summaryrefslogtreecommitdiff
path: root/Source/WebCore
Commit message (Collapse)AuthorAgeFilesLines
* Merge remote-tracking branch 'origin/5.6.1' into 5.7.05.7.0Liang Qi2016-05-2721-106/+209
|\ | | | | | | Change-Id: Id8fd457ab1eb501f8f5622cb5f7d88c352e3758f
| * Only load QImageIO plugins from white-listed formatsAllan Sandfeld Jensen2016-05-031-0/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Not all QImage plugins are safe to load from the internet. We should only load formats that are well-used on the internet and we can be reasonably sure are safe. [ChangeLog][WebKit][Behavior Change] QtWebkit will no longer support any QImage plugin with the Size option, but instead only decode formats that have been whitelisted. If you are using QtWebKit for controlled content and wish to override the white-listed it can now be done with the environment variable QTWEBKIT_IMAGEFORMAT_WHITELIST which takes a comma-separated list of QImageIO formats. Change-Id: Ifc4f1a3addfa4ec117697a12000db3c265422314 Reviewed-by: Richard J. Moore <rich@kde.org>
| * Fix mixed use of booleans in JPEGImageDecoder.cppMaurice van der Pot2016-04-201-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=122412 Patch by Maurice van der Pot <griffon26@kfk4ever.com> on 2014-03-31 Reviewed by Darin Adler. Trivial fix for compilation error; no new tests. * platform/image-decoders/jpeg/JPEGImageDecoder.cpp: (WebCore::JPEGImageReader::decode): (WebCore::fill_input_buffer): Use TRUE/FALSE defined by libjpeg for libjpeg booleans git-svn-id: http://svn.webkit.org/repository/webkit/trunk@166490 268f45cc-cd09-0410-ab3c-d52691b4dbfc Change-Id: I6c669c951fa4bc87862b261ad1a9dd05016086e3 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
| * Fixed compilation of JPEGImageDecoder with libjpeg v9.Konstantin Tokarev2016-04-201-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=156445 Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-04-09 Reviewed by Michael Catanzaro. ICU defines TRUE and FALSE macros, breaking libjpeg v9 headers. No new tests needed. * platform/image-decoders/jpeg/JPEGImageDecoder.h: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199278 268f45cc-cd09-0410-ab3c-d52691b4dbfc Change-Id: I82db8bae210f8b03bd472a82925bd308fa01b6ca Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
| * Allow building QtWebKit on Windows with non-ICU Qt build.Konstantin Tokarev2016-04-051-3/+3
| | | | | | | | | | | | | | | | | | Also, from now use_wchar_unicode is never silently enabled when ICU config test fails, and requires qmake argument WEBKIT_CONFIG+=use_wchar_unicode. Change-Id: I434f5245c796b723a3bb116f62f8d53d05c3b4f7 Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
| * Allow using system SQLite without pkg-configKonstantin Tokarev2016-04-011-1/+1
| | | | | | | | | | Change-Id: Ifff0f8877a2d2d77a04468c205c3353f043e7738 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
| * Many assertion failures and crashes on SVG path animation cases when JS ↵Javier Fernandez2016-03-213-3/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | garbage collection happens quickly. Based on upstream fix by said@apple.com at http://trac.webkit.org/changeset/197125 Since the whole document was leaking once an SVGAnimatedProperty was created so there was no way to produce this bug. After fixing the leak, one crash and one assert got uncovered. Both of them happen because of the fact: "if an SVGAnimatedProperty is not referenced it will be deleted." * svg/SVGPathElement.cpp: (WebCore::SVGPathElement::lookupOrCreateDWrapper): The code in this function was assuming that the wrapper will be created only once which happens when SVGAnimatedProperty::lookupOrCreateWrapper() is called. Before making this single call, lookupOrCreateDWrapper() was building an initial SVGPathSegList from byte stream. But now SVGAnimatedProperty::lookupWrapper() can return false even after creating the SVGAnimatedProperty because it was deleted later. Calling buildSVGPathSegListFromByteStream() more than once was causing SVGAnimatedListPropertyTearOff::animationStarted() to fire the assertion ASSERT(m_values.size() == m_wrappers.size()) because the path segments were appended twice to m_values which is in fact SVGPathElement::m_pathSegList.value. The fix is to build the initial SVGPathSegList only once which should happen when m_pathSegList.value.isEmpty(). (WebCore::SVGPathElement::animatedPropertyWillBeDeleted): * svg/SVGPathElement.h: * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h: (WebCore::SVGAnimatedPathSegListPropertyTearOff::~SVGAnimatedPathSegListPropertyTearOff): SVGPathElement is assuming the following equivalence relation: m_pathSegList.shouldSynchronize ~ SVGAnimatedProperty_is_created_and_not_null. SVGPathElement::animatedPathSegList() and animatedNormalizedPathSegList() set m_pathSegList.shouldSynchronize to true when SVGAnimatedProperty is created but nothing sets m_pathSegList.shouldSynchronize back to false. This was not a problem when the SVGAnimatedProperty was leaking but after ensuring it is deleted when it is not referenced this equivalence relation becomes untrue sometimes. This caused SVGPathElement::svgAttributeChanged() to crash when we check m_pathSegList.shouldSynchronize and if it is true we assume that SVGAnimatedProperty::lookupWrapper() will return a non-null pointer and therefore we deference this pointer and call SVGAnimatedProperty::isAnimating(). To fix this crash we need to set m_pathSegList.shouldSynchronize back to false when the associated SVGAnimatedProperty is deleted. Change-Id: I05be755635b02d0d76105fc2eb21c2f013298c4e Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
| * Fixed crashes on SVG path animation use cases.Said Abou-Hallawa2016-03-191-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Based on upstream fix by said@apple.com at http://trac.webkit.org/changeset/196670 A destructor was added to SVGListPropertyTearOff that notifies its wrapper (the SVGAnimatedListPropertyTearoff) about its deletion. This allows the wrapper to nullify any references to the wrapped content. We needed to do the same thing for SVGPathSegListPropertyTearOff. Both SVGPathSegListPropertyTearOff and SVGListPropertyTearOff inherit from SVGListProperty and both hold pointers to SVGAnimatedListPropertyTearOff which needs to be notified. Change-Id: I1873825c7bdc07bf06cd5c300156ebe084f2607e Reviewed-by: Konstantin Tokarev <annulen@yandex.ru> Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
| * Breaking several cyclic references between SVG animated properties.Javier Fernandez2016-03-1815-94/+145
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Based on upstream fix by sabouhallawa@apple.com at http://trac.webkit.org/changeset/196268 The leak happens because of cyclic reference between SVGListPropertyTearOff and SVGAnimatedListPropertyTearOff which is derived from SVGAnimatedProperty. There is also cyclic reference between SVGAnimatedProperty and SVGElement and this causes the whole document to be leaked. So if the JS requests, for example, an instance of SVGPolylineElement.points, the whole document will be leaked. The fix depends on having the cyclic reference as is since the owning and the owned classes have to live together if any of them is referenced. But the owning class caches a raw 'ref-counted' pointer of the owned class. If it is requested for an instance of the owned class it returned a RefPtr<> of it. Once the owned class is not used, it can delete itself. The only thing needed here is to notify the owner class of the deletion so it cleans its caches and be able to create a new pointer if it is requested for an instance of the owned class later. Revert the change of r181345 in SVGAnimatedProperty::lookupOrCreateWrapper() to break the cyclic reference between SVGElement and SVGAnimatedProperty. Also apply the same approach in SVGAnimatedListPropertyTearOff::baseVal() and animVal() to break cyclic reference between SVGListPropertyTearOff and SVGAnimatedListPropertyTearOff. Change-Id: Ied6a077299e47855feb235a1c9310f1a58aad91b Reviewed-by: Konstantin Tokarev <annulen@yandex.ru> Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
* | Merge remote-tracking branch 'origin/5.6' into 5.7Liang Qi2016-02-2110-16/+32
|\ \ | |/ | | | | | | | | | | Conflicts: .qmake.conf Change-Id: Ib65e8e98ec09b9cc934c8ab7d9f1df3bc377a718
| * Assertion failure end < m_runCount in ↵Ryosuke Niwa2016-02-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WebCore::BidiRunList<WebCore::BidiRun>::reverseRuns https://bugs.webkit.org/show_bug.cgi?id=123863 Reviewed by Andreas Kling. Source/WebCore: Merge https://chromium.googlesource.com/chromium/blink/+/cbaa92c763a37d89eeabd01658e522219299290c Test: fast/text/bidi-reverse-runs-crash.html * platform/text/BidiResolver.h: (WebCore::BidiResolver<Iterator, Run>::createBidiRunsForLine): Don't reverse the runs if there's nothing to be reversed. LayoutTests: * fast/text/bidi-reverse-runs-crash-expected.txt: Added. * fast/text/bidi-reverse-runs-crash.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@158729 268f45cc-cd09-0410-ab3c-d52691b4dbfc Change-Id: I6bf0902444acf98db29c3cfa2cd3535e1a0c1bef Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
| * Properly clear m_logicallyLastRun to remove use-after-free possibilityBem Jones-Bey2016-02-011-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=129489 Reviewed by David Hyatt. A use-after-free issue was caught in Blink because m_logicallyLastRun is not cleared when the item it points to is deleted. Clearing it turns the use-after-free into a segfault, and prevents any future use-after-frees from happening. * platform/text/BidiRunList.h: (WebCore::BidiRunList<Run>::deleteRuns): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@164876 268f45cc-cd09-0410-ab3c-d52691b4dbfc Change-Id: Ia76a5723ea649e7a3609fc26025dd5bbd96f3302 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
| * XMLHttpRequest should not send DNT headerYouenn Fablet2016-01-291-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=128533 The DNT header should be set by web engines according user preferences. That includes all HTTP requests, including XHR requests. Unpriviledged web apps should not be allowed to override/interfere with user preferences. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@163915 268f45cc-cd09-0410-ab3c-d52691b4dbfc Change-Id: I80bed1eb13826cdb3cfade3d51297f439b5016f4 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
| * Fixed EventHandler::TextDragDelay setting for OS X.Konstantin Tokarev2016-01-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=18167 explains that 0.0 value was added specifically to create Windows-like behavior. In Qt port OSX-like behavior was added in r59846, but this behavior was lost after transition to Qt 5. Change-Id: I2d618a356d494805c2d8f9d2fc7751744e040741 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
| * ASSERTION FAILED: stroke->opacity != other->stroke->opacity in ↵Rob Buis2016-01-051-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WebCore::SVGRenderStyle::diff https://bugs.webkit.org/show_bug.cgi?id=119623 Reviewed by Dirk Schulze. Source/WebCore: Include all the stroke attributes in the style diff comparison, the visited links ones were missing. Test: svg/animations/animate-stroke-crasher.html * rendering/style/SVGRenderStyle.cpp: (WebCore::SVGRenderStyle::diff): LayoutTests: Add testcase from bug with small adjustments. * svg/animations/animate-stroke-crasher-expected.txt: Added. * svg/animations/animate-stroke-crasher.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153914 268f45cc-cd09-0410-ab3c-d52691b4dbfc Change-Id: I71ff999dab89127600b4a57b5cee58a6fa4687fd Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
| * Quality in toDataURL only applies to JPEGs nowVivin Paliath2015-12-141-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to the fix, quality would default to 100 irrespective of the image type, if an explicit quality-argument was not provided, or if the quality was outside the valid range. In the case where toDataURL is called without any arguments, the image type defaults to "image/png" and quality eventually defaults to 100. However, quality in the context of a PNG applies to the quality of compression and not the quality of the image. Since PNG is a lossless format, compression only affects the size of the image and not its quality. This resulted in PNG images of a large size, with no compression at all. The same behavior could be observed when toDataURL is called with the image type explicitly set to "image/png", without a quality argument. The expected behavior is only observed if toDataURL is called with the image type set to "image/png" and the quality set to 0, since this provides the highest level of compression. According to section 4.12.4.4 of the HTML5 spec, the quality argument should only apply to images of type "image/jpeg", and if quality is not provided, the user-agent should use a default value. This means that the spec was being violated, since the quality was set to 100 regardless of the image type. The fix was to consider the quality argument (along with the associated sanity-checks) only if the image type is "jpeg"; otherwise quality is set to -1. This change results in PNG images being encoded to properly-sized base64 strings. [ChangeLog][WebKit][Behavior Change] The quality parameter in canvas.toDataURL only applies to JPEG images now, in accordance with section 4.12.4.4 of the HTML5 spec. Change-Id: Ie87a32ec368e70e7736d4d2e684e2528ce37f745 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
| * % unit heights don't work if parent block height is set in vhKonstantin Tokarev2015-12-041-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=118516 Patch by Gurpreet Kaur <k.gurpreet@samsung.com> on 2013-12-04 Reviewed by Simon Fraser. From Blink r156449 by <srinivasa.ragavan.venkateswaran@intel.com> Source/WebCore: An element having height as percentage needs to have the containingblock's height or availableheight to calculate its own height. The containing block having a height set in vh unit was not being considered for calculating the child's height. * rendering/RenderBox.cpp: (WebCore::RenderBox::computePercentageLogicalHeight): Correct child's height(in pecentage) was not being calculated incase of parent having height set in vh unit. Added condition to calculate the containing block height in terms of viewport size. Change-Id: Id0158323c6d1b5a43b267133bfe0c7ce5fe4b472 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
| * Merge remote-tracking branch 'origin/5.5' into 5.6Liang Qi2015-11-173-7/+7
| |\ | | | | | | | | | Change-Id: If31212a273bc60692eb21169f24d136763409ead
| | * Check QT_NO_SSL for QtWebKit user agent.5.5Florian Bruhin2015-11-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | When QT_NO_OPENSSL is checked, the user agent says "no SSL support" even when there *is* SSL support via Secure Transport on OS X. Change-Id: Idb8bf3ee95689f60adab332b3cbac7b6bdf6a738 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com> Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
| | * Check QT_NO_SSL in SocketStreamHandleQt.Florian Bruhin2015-11-052-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since Qt 5.5, Secure Transport is used instead of OpenSSL on OS X. This means secure websockets (wss://) were disabled on OS X despite QSslSocket being available. Change-Id: Ic584a6ed81b625c84a85e54dba84c8fc920b861a Task-number: QTBUG-49027 Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
| | * Check m_socket in SocketStreamHandlePrivate::close.Florian Bruhin2015-11-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | m_socket can be set to 0 in the constructor, e.g. when Qt is compiled without SSL support. Change-Id: Ic3bb18f6c801d463e2277b4c19ef2c790216bf69 Task-number: QTBUG-49027 Reviewed-by: Richard J. Moore <rich@kde.org>
* | | Sync data type of buttonHeightRatio with value.Mihai Moldovan2016-01-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Previously, buttonHeightRatio was defined as an int with a value of 1.5. Hence, the value was actually trimmed to 1. Change-Id: Icbc628f6c5495774ba4476d0ad53d6164ec62213 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
* | | Fixed build with enabled --media-source.Konstantin Tokarev2015-11-303-1/+11
|/ / | | | | | | | | | | | | | | This is enough to trick http://youtube/tv into loading (it blocks UAs without MediaSource). Change-Id: I7163c8ef65cbbe65c23deb84ad2e4d5300f41cf2 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
* | Merge remote-tracking branch 'origin/5.5' into 5.6Liang Qi2015-10-022-0/+8
|\ \ | |/ | | | | Change-Id: I33f49683dbb3f99f4149accfeddeea95b309657f
| * Fix QNetworkReply::abort and QNetworkReply::closeMikhail Korobov2015-08-262-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | Don't read from closed QNetworkReply instances. This fixes QWebView hangs on some of the web sites when reply->abort() or reply->close() is called. [ChangeLog][QtWebKit] fixed reply->abort() and reply->close() handling. Change-Id: I8d46ad115954369b9de0b5a74b118fc3bf2f1092 Task-number: QTBUG-47654 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
* | Render anchors as clickable links in PDF documentsAntonin Stefanutti2015-08-311-1/+14
|/ | | | | | | | | | Implements the GraphicsContext::setURLForRect method using the new QPdfEngine::drawHyperlink method added in version 5.6.0 so that anchors are rendered as clickable links in PDF documents. Task-number: QTBUG-44563 Change-Id: Ic45399ba2d97be28816e54f6bd169e90de236e91 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
* WebCore: Make compile with MSVC2015Kevin Funk2015-08-141-1/+1
| | | | | | | | | Without this patch, i.e. without removing -GL from linker flags, WebCore fails to link. Checked with MSVC 2015 RTM (latest version right now). Change-Id: If36ea0e7d8f6e2e6026033240e547e90be70d335 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> Reviewed-by: Simon Hausmann <simon.hausmann@theqtcompany.com>
* Check m_p in WebCore::SocketStreamHandle::platformClose().Florian Bruhin2015-08-101-1/+2
| | | | | | | | | Also see a related Chromium fix: http://trac.webkit.org/changeset/111656/trunk/Source/WebKit/chromium/src/SocketStreamHandle.cpp Change-Id: I14d4279dad5db56a2a4a273e89e76456d8eb1702 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
* Crashes and asserts in subframesAllan Sandfeld Jensen2015-06-222-6/+33
| | | | | | | | | | | | | When a subframe is not composited it may be painted immediately when its parent is painted. This means that if it is not laid out, it may cause asserts during painting, if we only check the parent is laid out. The patch is based on http://svn.webkit.org/repository/webkit/trunk@180063 by Simon Fraser. Task-number: QTBUG-45428 Change-Id: Ib7e283485bef68375c7b023264f79acd7490e2c5 Reviewed-by: Andras Becsi <andras.becsi@theqtcompany.com>
* Merge remote-tracking branch 'origin/5.4' into 5.5Allan Sandfeld Jensen2015-06-011-1/+2
|\ | | | | | | Change-Id: Icc1f3caf891dd114064f0fd37931d9bf6c7ccfc1
| * Blacklist vlc plugin5.4Allan Sandfeld Jensen2015-06-011-1/+2
| | | | | | | | | | | | | | | | The VLC plugin may load a plugins of its own that uses Qt4. Change-Id: I5229a360f7d08d024fb93df1a2993fd7c0176848 Task-number: QTBUG-45431 Reviewed-by: Simon Hausmann <simon.hausmann@theqtcompany.com>
* | Merge "Merge remote-tracking branch 'origin/5.4' into 5.5" into refs/staging/5.5Liang Qi2015-05-291-1/+3
|\ \
| * \ Merge remote-tracking branch 'origin/5.4' into 5.5Allan Sandfeld Jensen2015-05-291-1/+3
| |\ \ | | |/ | | | | | | Change-Id: Iceb5c402acfd83632007cb5f7673b4d6cda08e6b
| | * Support MSVC 2015Allan Sandfeld Jensen2015-05-291-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes building qtwebkit with MSVC 2015 Change-Id: I94b085ab822b3cdfa911814467e051c11c93d79e Task-number: QTBUG-46344 Reviewed-by: Friedemann Kleint <Friedemann.Kleint@theqtcompany.com> Reviewed-by: Simon Hausmann <simon.hausmann@theqtcompany.com>
* | | Fix another potential OpenGL crash on exitAllan Sandfeld Jensen2015-05-291-0/+3
|/ / | | | | | | | | | | | | | | | | | | | | Now that the QOpenGLContext is watched and set to 0 if deleted, we might have a private class, but no context on deletion, we must therefore test the pointer before trying to make it active to do the final cleanups. Change-Id: Ie970265adfba5d0405a02a157bee344665d2092f Reviewed-by: Yohan Chuzeville <ychuzevi@cisco.com> Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
* | Merge remote-tracking branch 'origin/5.4' into 5.5Liang Qi2015-05-264-4/+48
|\ \ | |/ | | | | Change-Id: Icfe7bccfeba4697fc1fa7b3ddd082ffa30909900
| * Merge remote-tracking branch 'origin/5.4.2' into 5.4Liang Qi2015-05-252-2/+39
| |\ | | | | | | | | | Change-Id: Iafbf406788fa3b89d01bc11c45c56727f058b189
| | * Fix drawing of oversized accelerated layersv5.4.25.4.2Allan Sandfeld Jensen2015-05-212-2/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds a special content layer that can used when we drop the backing store due to size, but still need to draw the content that would have been in the backing store. This fixes a regression introduced with the recent patch to prevent large backing stores. Change-Id: I9a61b3cc978bccdaa423c0d076e3aeaa7d9ebc99 Task-number: QTBUG-46178 Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
| * | Merge remote-tracking branch 'origin/5.4.2' into 5.4Liang Qi2015-05-182-2/+9
| |\ \ | | |/ | | | | | | Change-Id: I5bacbd4ac254149e45003fea759855df598a2f36
| | * Fix assertion on qt.ioAllan Sandfeld Jensen2015-04-241-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | Our webkit examples all assert on resize due to qt.io trying to do an animation from an undefined value. Change-Id: I95aaee7834b2caba37e55f2cc09160af638a8d39 Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
| | * Fix crash when loading new doc after a single image docEirik Aavitsland2015-04-211-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | Added a couple of nullpointer checks in image document cleanup. Task-number: QTBUG-42890 Change-Id: I533a517ed7402428afc3ae470398a64ed0b6a2a8 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
* | | Merge remote-tracking branch 'origin/5.4' into 5.5Allan Sandfeld Jensen2015-05-189-8/+54
|\ \ \ | |/ / | | | | | | | | | | | | | | | Conflicts: .qmake.conf Change-Id: Ib823c8eeb271b380811827aae1ac0bd50ea5a59b
| * | Enforce no remote access from local URLs for XHRAllan Sandfeld Jensen2015-04-288-8/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a specific setting to disable remote access for local URLs and also enforce that on data-URLs loaded owned by local URLs. Change-Id: Ied8ec141eb1c28775644fce184a4759a79e1d177 Task-number: QTBUG-45556 Reviewed-by: Dmitry Shachnev <mitya57@gmail.com> Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
| * | SVG loaded through html <img> can't request to load any external resources.Said Abou-Hallawa2015-04-271-0/+9
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=137762. Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2014-10-22 Reviewed by Daniel Bates. Source/WebCore: SVG images have unique security rules that prevent them from loading any external resources. This patch enforces these rules in CachedResourceLoader::canRequest for all non-data-uri resources. The fix and the tests are ported but modified a little from the chromium fix: http://src.chromium.org/viewvc/blink?view=rev&rev=176084 Test: http/tests/security/svg-image-with-cached-remote-image.html http/tests/security/svg-image-with-css-cross-domain.html For the SVG image, prevent loading any external sub-resource except for data urls. * loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::canRequest): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@175074 268f45cc-cd09-0410-ab3c-d52691b4dbfc Change-Id: Iec5014e81e25c37cc6754d7cc73645b17994974f Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
* | Merge remote-tracking branch 'origin/5.4' into 5.5v5.5.0-beta1Liang Qi2015-04-153-20/+41
|\ \ | |/ | | | | Change-Id: I0d9dd63455dc12402afd56cc1bd97d0cc97c24e8
| * Fix crash when exiting browser with WebGL or accelerated canvas.Yohan Chuzeville2015-04-131-0/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue is that the TextureMapperGL creates a GraphicsContext3D using the current OpenGL context. This is done by storing a reference on QOpenGLContext::currentContext() inside GraphicsContext3DPrivate::GraphicsContext3DPrivate(). When exiting the browser, Qt releases QOpenGLContext before the release of the GraphicsContext3D in webkit which leads to a crash when destoying GraphicsContext3DPrivate. Task-number: QTBUG-45481 Change-Id: I2b9d7b1a96fbbe8517ea323d45ef3922ada208a3 Reviewed-by: Julien Brianceau <jbriance@cisco.com> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
| * Avoid backing store for texturemapper layers over 8192x8192Allan Sandfeld Jensen2015-03-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We already block too large elements from getting a composited layer with backing store, but in the case where an already composited layer is resized above the size limit, it may have bad size until relayed out. This patch blocks the backing store of such a graphics layer from being instantiated. Change-Id: I03c1688c00c1f96fdaf7ef251ee285c05c072730 Task-number: QTBUG-44523 Reviewed-by: Florian Bruhin <qt-project.org@the-compiler.org> Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
| * Fix URLs visited during private browsing showing up in WebpageIcons.db.Florian Bruhin2015-03-181-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Ported from http://trac.webkit.org/changeset/181565 by beidson@apple.com. Upstream patch by Sam Weinig, reviewed by Brady Eidson. * loader/icon/IconController.cpp: (WebCore::IconController::startLoader): Bail early here if the page is using an ephemeral session. (WebCore::IconController::continueLoadWithDecision): Instead of here. Change-Id: I263bb6122606caa3488d641b127dd377012ee424 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
| * Fix crash on exit in OpenGL accelerated modeAllan Sandfeld Jensen2015-03-171-15/+16
| | | | | | | | | | | | | | Do not try to cleanup on an already destroyed OpenGL context. Change-Id: I56d2a07700b1f69100be7fc9537dd0bc69449a0c Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
* | Merge remote-tracking branch 'origin/5.4' into 5.5v5.5.0-alpha1Allan Sandfeld Jensen2015-03-105-29/+62
|\ \ | |/ | | | | Change-Id: I824a984e8552340c2f9f631ac951f2c9eaa90b74
View Lorry Controller Status