GitLab

We always turn this setting on.

BUG=354688
R=ojan@chromium.org

Review URL: https://codereview.chromium.org/206463009

git-svn-id: svn://svn.chromium.org/blink/trunk@169714 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Remove bogus if check in ShadowTreeStyleSheetCollection::collectStyleSheets().
The condition will always be true as HTMLStyleElement always has a styleTag
for tag name.

R=esprehn, morrita@chromium.org

Review URL: https://codereview.chromium.org/199893006

git-svn-id: svn://svn.chromium.org/blink/trunk@169713 bbb929c8-8fbe-4397-9dbb-9b2b20218538

The default timeout for tests using the w3c test harness is 2 seconds.
For several of these tests that play a little bit of video, this is not
long enough, especially when running using slower builds (like ASAN).
Setting the timeouts to a large value (60s) for both per-test time and
entire test time so that the infrastructure timeouts will be used.

BUG=353770, 353792
TEST=layout tests pass repeatedly using ASAN build

Review URL: https://codereview.chromium.org/205143002

git-svn-id: svn://svn.chromium.org/blink/trunk@169712 bbb929c8-8fbe-4397-9dbb-9b2b20218538

There are two separate bugs that this and the corresponding Chrome patch
aim to address:
- On Linux, files and URLs are transferred in the same MIME type, so
  it's impossible to tell if a filename was set by a trusted source or
  forged by web content.
- DownloadURL triggers the download of potentially cross-origin content.
  On some platforms, such as Windows, the resulting download is treated
  as a file drag by Chrome, allowing web content to read cross origin
  content.

In order to prevent web content from doing this, drags initiated by a
renderer will be marked as tainted. When tainted drags are over web
content, Blink will only allow the resulting filename to be used for
navigation, with Chrome enforcing this with the sandbox policy.

Unfortunately, this does break some potentially interesting use cases
like being able to drag an attachment from Gmail to a file input, but
those will have to be separately addressed, if possible.

BUG=346135
R=abarth@chromium.org, tony@chromium.org

Review URL: https://codereview.chromium.org/193803002

git-svn-id: svn://svn.chromium.org/blink/trunk@169711 bbb929c8-8fbe-4397-9dbb-9b2b20218538

It still doesn't work very well, but you can at least check the
status of the tree and sorta navigate around.

BUG=354543

Review URL: https://codereview.chromium.org/201853004

git-svn-id: svn://svn.chromium.org/blink/trunk@169710 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Constructors of RemoteFontFaceSource, SVGDocumentExtensions, XMLDocumentParserScope, and WorkerScriptDebugServer need to
use *explicit* keyword because they have an argument.

BUG=N/A

Review URL: https://codereview.chromium.org/207103003

git-svn-id: svn://svn.chromium.org/blink/trunk@169709 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This comment is no longer true (it may have never been either). The
fingerprint logic is fairly cheap because we cache the parent hash.

TBR=skobes
NOTRY=true

Review URL: https://codereview.chromium.org/207193002

git-svn-id: svn://svn.chromium.org/blink/trunk@169708 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This removes all the support code, and the legacy Blink-side accelerated
filter rendering.

Acceleration of SVG-on-SVG filters will be achieved instead with
deferred filters, impl-side painting and Ganesh rasterization.
(CSS filters have their own layer-based accelerated rendering
path, implemented in the compositor, which is already shipping.)

NOTE: this change depends on the Chrome-side change
https://codereview.chromium.org/205923005/, which must land first.

BUG=196562
R=junov@chromium.org

Review URL: https://codereview.chromium.org/205033010

git-svn-id: svn://svn.chromium.org/blink/trunk@169707 bbb929c8-8fbe-4397-9dbb-9b2b20218538

We bailed out of invalidation set support for selectors containing /shadow/
or /shadow-deep/. For invalidation sets they now work like descendant/child
combinators do.

R=esprehn@chromium.org, chrishtr@chromium.org
BUG=335247

Review URL: https://codereview.chromium.org/206513004

git-svn-id: svn://svn.chromium.org/blink/trunk@169706 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Instead of reading from the settings object repeatedly when finding direct
compositing reasons, most settings are cached in the compositing triggers bit
vector. This CL moves the GPU rasterization trigger to the same model.

Review URL: https://codereview.chromium.org/206543005

git-svn-id: svn://svn.chromium.org/blink/trunk@169705 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This feature isn't enabled in any shipping configuration. We might want to add
it back after shipping layer squashing.

BUG=178119

Review URL: https://codereview.chromium.org/206593005

git-svn-id: svn://svn.chromium.org/blink/trunk@169704 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Make Traversal<SVGElement> API a little bit more efficient by specializing the
following templated function for SVGElement:
template <typename T> inline bool isElementOfType(const Node& node);

It leverages the fact that Node has an IsSVGFlag flag and we can call
Node::isSVGElement() directly on the input Node. Without this specialization,
the default template implementation would do the following check:
- node.isElementNode() && toElement(node).isSVGElement()

We thus bypass the redundant Node::isElementNode() call.

R=pdr
BUG=346733

Review URL: https://codereview.chromium.org/196563003

git-svn-id: svn://svn.chromium.org/blink/trunk@169703 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Rather than only doing it for http(s) URLs. This matches the XHR2 spec and
Firefox. This also avoids having to support the downloadToFile + synchronous
load combination in the resource loader stack.

Update tests according and add an assertion.

BUG=354188

Review URL: https://codereview.chromium.org/206223005

git-svn-id: svn://svn.chromium.org/blink/trunk@169702 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This CL move the computation of iframe and plugin compositing triggers into
iframe- and plugin-specific overrides of
RenderObject::additionalCompositingReasons. This approach means that we don't
need to take subtype specific branches for every type in
CompositingReasonFinder.

Review URL: https://codereview.chromium.org/199443009

git-svn-id: svn://svn.chromium.org/blink/trunk@169701 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This captures following spec chagne: https://www.w3.org/Bugs/Public/show_bug.cgi?id=24905
The essential part of the change is in HTMLImportsController.cpp.
Anything else is to make it work with redirect.

The problem here is that allowCredentials flag is held both
by ResourceLoaderOptions and ResourceRequest and these two
can go out-of-sync. This change tries to make them in sync.

Such a state duplication should be resolved eventually, but
that is another story.

BUG=348671
TEST=import-cors-credentials.html
R=dglazkov@chromium.org, japhet@chromium.org, abarth

Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=169496

Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=169578

Review URL: https://codereview.chromium.org/196043002

git-svn-id: svn://svn.chromium.org/blink/trunk@169700 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Grid areas sized as vertical rectangles were incorrectly considered as
invalid by the parser. That's because the condition checking that each new
row was adjacent to the previous one was using the first row of the
currently parsed grid area instead of the last one.

Review URL: https://codereview.chromium.org/203963008

git-svn-id: svn://svn.chromium.org/blink/trunk@169699 bbb929c8-8fbe-4397-9dbb-9b2b20218538

With some broken animated images the decoder could report a smaller
frame number as more data is received. We should handle this edge case
by early out. The animation sequence might not be correct. That's okay
because it's a broken file.

BUG=352421

Review URL: https://codereview.chromium.org/205333004

git-svn-id: svn://svn.chromium.org/blink/trunk@169698 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This patch fixes a corner case in the XSSAuditor where the attacker can use an organically-occurring script tag to bypass the auditor. The trick is that injection<script>expr may be parsed by JS as (injection < script) > expr.

BUG=354109

Review URL: https://codereview.chromium.org/205243002

git-svn-id: svn://svn.chromium.org/blink/trunk@169697 bbb929c8-8fbe-4397-9dbb-9b2b20218538

We do not have to follow the specified values for SVG2 anymore, so use the default ordering.
Later on this could help since the enum could potentially be bitpacked to less bits.

Review URL: https://codereview.chromium.org/205863002

git-svn-id: svn://svn.chromium.org/blink/trunk@169695 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Attempt to mimic the behavior of animated raster images (BitmapImage)
more closely wrt when the timeline is started and reset/rewound.

BUG=177277

Review URL: https://codereview.chromium.org/206033005

git-svn-id: svn://svn.chromium.org/blink/trunk@169694 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This CL removes the optimization not to create a composited layer for 0x0
plugins. Removing this optimization simplifies the CompositingReasonFinder and
removes a dependency on layout information. We've already removed a similar
optimization for 0x0 iframes.

This CL also removes RenderEmbeddedObject::allowsAcceleratedCompositing. This
function is redundant with RenderPart::requiresAcceleratedCompositing because
RenderPart is a base class of RenderEmbeddedObject.

Review URL: https://codereview.chromium.org/202523008

git-svn-id: svn://svn.chromium.org/blink/trunk@169693 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Set the value of span to 1 if the given number is too big or zero.
Merged from WebKit (patch by Zsolt Borbely).
https://bugs.webkit.org/show_bug.cgi?id=129148

R=
BUG=351280

Review URL: https://codereview.chromium.org/194593005

git-svn-id: svn://svn.chromium.org/blink/trunk@169692 bbb929c8-8fbe-4397-9dbb-9b2b20218538

There are possibilities where removeStyleSheetCandidateNode()
is called without addStyleSheetCandidateNode(). We should prevent this
because StyleEngine assumes that its call is balanced.

This change add a flag to ensure it being balanced.

BUG=353525
R=ojan@chromium.org, eseidel@chromium.org
TEST=style-onload-remove-crash.html

Review URL: https://codereview.chromium.org/203253006

git-svn-id: svn://svn.chromium.org/blink/trunk@169691 bbb929c8-8fbe-4397-9dbb-9b2b20218538

R=ager@chromium.org
BUG=

Review URL: https://codereview.chromium.org/203963005

git-svn-id: svn://svn.chromium.org/blink/trunk@169690 bbb929c8-8fbe-4397-9dbb-9b2b20218538

BUG=354405

Review URL: https://codereview.chromium.org/206743003

git-svn-id: svn://svn.chromium.org/blink/trunk@169689 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Remove support for deprecated shape types and syntax. These have already been removed from the CSS Shapes specification, so this aligns the implementation with the specification.
    
The "new" tests below were simply moved from the old csswg directory, as they were the only tests there that applied to the current syntax.

Cheery-pick from http://trac.webkit.org/changeset/165472
BUG=354159

Review URL: https://codereview.chromium.org/200633005

git-svn-id: svn://svn.chromium.org/blink/trunk@169688 bbb929c8-8fbe-4397-9dbb-9b2b20218538

It's more idiomatic to use a vector for a dynamically-sized array; it also 
provides a convenient opportunity to use inline capacity in the common case
where a gradient has a small number of stops.

BUG=

Review URL: https://codereview.chromium.org/201523002

git-svn-id: svn://svn.chromium.org/blink/trunk@169686 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This CL begins to move CompositingReasonFinder to using a virtual function on
RenderObject instead of a nest of "if video, if canvas" branches. This CL only creates
two overrides, one for video and one for canvas. A future CL will create
overrides for plugins and iframes, but there's some cleanup work we need to do first.

Review URL: https://codereview.chromium.org/197533013

git-svn-id: svn://svn.chromium.org/blink/trunk@169685 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This CL updates the RenderLayer repainter code to be a no-op during
repaint-after-layout. The repainting of updated layers is handled in the
repaintTree method, the same as non-layer RenderObjects.

While making this change we discovered that the outline rect can not be
calculated from the repaint rect. So, we've had to add the old/new outline rects to the RenderObject so we can have the correct values.

BUG=320139
COLLABORATOR=jchaffraix@chromium.org

Review URL: https://codereview.chromium.org/160903002

git-svn-id: svn://svn.chromium.org/blink/trunk@169684 bbb929c8-8fbe-4397-9dbb-9b2b20218538

As per the specification, the iframe's name should be an empty string if unset:
http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-name

Instead, Chromium was using the iframe's id as window name if the name was
unset. This change makes us behave like Firefox 27 and IE 11, verified using:
http://jsfiddle.net/xf5H7/9/

This CL sets the name attribute iframe in a lot of layout tests so that
testRunner.dumpChildFramesAsText() keeps printing the same result.

R=arv@chromium.org, tkent@chromium.org
BUG=347169
TEST=fast/frames/iframe-no-name.html

Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=168553

Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=168801

Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=169304

Review URL: https://codereview.chromium.org/187103002

git-svn-id: svn://svn.chromium.org/blink/trunk@169683 bbb929c8-8fbe-4397-9dbb-9b2b20218538

If a text query straddles multiple line boxes, only the first would be
considered, because |startPosition| would end up being negative.
Instead clip the character range to [0) (the following functions will
clip against the end position) and only reject ranges that are empty i.e.
that appear before the current fragment (logically.)

BUG=353462

Review URL: https://codereview.chromium.org/206663003

git-svn-id: svn://svn.chromium.org/blink/trunk@169682 bbb929c8-8fbe-4397-9dbb-9b2b20218538

ArrayBuffer::create may return NULL if allocation fails.

BUG=353966

Review URL: https://codereview.chromium.org/206243002

git-svn-id: svn://svn.chromium.org/blink/trunk@169680 bbb929c8-8fbe-4397-9dbb-9b2b20218538

This CL removes an optimization whereby 0x0 iframes wouldn't get a composited
layer even if they would otherwise have been composited. This optimization was
causing a bunch of awkwardness because it introduced a dependency on layout
information in the CompositingReasonFinder, which caused the reason finder to
need to set a dirty bit in the RenderLayerCompositor.

This CL also prepares us to remove requiresCompositingForFrame into a
RenderPart-specific override of additionalCompositingReasons (after
https://codereview.chromium.org/197533013/ lands).

This CL also changes RenderLayerCompositor::enableCompositingMode to notify
iframes when the root layer is destroyed as well instead of relying upon the
CompositingReasonFinder to write the dirty bit.

R=vollick@chromium.org

Review URL: https://codereview.chromium.org/206243003

git-svn-id: svn://svn.chromium.org/blink/trunk@169679 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Fix the for loop to actually reset the multipliers in
all frames. Currently only main frame is reset inside
the for-loop multiple times.

Review URL: https://codereview.chromium.org/197313003

git-svn-id: svn://svn.chromium.org/blink/trunk@169678 bbb929c8-8fbe-4397-9dbb-9b2b20218538

http://src.chromium.org/viewvc/blink?view=revision&revision=169659

BUG=273904
TBR=jchaffraix@chromium.org

Review URL: https://codereview.chromium.org/206713003

git-svn-id: svn://svn.chromium.org/blink/trunk@169677 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Repaint after layout will eventually do a tree walk that
utilizes LayoutState (or more accurately, something *like*
LayoutState) to quickly compute repaint rects while walking
the tree. In the course of building that functionality, I
got mired in the ugliness of LayoutState.

LayoutStateMaintainer is an RAII that is partially broken
due to the need to explicitly call "pop". RenderView would
explicitly create and initialize a LayoutState on the stack
then clear the pointer after layout. This patch fixes the
LayoutStateMaintainer issue (which necessitated some
refactoring in the rendering code) and introduces a
RootLayoutStateScope that takes care of RenderView's case.

BUG=343896

Review URL: https://codereview.chromium.org/196533012

git-svn-id: svn://svn.chromium.org/blink/trunk@169676 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Rename the IntRectExtent class to IntBoxExtent to match the naming of
the LayoutUnit and floating point versions of the same concept.

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/206373006

git-svn-id: svn://svn.chromium.org/blink/trunk@169675 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Add new FloatBoxExtent class (to complement existing int and LayoutUnit
versions) and update HarfBuzzShaper to use this class instead of four
separate float values to represent the glyph bounding box.

R=dglazkov@chromium.org
BUG=354165

Review URL: https://codereview.chromium.org/206403004

git-svn-id: svn://svn.chromium.org/blink/trunk@169674 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Turns out the entry wasn't needed.

BUG=273904
TBR=leviw@chromium.org

Review URL: https://codereview.chromium.org/199733014

git-svn-id: svn://svn.chromium.org/blink/trunk@169673 bbb929c8-8fbe-4397-9dbb-9b2b20218538

In particular, don't do it if the dirty bits are going to be cleaned up during synchronous
Blink execution anyway. To achieve this, this CL adds an m_updatingLayoutAndStyleForPainting state bit
in PageAnimator to indicate that code is in progress which is guaranteed to call
RenderLayerCompositor::updateCompositingLayers() at its end, and therefore any compositing dirty
bits set before that call do not require a call to scheduleAnimation().

Unfortunately, in a small number of cases RenderLayerCompositor::updateCompositingLayers will set
*new* dirty bits when updating direct compositing reasons. So put in code to check each
RenderLayerCompositor instance in the frame tree for dirty bits after
RenderLayerCompositor::updateCompositingLayers has run and call scheduleAnimation() if so. In the
future we can remove this once the compositing code is fixed to not leave around dirty bits.

BUG=340679

Review URL: https://codereview.chromium.org/202533003

git-svn-id: svn://svn.chromium.org/blink/trunk@169672 bbb929c8-8fbe-4397-9dbb-9b2b20218538