GitLab

When URL of an iframe changes from "unset" to "set", we don't want to
create new history entry. This worked for URLs without fragment
identifier but failed with it present.

This change takes the idea from the old code, before it was rewritten
in https://codereview.chromium.org/126453005

BUG=353096

Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=169665

Review URL: https://codereview.chromium.org/201773002

git-svn-id: svn://svn.chromium.org/blink/trunk@169736 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Review URL: https://codereview.chromium.org/166273018

Review URL: https://codereview.chromium.org/166273018

git-svn-id: svn://svn.chromium.org/blink/trunk@169735 bbb929c8-8fbe-4397-9dbb-9b2b20218538

BUG=354405
R=ager@chromium.org

Review URL: https://codereview.chromium.org/206333003

git-svn-id: svn://svn.chromium.org/blink/trunk@169734 bbb929c8-8fbe-4397-9dbb-9b2b20218538

With heap supplement{able}s support now in place, follow up and turn
the supplements of these two into garbage allocated objects also.

R=haraken@chromium.org
BUG=340522

Review URL: https://codereview.chromium.org/200373003

git-svn-id: svn://svn.chromium.org/blink/trunk@169733 bbb929c8-8fbe-4397-9dbb-9b2b20218538

- HeapSnapshotNode, HeapSnapshotEdge and HeapSnapshotRetainerEdge now store only reference to HeapSnapshot and global index of corresponding item.
- all index boundaries were moved out of these classes into corresponding iterators

BUG=None

Review URL: https://codereview.chromium.org/207523004

git-svn-id: svn://svn.chromium.org/blink/trunk@169732 bbb929c8-8fbe-4397-9dbb-9b2b20218538

TBR=haraken@chromium.org, oilpan-reviews@chromium.org, yhirano@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/205693004

git-svn-id: svn://svn.chromium.org/blink/trunk@169731 bbb929c8-8fbe-4397-9dbb-9b2b20218538

TBR=rwlbuis
BUG=354791

Review URL: https://codereview.chromium.org/198183004

git-svn-id: svn://svn.chromium.org/blink/trunk@169730 bbb929c8-8fbe-4397-9dbb-9b2b20218538

BUG=354787
TBR=tdresser@chromium.org

Review URL: https://codereview.chromium.org/207613003

git-svn-id: svn://svn.chromium.org/blink/trunk@169729 bbb929c8-8fbe-4397-9dbb-9b2b20218538

TBR=fs@opera.com
BUG=354785
NOTRY=true

Review URL: https://codereview.chromium.org/207773002

git-svn-id: svn://svn.chromium.org/blink/trunk@169728 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Use Blink Promise instead of MIDIAccessPromise.
BUG=320984
R=toyoshim@chromium.org

Review URL: https://codereview.chromium.org/77773003

git-svn-id: svn://svn.chromium.org/blink/trunk@169727 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Reason for revert:
This have broken browser_tests according to my bisect:
http://build.chromium.org/p/chromium.webkit/builders/Linux%20Tests%20%28dbg%29/builds/2034/steps/browser_tests/logs/TabDestroyed

Original issue's description:
> id of iframe incorrectly sets window name
>
> As per the specification, the iframe's name should be an empty string if unset:
> http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-name
>
> Instead, Chromium was using the iframe's id as window name if the name was
> unset. This change makes us behave like Firefox 27 and IE 11, verified using:
> http://jsfiddle.net/xf5H7/9/
>
> This CL sets the name attribute iframe in a lot of layout tests so that
> testRunner.dumpChildFramesAsText() keeps printing the same result.
>
> R=arv@chromium.org, tkent@chromium.org
> BUG=347169
> TEST=fast/frames/iframe-no-name.html
>
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=168553
>
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=168801
>
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=169304
>
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=169683

TBR=abarth@chromium.org,arv@chromium.org,tkent@chromium.org,ch.dumez@samsung.com
NOTREECHECKS=true
NOTRY=true
BUG=347169

Review URL: https://codereview.chromium.org/198183003

git-svn-id: svn://svn.chromium.org/blink/trunk@169726 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Its only use is as a part object of the stack-allocated MediaQueryParser.

R=ager@chromium.org
BUG=
NOTRY=true

Review URL: https://codereview.chromium.org/207743002

git-svn-id: svn://svn.chromium.org/blink/trunk@169725 bbb929c8-8fbe-4397-9dbb-9b2b20218538

TBR=haraken@chromium.org,oilpan-reviews@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/207763002

git-svn-id: svn://svn.chromium.org/blink/trunk@169724 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Revert of Do not trigger new history entry if iframe URL doesn't change (https://codereview.chromium.org/201773002/)

Reason for revert:
This may have broken browser_tests: http://build.chromium.org/p/chromium.webkit/builders/Linux%20Tests%20%28dbg%29/builds/2034/steps/browser_tests/logs/TabDestroyed

Original issue's description:
> Do not trigger new history entry if iframe URL doesn't change
> 
> When URL of an iframe changes from "unset" to "set", we don't want to
> create new history entry. This worked for URLs without fragment
> identifier but failed with it present.
> 
> This change takes the idea from the old code, before it was rewritten
> in https://codereview.chromium.org/126453005
> 
> BUG=353096
> 
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=169665

TBR=abarth@chromium.org,japhet@chromium.org,rchlodnicki@opera.com
NOTREECHECKS=true
NOTRY=true
BUG=353096

Review URL: https://codereview.chromium.org/207683003

git-svn-id: svn://svn.chromium.org/blink/trunk@169723 bbb929c8-8fbe-4397-9dbb-9b2b20218538

TBR=lushnikov
NOTRY=true

Review URL: https://codereview.chromium.org/207323005

git-svn-id: svn://svn.chromium.org/blink/trunk@169722 bbb929c8-8fbe-4397-9dbb-9b2b20218538

DEPENDS ON: https://codereview.chromium.org/198693002/

BUG=352493,352490

Review URL: https://codereview.chromium.org/199743003

git-svn-id: svn://svn.chromium.org/blink/trunk@169721 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This should fix any tests where done() can be called multiple times.

BUG=333880

Review URL: https://codereview.chromium.org/205893003

git-svn-id: svn://svn.chromium.org/blink/trunk@169720 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Clean up static_cast<CSSFooValue*>.

BUG=309516

Review URL: https://codereview.chromium.org/205273003

git-svn-id: svn://svn.chromium.org/blink/trunk@169719 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Change RenderStyle::setWordSpacing and RenderStyle::setLetterSpacing to
replace the FontDescription instead of modifying the existing instance,
the same way the other font methods already do. This allows us to
remove the mutableFontDescription method from FontDescription.

R=dglazkov@chromium.org
BUG=

Review URL: https://codereview.chromium.org/207573002

git-svn-id: svn://svn.chromium.org/blink/trunk@169718 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Co-authored with Brandon Jones.

This CL continues the work of updating the Gamepad API to latest spec. NavigatorGamepad implements
WebGamepadListener which is the interface chromium will talk to when dispatching gamepad events.
The implementation follows the dispatcher-controller pattern used by device motion and device orientation.
There is some difference though because the gamepad data is polled instead of pushed by the platform.

BUG=344556

Review URL: https://codereview.chromium.org/200783002

git-svn-id: svn://svn.chromium.org/blink/trunk@169716 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This CL splits the direct compositing reasons into two groups: those that are
determined from style information alone and those that require some non-style
information. This CL simply separates the two groups. A future CL will move the
computation of the style-determined reasons to recalc style.

Review URL: https://codereview.chromium.org/206413009

git-svn-id: svn://svn.chromium.org/blink/trunk@169715 bbb929c8-8fbe-4397-9dbb-9b2b20218538

We always turn this setting on.

BUG=354688
R=ojan@chromium.org

Review URL: https://codereview.chromium.org/206463009

git-svn-id: svn://svn.chromium.org/blink/trunk@169714 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Remove bogus if check in ShadowTreeStyleSheetCollection::collectStyleSheets().
The condition will always be true as HTMLStyleElement always has a styleTag
for tag name.

R=esprehn, morrita@chromium.org

Review URL: https://codereview.chromium.org/199893006

git-svn-id: svn://svn.chromium.org/blink/trunk@169713 bbb929c8-8fbe-4397-9dbb-9b2b20218538

The default timeout for tests using the w3c test harness is 2 seconds.
For several of these tests that play a little bit of video, this is not
long enough, especially when running using slower builds (like ASAN).
Setting the timeouts to a large value (60s) for both per-test time and
entire test time so that the infrastructure timeouts will be used.

BUG=353770, 353792
TEST=layout tests pass repeatedly using ASAN build

Review URL: https://codereview.chromium.org/205143002

git-svn-id: svn://svn.chromium.org/blink/trunk@169712 bbb929c8-8fbe-4397-9dbb-9b2b20218538

There are two separate bugs that this and the corresponding Chrome patch
aim to address:
- On Linux, files and URLs are transferred in the same MIME type, so
  it's impossible to tell if a filename was set by a trusted source or
  forged by web content.
- DownloadURL triggers the download of potentially cross-origin content.
  On some platforms, such as Windows, the resulting download is treated
  as a file drag by Chrome, allowing web content to read cross origin
  content.

In order to prevent web content from doing this, drags initiated by a
renderer will be marked as tainted. When tainted drags are over web
content, Blink will only allow the resulting filename to be used for
navigation, with Chrome enforcing this with the sandbox policy.

Unfortunately, this does break some potentially interesting use cases
like being able to drag an attachment from Gmail to a file input, but
those will have to be separately addressed, if possible.

BUG=346135
R=abarth@chromium.org, tony@chromium.org

Review URL: https://codereview.chromium.org/193803002

git-svn-id: svn://svn.chromium.org/blink/trunk@169711 bbb929c8-8fbe-4397-9dbb-9b2b20218538

It still doesn't work very well, but you can at least check the
status of the tree and sorta navigate around.

BUG=354543

Review URL: https://codereview.chromium.org/201853004

git-svn-id: svn://svn.chromium.org/blink/trunk@169710 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Constructors of RemoteFontFaceSource, SVGDocumentExtensions, XMLDocumentParserScope, and WorkerScriptDebugServer need to
use *explicit* keyword because they have an argument.

BUG=N/A

Review URL: https://codereview.chromium.org/207103003

git-svn-id: svn://svn.chromium.org/blink/trunk@169709 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This comment is no longer true (it may have never been either). The
fingerprint logic is fairly cheap because we cache the parent hash.

TBR=skobes
NOTRY=true

Review URL: https://codereview.chromium.org/207193002

git-svn-id: svn://svn.chromium.org/blink/trunk@169708 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This removes all the support code, and the legacy Blink-side accelerated
filter rendering.

Acceleration of SVG-on-SVG filters will be achieved instead with
deferred filters, impl-side painting and Ganesh rasterization.
(CSS filters have their own layer-based accelerated rendering
path, implemented in the compositor, which is already shipping.)

NOTE: this change depends on the Chrome-side change
https://codereview.chromium.org/205923005/, which must land first.

BUG=196562
R=junov@chromium.org

Review URL: https://codereview.chromium.org/205033010

git-svn-id: svn://svn.chromium.org/blink/trunk@169707 bbb929c8-8fbe-4397-9dbb-9b2b20218538

We bailed out of invalidation set support for selectors containing /shadow/
or /shadow-deep/. For invalidation sets they now work like descendant/child
combinators do.

R=esprehn@chromium.org, chrishtr@chromium.org
BUG=335247

Review URL: https://codereview.chromium.org/206513004

git-svn-id: svn://svn.chromium.org/blink/trunk@169706 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Instead of reading from the settings object repeatedly when finding direct
compositing reasons, most settings are cached in the compositing triggers bit
vector. This CL moves the GPU rasterization trigger to the same model.

Review URL: https://codereview.chromium.org/206543005

git-svn-id: svn://svn.chromium.org/blink/trunk@169705 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This feature isn't enabled in any shipping configuration. We might want to add
it back after shipping layer squashing.

BUG=178119

Review URL: https://codereview.chromium.org/206593005

git-svn-id: svn://svn.chromium.org/blink/trunk@169704 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Make Traversal<SVGElement> API a little bit more efficient by specializing the
following templated function for SVGElement:
template <typename T> inline bool isElementOfType(const Node& node);

It leverages the fact that Node has an IsSVGFlag flag and we can call
Node::isSVGElement() directly on the input Node. Without this specialization,
the default template implementation would do the following check:
- node.isElementNode() && toElement(node).isSVGElement()

We thus bypass the redundant Node::isElementNode() call.

R=pdr
BUG=346733

Review URL: https://codereview.chromium.org/196563003

git-svn-id: svn://svn.chromium.org/blink/trunk@169703 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Rather than only doing it for http(s) URLs. This matches the XHR2 spec and
Firefox. This also avoids having to support the downloadToFile + synchronous
load combination in the resource loader stack.

Update tests according and add an assertion.

BUG=354188

Review URL: https://codereview.chromium.org/206223005

git-svn-id: svn://svn.chromium.org/blink/trunk@169702 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This CL move the computation of iframe and plugin compositing triggers into
iframe- and plugin-specific overrides of
RenderObject::additionalCompositingReasons. This approach means that we don't
need to take subtype specific branches for every type in
CompositingReasonFinder.

Review URL: https://codereview.chromium.org/199443009

git-svn-id: svn://svn.chromium.org/blink/trunk@169701 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This captures following spec chagne: https://www.w3.org/Bugs/Public/show_bug.cgi?id=24905
The essential part of the change is in HTMLImportsController.cpp.
Anything else is to make it work with redirect.

The problem here is that allowCredentials flag is held both
by ResourceLoaderOptions and ResourceRequest and these two
can go out-of-sync. This change tries to make them in sync.

Such a state duplication should be resolved eventually, but
that is another story.

BUG=348671
TEST=import-cors-credentials.html
R=dglazkov@chromium.org, japhet@chromium.org, abarth

Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=169496

Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=169578

Review URL: https://codereview.chromium.org/196043002

git-svn-id: svn://svn.chromium.org/blink/trunk@169700 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Grid areas sized as vertical rectangles were incorrectly considered as
invalid by the parser. That's because the condition checking that each new
row was adjacent to the previous one was using the first row of the
currently parsed grid area instead of the last one.

Review URL: https://codereview.chromium.org/203963008

git-svn-id: svn://svn.chromium.org/blink/trunk@169699 bbb929c8-8fbe-4397-9dbb-9b2b20218538

With some broken animated images the decoder could report a smaller
frame number as more data is received. We should handle this edge case
by early out. The animation sequence might not be correct. That's okay
because it's a broken file.

BUG=352421

Review URL: https://codereview.chromium.org/205333004

git-svn-id: svn://svn.chromium.org/blink/trunk@169698 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This patch fixes a corner case in the XSSAuditor where the attacker can use an organically-occurring script tag to bypass the auditor. The trick is that injection<script>expr may be parsed by JS as (injection < script) > expr.

BUG=354109

Review URL: https://codereview.chromium.org/205243002

git-svn-id: svn://svn.chromium.org/blink/trunk@169697 bbb929c8-8fbe-4397-9dbb-9b2b20218538

We do not have to follow the specified values for SVG2 anymore, so use the default ordering.
Later on this could help since the enum could potentially be bitpacked to less bits.

Review URL: https://codereview.chromium.org/205863002

git-svn-id: svn://svn.chromium.org/blink/trunk@169695 bbb929c8-8fbe-4397-9dbb-9b2b20218538