functions.
+
+        Test: css3/calc/regression-62276.html
+
+        * css/CSSParser.cpp:
+        (WebCore::CSSParser::lex):
+
+2011-06-09  Robert Hogan  <robert@webkit.org>
+
+        Reviewed by Andreas Kling.
+
+        Teach Qt about window.internals
+        https://bugs.webkit.org/show_bug.cgi?id=61074
+
+        A weakness of the Qt DRT setup is that things like JSContextRef are abstracted
+        away from the QtWebKit API so we need DumpRenderTreeSupportQt to access WebCore internals.
+        Since the window.internals object requires JSContextRef we need to implement it in DumpRenderTreeSupportQt
+        where we can access it. DumpRenderTreeSupportQt cannot be compiled outside Qt's WebCore and as it
+        is our only possible route into the WebCoreTestSupport class neither can the new window.internals plumbing.
+        Likewise we can't put the accessor in WebCoreTestSupport because it would then need to know about QWebFrame
+        and others. The only alternative seems like a compile time guard which we would have to teach the bots about.
+
+        * CodeGenerators.pri:
+        * WebCore.pri:
+        * WebCore.pro:
+
+2011-06-08  Mikołaj Małecki  <m.malecki@samsung.com>
+
+        Reviewed by Pavel Feldman.
+
+        Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
+        https://bugs.webkit.org/show_bug.cgi?id=52791
+
+        No new tests. The problem can be reproduced by trying to create InspectorValue
+        from 1.0e-100 and call ->toJSONString() on this.
+
+        * inspector/InspectorValues.cpp:
+        (WebCore::InspectorBasicValue::writeJSON):
+        Added checking the predicted buffer size and choosing exponential format, or
+        eventually "NaN" if the buffer is too small for decimal format.
+
+2011-06-09  Sheriff Bot  <webkit.review.bot@gmail.com>
+
+        Unreviewed, rolling out r88387.
+        http://trac.webkit.org/changeset/88387
+        https://bugs.webkit.org/show_bug.cgi?id=62368
+
+        New tests introduced in 88387 fail on Leopard,GTK,Qt bots
+        (Requested by Ossy on #webkit).
+
+        * html/canvas/CanvasRenderingContext.cpp:
+        (WebCore::CanvasRenderingContext::checkOrigin):
+        * html/canvas/CanvasRenderingContext.h:
+        * html/canvas/WebGLRenderingContext.cpp:
+        (WebCore::WebGLRenderingContext::readPixels):
+        (WebCore::WebGLRenderingContext::texImage2D):
+        (WebCore::WebGLRenderingContext::videoFrameToImage):
+        (WebCore::WebGLRenderingContext::texSubImage2D):
+        * html/canvas/WebGLRenderingContext.h:
+
+2011-06-09  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        Running script from attach can remove elements from the stack of open elements
+        https://bugs.webkit.org/show_bug.cgi?id=62160
+
+        When the tree build runs script synchronously, that script can remove
+        arbitrary elements from the stack of open elements.  We need to hold a
+        reference to |parent| in attach instead of rely upon the reference in
+        the stack of open elements.
+
+        Test: fast/parser/document-write-onload-clear.html
+
+        * html/parser/HTMLConstructionSite.cpp:
+        (WebCore::HTMLConstructionSite::attach):
+
+2011-06-08  Luke Macpherson   <macpherson@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        Make CSSPrimitiveValue support cast to EVerticalAlign.
+        https://bugs.webkit.org/show_bug.cgi?id=62356
+
+        No new tests / refactoring only.
+
+        * css/CSSPrimitiveValueMappings.h:
+        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
+        (WebCore::CSSPrimitiveValue::operator EVerticalAlign):
+        * css/CSSStyleSelector.cpp:
+        (WebCore::CSSStyleSelector::applyProperty):
+
+2011-06-08  Justin Novosad  <junov@chromium.org>
+
+        Reviewed by James Robinson.
+
+        [Chromium] Crash when closing a tab with accelerated 2d canvas
+        https://bugs.webkit.org/show_bug.cgi?id=62324
+        Upon graphics context destruction, it is important to signal skia
+        to abandon all of its resource handles.  This prevents a crash caused
+        by skia attempting to release resources that were in the destroyed
+        graphics context.
+
+        * platform/graphics/gpu/SharedGraphicsContext3D.cpp:
+        (WebCore::SharedGraphicsContext3D::~SharedGraphicsContext3D):
+
+2011-06-08  James Robinson  <jamesr@chromium.org>
+
+        Reviewed by Darin Fisher.
+
+        REGRESSION(88260): 10-50% performance regression across many page cyclers
+        https://bugs.webkit.org/show_bug.cgi?id=62349
+
+        r88260 fixed a font cache resource leak and lowered the inactive font cache threshold.  The latter caused a
+        significant performance regression across many chromium page cyclers, for example
+        http://build.chromium.org/f/chromium/perf/linux-release-webkit-latest/moz/report.html?history=50&rev=88279.
+
+        This restores the previous inactive font size thresholds to their previous values, but retains the font cleanup
+        logic.
+
+        * platform/graphics/FontCache.cpp:
+
+2011-06-08  Hayato Ito  <hayato@chromium.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        A forward/backward tab traversal now visits focusable elements in a shadow root.
+        https://bugs.webkit.org/show_bug.cgi?id=61410
+
+        Test: fast/dom/shadow/tab-order-iframe-and-shadow.html
+
+        Like a iframe element, a shadow host becomes a scope of
+        tabindex. That means all descendant elements in a shadow root are
+        skipped if the host node of the shadow root is not focusable.
+
+        The patch doesn't affect HTMLInputElement and HTMLTextAreaElement,
+        which uses a shadow root and do extra works in their focus()
+        method.
+
+        A shadow root's <content> is not considered in this patch.
+        That will be addressed in a following patch.
+
+        * page/FocusController.cpp:
+        (WebCore::shadowRoot):
+        (WebCore::isTreeScopeOwner):
+        (WebCore::FocusController::deepFocusableNode):
+        (WebCore::FocusController::advanceFocusInDocumentOrder):
+        (WebCore::FocusController::findFocusableNodeAcrossTreeScope):
+        (WebCore::FocusController::findFocusableNode):
+        (WebCore::FocusController::nextFocusableNode):
+        (WebCore::FocusController::previousFocusableNode):
+        (WebCore::FocusController::ownerOfTreeScope):
+        * page/FocusController.h:
+
+2011-06-08  Hayato Ito  <hayato@chromium.org>
+
+        Reviewed by Hajime Morita.
+
+        Makes sure that document.activeElement won't be an element in shadow root.
+
+        https://bugs.webkit.org/show_bug.cgi?id=61413
+
+        Test: fast/dom/shadow/activeelement-should-be-shadowhost.html
+
+        * html/HTMLDocument.cpp:
+        (WebCore::focusedFrameOwnerElement):
+        (WebCore::HTMLDocument::activeElement):
+
+2011-06-08  Kent Tamura  <tkent@chromium.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        Allow drawing a slider thumb for any nodes.
+        https://bugs.webkit.org/show_bug.cgi?id=62196
+
+        RenderObject::node() should provide various information which is
+        necessary for rendering. We don't need to refer the parent renderer.
+
+        * dom/Node.cpp:
+        (WebCore::Node::focusDe1egate): Added.
+        * dom/Node.h: Added a declaration.
+        * html/shadow/MediaControlElements.cpp:
+        (WebCore::toParentMediaElement):
+          Added an overload of toParentMediaElement() with Node* parameter.
+        * html/shadow/MediaControlElements.h:
+        (WebCore::toParentMediaElement): ditto.
+        * html/shadow/SliderThumbElement.cpp:
+        (WebCore::SliderThumbElement::isEnabledFormControl):
+          Returns the status of the host node.
+        (WebCore::SliderThumbElement::isReadOnlyFormControl): ditto.
+        (WebCore::SliderThumbElement::focusDe1egate):
+          Returns the host node so that RenderTheme::isFocused() returns true.
+        (WebCore::SliderThumbElement::detach): Style nit.
+        (WebCore::SliderThumbElement::hostInput):
+          Make it const because it is called by const functions.
+        * html/shadow/SliderThumbElement.h:
+          - Remove inDragMode()
+          - Update declarations
+        * platform/qt/RenderThemeQt.cpp:
+        (WebCore::RenderThemeQt::paintMediaSliderThumb):
+          Use Node::shadowAncestorNode() instead of RenderObject::parent() to
+          support deeper thumb nodes.
+        * rendering/RenderMediaControlsChromium.cpp:
+        (WebCore::paintMediaSliderThumb): ditto.
+        (WebCore::paintMediaVolumeSliderThumb): Remove isSlider() check.
+        * rendering/RenderSlider.cpp:
+        (WebCore::RenderSlider::inDragMode):
+          SliderThumbElement::inDragMode() was removed, and Node::active() has
+          the same information.
+        * rendering/RenderTheme.cpp:
+        (WebCore::RenderTheme::paint): Remove isSlider() checks.
+        (WebCore::RenderTheme::isFocused): Apply Node::focusDelegate().
+        * rendering/RenderThemeChromiumLinux.cpp:
+        (WebCore::RenderThemeChromiumLinux::paintSliderThumb):
+          isPressed() is enough.
+        * rendering/RenderThemeChromiumWin.cpp:
+          isEnabled(), isFocused(), and isPressed() are enough.
+        (WebCore::RenderThemeChromiumWin::determineSliderThumbState):
+        (WebCore::RenderThemeChromiumWin::determineClassicState):
+        * rendering/RenderThemeMac.mm:
+        (WebCore::RenderThemeMac::paintSliderThumb):
+          - Remove isSlider() check.
+          - Passing 'o' to udpateFooState functions is enough.
+          - isPressed() is enough.
+        * rendering/RenderThemeSafari.cpp:
+        (WebCore::RenderThemeSafari::paintSliderThumb):
+          We don't need special handling anymore.
+        * rendering/RenderThemeWin.cpp:
+        (WebCore::RenderThemeWin::determineSliderThumbState):
+          isEnabled(), isFocused(), and isPressed() are enough.
+
+2011-06-08  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        constructTreeFromToken can re-enter parser, causing ASSERTs
+        https://bugs.webkit.org/show_bug.cgi?id=62160
+
+        This patch clears the HTMLToken before constructing the tree from the
+        token, putting the HTMLDocumentParser in a good state to be re-entered.
+
+        Tests: fast/parser/document-write-onload-nesting.html
+               fast/parser/document-write-onload-ordering.html
+
+        * html/parser/HTMLDocumentParser.cpp:
+        (WebCore::HTMLDocumentParser::pumpTokenizer):
+        * html/parser/HTMLToken.h:
+        (WebCore::HTMLToken::isUninitialized):
+        * html/parser/HTMLTreeBuilder.cpp:
+        (WebCore::HTMLTreeBuilder::constructTreeFromToken):
+
+2011-06-08  Kent Tamura  <tkent@chromium.org>
+
+        Fix Qt build for r88405.
+        https://bugs.webkit.org/show_bug.cgi?id=62208
+
+        * platform/qt/RenderThemeQt.h:
+
+2011-06-08  Kent Tamura  <tkent@chromium.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        Change the argument of RenderTheme::adjustSliderThumbSize(): RenderObject* -> RenderStyle*
+        https://bugs.webkit.org/show_bug.cgi?id=62208
+
+        Change the argument type of RenderTheme::adjustSliderThumbSize() and
+        RenderMediaControls::adjustMediaSliderThumbSize() from RenderObject* to RenderStyle*.
+
+        Also, each of adjustSliderThumbStyle() overrides calls RenderTheme::
+        adjustSliderThumbStyle() for future changes.
+
+        No new tests. This is a refactoring and should not change any behavior.
+
+        * html/shadow/SliderThumbElement.cpp:
+        (WebCore::RenderSliderThumb::layout): Passing RenderStyle* and remove a FIXME comment.
+        * platform/efl/RenderThemeEfl.cpp:
+        (WebCore::RenderThemeEfl::adjustSliderThumbStyle): Calls RenderTheme::adjustSliderThumbStyle().
+        * platform/gtk/RenderThemeGtk.cpp:
+        (WebCore::RenderThemeGtk::adjustSliderThumbStyle): ditto.
+        (WebCore::RenderThemeGtk::adjustMediaSliderThumbSize):
+        * platform/gtk/RenderThemeGtk.h:
+        * platform/gtk/RenderThemeGtk2.cpp:
+        (WebCore::RenderThemeGtk::adjustSliderThumbSize):
+        * platform/gtk/RenderThemeGtk3.cpp:
+        (WebCore::RenderThemeGtk::adjustSliderThumbSize):
+        * platform/qt/RenderThemeQt.cpp:
+        (WebCore::RenderThemeQt::adjustSliderThumbStyle): ditto.
+        (WebCore::RenderThemeQt::adjustSliderThumbSize):
+        * rendering/RenderMediaControls.cpp:
+        (WebCore::RenderMediaControls::adjustMediaSliderThumbSize):
+        * rendering/RenderMediaControls.h:
+        * rendering/RenderMediaControlsChromium.cpp:
+        (WebCore::RenderMediaControlsChromium::adjustMediaSliderThumbSize):
+        * rendering/RenderMediaControlsChromium.h:
+        * rendering/RenderSlider.cpp:
+        (WebCore::RenderSlider::layout): Passing RenderStyle* and remove a FIXME comment.
+        * rendering/RenderTheme.cpp:
+        (WebCore::RenderTheme::adjustSliderThumbStyle): Add a comment.
+        (WebCore::RenderTheme::adjustSliderThumbSize):
+        * rendering/RenderTheme.h:
+        * rendering/RenderThemeChromiumLinux.cpp:
+        (WebCore::RenderThemeChromiumLinux::adjustSliderThumbSize):
+        * rendering/RenderThemeChromiumLinux.h:
+        * rendering/RenderThemeChromiumMac.h:
+        * rendering/RenderThemeChromiumMac.mm:
+        (WebCore::RenderThemeChromiumMac::adjustMediaSliderThumbSize):
+        * rendering/RenderThemeChromiumSkia.cpp:
+        (WebCore::RenderThemeChromiumSkia::adjustSliderThumbSize):
+        * rendering/RenderThemeChromiumSkia.h:
+        * rendering/RenderThemeChromiumWin.cpp:
+        (WebCore::RenderThemeChromiumWin::adjustSliderThumbSize):
+        * rendering/RenderThemeChromiumWin.h:
+        * rendering/RenderThemeMac.h:
+        * rendering/RenderThemeMac.mm:
+        (WebCore::RenderThemeMac::adjustSliderThumbStyle): Calls RenderTheme::adjustSliderThumbStyle().
+        (WebCore::RenderThemeMac::adjustSliderThumbSize):
+        (WebCore::RenderThemeMac::adjustMediaSliderThumbSize):
+        * rendering/RenderThemeSafari.cpp:
+        (WebCore::RenderThemeSafari::adjustSliderThumbStyle): Calls RenderTheme::adjustSliderThumbStyle().
+        (WebCore::RenderThemeSafari::adjustSliderThumbSize):
+        * rendering/RenderThemeSafari.h:
+        * rendering/RenderThemeWin.cpp:
+        (WebCore::RenderThemeWin::adjustSliderThumbSize):
+        * rendering/RenderThemeWin.h:
+        * rendering/RenderThemeWinCE.cpp:
+        (WebCore::RenderThemeWinCE::adjustSliderThumbSize):
+        * rendering/RenderThemeWinCE.h:
+
+2011-06-08  Brian Salomon  <bsalomon@google.com>
+
+        Reviewed by James Robinson.
+
+        Avoid always binding FBO 0 implicitly when deleting FBO in DrawingBuffer code because it invalidates Ganesh's cache of the current FBO.
+        https://bugs.webkit.org/show_bug.cgi?id=62318
+
+        Chromium-only crash
+        Failures takes multiple seconds to occur, relying on JS garbage-collection to occur 
+        http://www.hotbazooka.com/privatejoe-large
+
+        * platform/graphics/gpu/DrawingBuffer.cpp:
+        (WebCore::DrawingBuffer::clear):
+
+2011-06-08  Emil A Eklund  <eae@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        RenderEmbeddedObject::getReplacementTextGeometry
+        https://bugs.webkit.org/show_bug.cgi?id=62313
+
+        Replace the last use of tx, ty with IntPoint.
+
+        Covered by existing tests.
+
+        * platform/graphics/FloatRect.h:
+        (WebCore::FloatRect::move):
+        (WebCore::FloatRect::moveBy):
+        * rendering/RenderEmbeddedObject.cpp:
+        (WebCore::RenderEmbeddedObject::paintReplaced):
+        (WebCore::RenderEmbeddedObject::getReplacementTextGeometry):
+        (WebCore::RenderEmbeddedObject::isInMissingPluginIndicator):
+        * rendering/RenderEmbeddedObject.h:
+
+2011-06-08  Tim Horton  <timothy_horton@apple.com>
+
+        Reviewed by Ryosuke Niwa.
+
+        Use correct CFURLStorageSessionRef definition on Leopard, as
+        we created an inconsistency in const-ness between
+        WebCoreSystemInterface.h and these two files in the case
+        of Leopard only.
+        https://bugs.webkit.org/show_bug.cgi?id=62223
+
+        * platform/network/ResourceHandle.h:
+        * platform/network/cf/ResourceRequest.h:
+
 2011-06-08  Sailesh Agrawal  <sail@chromium.org>
 
         Reviewed by Mihai Parparita.
 
         Chromium Mac: Enable overlay scrollbars
         https://bugs.webkit.org/show_bug.cgi?id=59756
 
         Sync ScrollbarThemeChromiumMac.mm/.h with ScrollbarThemeMac.mm to pick up support for overlay scrollbars. The only changes are renaming ScrollbarThemeMac to ScrollbarThemeChromiumMac and using runtime checks instead of #ifdef's.
 
         No new tests, since this code is only enabled on future versions of Mac OS X.
@@ skipping 2770 matching lines @@
         fast/viewport/viewport-45.html fails in GTK+/Qt
         https://bugs.webkit.org/show_bug.cgi?id=47481
 
         computeViewportAttributes does many math operations with float point arithmetic
         and in some cases there is loss of precision making tests have incorrect values.
 
         * dom/ViewportArguments.cpp:
         (WebCore::computeViewportAttributes):
 
 == Rolled over to ChangeLog-2011-06-04 ==