Branch: refs/heads/safari-7623.1.14.14-branch
Home: https://github.com/WebKit/WebKit
Commit: 805628683357204d36cc594f30881c8e03c9bf42
https://github.com/WebKit/WebKit/commit/805628683357204d36cc594f30881c8e03c9bf42
Author: Matt Woodrow <[email protected]>
Date: 2025-11-05 (Wed, 05 Nov 2025)
Changed paths:
A
LayoutTests/compositing/repaint/change-opacity-visibility-hidden-expected.txt
A LayoutTests/compositing/repaint/change-opacity-visibility-hidden.html
M
LayoutTests/fast/repaint/incorrect-repaint-when-child-layer-overflows-expected.txt
M
LayoutTests/svg/compositing/transform-change-repainting-viewBox-repaintRects-expected.txt
M Source/WebCore/rendering/RenderElement.cpp
M Source/WebCore/rendering/RenderLayer.cpp
M Source/WebCore/rendering/RenderLayer.h
Log Message:
-----------
Cherry-pick 4d0d8131db61. rdar://161367545
REGRESSION(294225@main): apple.com Careers menu items disappear after
animating in.
https://bugs.webkit.org/show_bug.cgi?id=301538
<rdar://161367545>
Reviewed by Simon Fraser.
Visibility hidden can be overriden by descendants, we need to track repaint
rects if anything in the tree
is visible, not just the current layer.
Test: compositing/repaint/change-opacity-visibility-hidden.html
*
LayoutTests/compositing/repaint/change-opacity-visibility-hidden-expected.txt:
Added.
* LayoutTests/compositing/repaint/change-opacity-visibility-hidden.html:
Added.
*
LayoutTests/fast/repaint/incorrect-repaint-when-child-layer-overflows-expected.txt:
*
LayoutTests/svg/compositing/transform-change-repainting-viewBox-repaintRects-expected.txt:
* Source/WebCore/rendering/RenderElement.cpp:
(WebCore::RenderElement::repaintBeforeStyleChange):
* Source/WebCore/rendering/RenderLayer.cpp:
(WebCore::RenderLayer::recursiveUpdateLayerPositions):
(WebCore::RenderLayer::computeRepaintRects):
(WebCore::RenderLayer::calculateClipRects const):
* Source/WebCore/rendering/RenderLayer.h:
Canonical link: https://commits.webkit.org/302255@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 22b98b6802aac5389c562a858569deeacf1eb62f
https://github.com/WebKit/WebKit/commit/22b98b6802aac5389c562a858569deeacf1eb62f
Author: Garrett Davidson <[email protected]>
Date: 2025-11-05 (Wed, 05 Nov 2025)
Changed paths:
M
Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesForwardDeclarations.h
M
Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesSoftLink.h
M
Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesSoftLink.mm
M
Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm
Log Message:
-----------
Cherry-pick 26c5e2d35d15. rdar://163746116
Update isUserVerifyingPlatformAuthenticatorAvailable to check if the device
is configured for passkeys
https://bugs.webkit.org/show_bug.cgi?id=301598
rdar://159192917
Reviewed by Richard Robinson and Pascoe.
Adopt recently-shipped AuthenticationServices API to check if the device is
currently configured for passkeys,
for use when checking isUVPAA().
*
Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesForwardDeclarations.h:
*
Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesSoftLink.h:
*
Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesSoftLink.mm:
*
Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:
Canonical link: https://commits.webkit.org/302362@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 730c5a47c042fbd5a047b05b7a10c5ed9cb7d122
https://github.com/WebKit/WebKit/commit/730c5a47c042fbd5a047b05b7a10c5ed9cb7d122
Author: Eric Carlson <[email protected]>
Date: 2025-11-05 (Wed, 05 Nov 2025)
Changed paths:
M
LayoutTests/http/tests/media/hls/track-in-band-hls-metadata-cue-duration.html
M Source/WebCore/platform/cocoa/SerializedPlatformDataCueValue.mm
Log Message:
-----------
Cherry-pick 01952a527b50. rdar://161687917
REGRESSION (Safari 26): Live HLS ID3 timed metadata cues mapped with
endTime = Infinity cause TextTrack.activeCues to include all past cues
indefinitely
https://bugs.webkit.org/show_bug.cgi?id=299853
rdar://161687917
Reviewed by Jer Noble.
274146@main changed the way SerializedPlatformDataCueValue objects are
compared so instead
of creating the native NSObjects and comparing them, every field in the
internal Data struct
is compared directly. The `locale` field is an NSLocale, so values are
compared with `isEqual:`,
but because any message to a nil NSObject returns a falsy value,
`SerializedPlatformDataCueValue::Data::operator==` always returns false if
the data cue
doesn't have a locale.
track-in-band-hls-metadata-cue-duration.html was updated for this fix.
*
LayoutTests/http/tests/media/hls/track-in-band-hls-metadata-cue-duration.html:
* Source/WebCore/platform/cocoa/SerializedPlatformDataCueValue.mm:
(WebCore::SerializedPlatformDataCueValue::Data::operator== const):
Canonical link: https://commits.webkit.org/302395@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: f993f531c5a91537ba9ef801a0eb97d6135cd869
https://github.com/WebKit/WebKit/commit/f993f531c5a91537ba9ef801a0eb97d6135cd869
Author: BJ Burg <[email protected]>
Date: 2025-11-05 (Wed, 05 Nov 2025)
Changed paths:
M Source/WebCore/inspector/agents/InspectorAnimationAgent.cpp
M Source/WebCore/inspector/agents/InspectorAnimationAgent.h
Log Message:
-----------
Cherry-pick bb6619c24211. rdar://162052589
Web Inspector: adopt more smart pointers in InspectorAnimationAgent (part 2)
https://bugs.webkit.org/show_bug.cgi?id=300926
Reviewed by Devin Rousso.
No new tests, no behavior change.
* Source/WebCore/inspector/agents/InspectorAnimationAgent.cpp:
(WebCore::InspectorAnimationAgent::resolveAnimation):
Do not resolve/bind an animation if its ScriptExecutionContext is gone.
(WebCore::InspectorAnimationAgent::findAnimationId):
(WebCore::InspectorAnimationAgent::bindAnimation):
* Source/WebCore/inspector/agents/InspectorAnimationAgent.h:
Use a WeakRef since we don't expect these references to become null.
We nonetheless should not extend the lifetime of the WebAnimation objects.
Canonical link: https://commits.webkit.org/302497@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 23353e2286ae687abb78392ffee57cbf97028569
https://github.com/WebKit/WebKit/commit/23353e2286ae687abb78392ffee57cbf97028569
Author: Elika Etemad <[email protected]>
Date: 2025-11-05 (Wed, 05 Nov 2025)
Changed paths:
A
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-fixed-expected.txt
A
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-fixed.html
M
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-001-expected.html
M
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-001-ref.html
M
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-001.html
M
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-002.html
A
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-003-expected.html
A
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-003-ref.html
A
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-003.html
A
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-004-expected.html
A
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-004-ref.html
A
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-004.html
M Source/WebCore/rendering/PositionedLayoutConstraints.cpp
M Source/WebCore/rendering/PositionedLayoutConstraints.h
Log Message:
-----------
Cherry-pick a742f82ced72. rdar://164017243
REGRESSION(300921@main): Exclude fixed-positioned boxes from position-area
scrollable CB
https://bugs.webkit.org/show_bug.cgi?id=301880
rdar://163955483
Reviewed by Alan Baradlay.
The recent fix for bug 299950 forgot to exclude fixed-positioned boxes
from the root scrollable containing block pathway, resulting in incorrect
layout for fixed-positioned boxes that use position-area. However, we
still need to avoid using overflow safety to overlap the anchor when it
would otherwise be reachable. This patch excludes fixed-positioned boxes
from using the scrollable containing block from sizing and positioning,
but allows them to overflow into that area when necessary.
Tests:
imported/w3c/web-platform-tests/css/css-anchor-position/position-area-fixed.html
imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-003-ref.html
imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-003.html
imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-004-ref.html
imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-004.html
*
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-fixed-expected.txt:
Added.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-fixed.html:
Added.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-001-expected.html:
*
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-001-ref.html:
*
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-001.html:
*
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-002.html:
*
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-003-expected.html:
Copied from
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-001-expected.html.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-003-ref.html:
Copied from
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-001-expected.html.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-003.html:
Copied from
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-001.html.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-004-expected.html:
Copied from
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-001-expected.html.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-004-ref.html:
Copied from
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-001-expected.html.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-004.html:
Copied from
LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-overflow-icb-002.html.
Update and add tests.
* Source/WebCore/rendering/PositionedLayoutConstraints.cpp:
(WebCore::PositionedLayoutConstraints::PositionedLayoutConstraints):
(WebCore::PositionedLayoutConstraints::expandToScrollableArea const):
(WebCore::PositionedLayoutConstraints::captureScrollableArea): Deleted.
Adjust captureScrollableArea API to be re-usable for different LayoutRanges.
Exempt fixed-positioned boxes from the m_containingRange adjustment.
(WebCore::PositionedLayoutConstraints::resolveAlignmentShift const):
Adjust overflow alignment area for fixed-positioned boxes.
(WebCore::PositionedLayoutConstraints::containerAllowsInfiniteOverflow
const):
Add missing check for scrollable RenderView (which returns false on
hasPotentiallyScrollableOverflow() even when the document is scrollable).
* Source/WebCore/rendering/PositionedLayoutConstraints.h:
(WebCore::PositionedLayoutConstraints::expandToScrollableArea):
Canonical link: https://commits.webkit.org/302537@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 4729d50619a6ebeea066f9f5d8743c6e00d476ad
https://github.com/WebKit/WebKit/commit/4729d50619a6ebeea066f9f5d8743c6e00d476ad
Author: Timothy Hatcher <[email protected]>
Date: 2025-11-05 (Wed, 05 Nov 2025)
Changed paths:
M Source/WebKit/UIProcess/Extensions/WebExtensionContext.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtension.mm
Log Message:
-----------
Cherry-pick f86f0d4ad055. rdar://164019010
REGRESSION (300057@main): Content scripts are injected on the wrong pages.
https://webkit.org/b/301890
rdar://162073778
Reviewed by Brian Weinstein.
When an extension declares multiple content scripts with match patterns,
only the first
script correctly respects the match patterns. Subsequent scripts in the
list ignore the
patterns and inject on all pages, and stylesheets fail to inject at all.
The bug was introduced when converting from ObjC++ to C++ in 300057@main.
The original
code used `makeVector<String>(array)` to create a new `Vector` from an
`NSArray` on each
loop iteration. The converted code incorrectly used
`WTFMove(includeMatchPatterns)` and
`WTFMove(excludeMatchPatterns)`, which moved the pattern vectors on the
first iteration,
leaving them empty for all subsequent iterations.
With empty match patterns, WebCore's content script matching logic treats
the patterns as
matching all pages, causing scripts to inject globally instead of on their
intended targets.
The fix changes `WTFMove(patterns)` to `Vector { patterns }`, which creates
a copy of the
pattern vectors for each script and stylesheet, matching the original
behavior.
Test: Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtension.mm
* Source/WebKit/UIProcess/Extensions/WebExtensionContext.cpp:
(WebKit::WebExtensionContext::addInjectedContent): Copy vectors instead of
moving in the loop.
(WebKit::WebExtensionContext::purgeMatchedRulesFromBefore): Add a newline.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtension.mm:
(TestWebKitAPI::TEST(WKWebExtension,
MultipleContentScriptsInjectedWhenMatched)): Added.
(TestWebKitAPI::TEST(WKWebExtension,
MultipleContentScriptsNotInjectedWhenNotMatched)): Added.
Canonical link: https://commits.webkit.org/302546@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: bb7c220ff555c225d84392bbb2f5f3f7574c5fd7
https://github.com/WebKit/WebKit/commit/bb7c220ff555c225d84392bbb2f5f3f7574c5fd7
Author: Phinehas Fuachie <[email protected]>
Date: 2025-11-05 (Wed, 05 Nov 2025)
Changed paths:
M Source/WebCore/platform/cocoa/PlaybackSessionModel.h
M Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.h
M Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm
M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm
Log Message:
-----------
Cherry-pick 9d8d97901b01. rdar://164023834
Auto dimming on VisionOS is off by default
https://bugs.webkit.org/show_bug.cgi?id=301896
rdar://163824973
Reviewed by Jean-Yves Avenard.
Set the standardUserDefaults for auto dimming to YES instead of NO.
* Source/WebCore/platform/cocoa/PlaybackSessionModel.h:
(WebCore::PlaybackSessionModel::prefersAutoDimming const):
* Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.h:
* Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm:
(WebKit::PlaybackSessionManagerProxy::PlaybackSessionManagerProxy):
* Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:
(-[WKFullScreenWindowController didExitVideoFullscreen]):
(-[WKFullScreenWindowController prefersSceneDimming]):
Canonical link: https://commits.webkit.org/302551@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 9b25e438d9c9983dac866e221896296b0fe41343
https://github.com/WebKit/WebKit/commit/9b25e438d9c9983dac866e221896296b0fe41343
Author: Said Abou-Hallawa <[email protected]>
Date: 2025-11-05 (Wed, 05 Nov 2025)
Changed paths:
M Source/WebKit/WebProcess/GPU/graphics/RemoteResourceCacheProxy.cpp
Log Message:
-----------
Cherry-pick f0ea9c615ad9. rdar://163447308
REGRESSION(300463@main): Sending the fill pattern image to GPUP can cause
null-pointer dereference in RemoteResourceCacheProxy::recordNativeImageUse()
https://bugs.webkit.org/show_bug.cgi?id=301958
rdar://163447308
Reviewed by Simon Fraser.
Some NativeImages may have backing stores in GPUP only. This happens when
copying
a NativeImage from a RemoteImageBuffer. Examples for this scenario is the
tileImage
of the fill and the stroke patterns.
After 300463@main and when GPUP crashes, these NativeImages can't be
recovered
because their backing stores in GPUP are deleted. The originator
RemoteImageBuffers
are also deleted. So these images cannot be drawn until a full layout
happens.
For now, add a null check to recordNativeImageUse().
* Source/WebKit/WebProcess/GPU/graphics/RemoteResourceCacheProxy.cpp:
(WebKit::RemoteResourceCacheProxy::recordNativeImageUse):
Canonical link: https://commits.webkit.org/302568@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 5e69ea530e0d461156ddedeaa6158ba9147cd2d1
https://github.com/WebKit/WebKit/commit/5e69ea530e0d461156ddedeaa6158ba9147cd2d1
Author: Wenson Hsieh <[email protected]>
Date: 2025-11-05 (Wed, 05 Nov 2025)
Changed paths:
A LayoutTests/accessibility/crash-when-deleting-hidden-element-expected.txt
A LayoutTests/accessibility/crash-when-deleting-hidden-element.html
M Source/WebCore/editing/Editor.cpp
Log Message:
-----------
Cherry-pick 8bc3a0eefb4f. rdar://164099112
REGRESSION (298476@main): [AX] Crash under
WebCore::Editor::respondToChangedContents when VoiceOver is enabled
https://bugs.webkit.org/show_bug.cgi?id=301982
rdar://163230929
Reviewed by Abrar Rahman Protyasha.
Restore a null check for `node` in `Editor::respondToChangedContents` that
was (effectively) removed
in 298476@main. Prior to that patch, we only passed a pointer into
`AXObjectCache::postNotification`,
which would become a no-op if the `node` was null. After that change, we
now (incorrectly) assume
the `node` is non-null and dereference it.
The selection start node might be null in the case where, while processing
the editing command, we
mutated the DOM in such a way that the selection anchor is no longer
connected or editable.
Test: accessibility/crash-when-deleting-hidden-element.html
*
LayoutTests/accessibility/crash-when-deleting-hidden-element-expected.txt:
Added.
* LayoutTests/accessibility/crash-when-deleting-hidden-element.html: Added.
Add a layout test to exercise the fix by verifying that we don't crash when
accessibility is
enabled, under this codepath.
* Source/WebCore/editing/Editor.cpp:
(WebCore::Editor::respondToChangedContents):
Canonical link: https://commits.webkit.org/302581@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: e18b204489d158e98359234993a57a1591f95107
https://github.com/WebKit/WebKit/commit/e18b204489d158e98359234993a57a1591f95107
Author: Garrett Davidson <[email protected]>
Date: 2025-11-05 (Wed, 05 Nov 2025)
Changed paths:
M Source/WTF/wtf/PlatformHave.h
M
Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesForwardDeclarations.h
M
Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesSoftLink.h
M
Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesSoftLink.mm
M
Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm
Log Message:
-----------
Cherry-pick 43cf71441cc9. rdar://164107543
Safari may crash when signing in on visionOS
https://bugs.webkit.org/show_bug.cgi?id=301954
rdar://163973546
Reviewed by Aditya Keerthi.
This class isn't available on visionOS, so we should skip this check here.
We didn't catch this
earlier because it is forward declared and softlinked. These macros match
the implementation of
this class.
* Source/WTF/wtf/PlatformHave.h:
*
Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:
Canonical link: https://commits.webkit.org/302600@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 7d873f3d4718c1bb84c6d5dd86f89f3273c56385
https://github.com/WebKit/WebKit/commit/7d873f3d4718c1bb84c6d5dd86f89f3273c56385
Author: Kiara Rose <[email protected]>
Date: 2025-11-05 (Wed, 05 Nov 2025)
Changed paths:
M Source/WebKit/UIProcess/Extensions/WebExtensionContext.cpp
Log Message:
-----------
Cherry-pick 3bef62dc303f. rdar://164123350
Incorrect date passed when removing expired permission match patterns
https://bugs.webkit.org/show_bug.cgi?id=302029
rdar://164108150
Reviewed by Timothy Hatcher and Brian Weinstein.
We should be using m_nextGrantedPermissionMatchPatternsExpirationDate
instead of m_nextGrantedPermissionsExpirationDate.
* Source/WebKit/UIProcess/Extensions/WebExtensionContext.cpp:
(WebKit::WebExtensionContext::setGrantedPermissions):
Remove duplicate call for adding the permission.
(WebKit::WebExtensionContext::setGrantedPermissionMatchPatterns):
(WebKit::WebExtensionContext::permissionState):
Fix asserts. They'll always pass.
Canonical link: https://commits.webkit.org/302610@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 96edd66f715873bf5b834ef810132f2fff4e173b
https://github.com/WebKit/WebKit/commit/96edd66f715873bf5b834ef810132f2fff4e173b
Author: Kiara Rose <[email protected]>
Date: 2025-11-05 (Wed, 05 Nov 2025)
Changed paths:
M Source/WebKit/UIProcess/Extensions/WebExtension.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtension.mm
Log Message:
-----------
Cherry-pick 3a0125954abc. rdar://164123266
Crash at WebKit::WebExtension::populateActionPropertiesIfNeeded
https://bugs.webkit.org/show_bug.cgi?id=302028
rdar://164059373
Reviewed by Timothy Hatcher.
We were unconditionally grabbing the value off the icon result, regardless
if there was an error or
not. Fix this by only grabbing the result if there is no error.
Test: Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtension.mm
* Source/WebKit/UIProcess/Extensions/WebExtension.cpp:
(WebKit::WebExtension::populateActionPropertiesIfNeeded):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtension.mm:
(TestWebKitAPI::TEST(WKWebExtension, ActionParsing)):
Verified this test crashing without the change, and passes with the change.
Canonical link: https://commits.webkit.org/302611@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: cd8fb461102032af3e54639adf28f7412489172a
https://github.com/WebKit/WebKit/commit/cd8fb461102032af3e54639adf28f7412489172a
Author: Dan Robson <[email protected]>
Date: 2025-11-05 (Wed, 05 Nov 2025)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7
Canonical link: https://commits.webkit.org/[email protected]
Commit: 03b19255440b272b112cebb7571d99b52610982c
https://github.com/WebKit/WebKit/commit/03b19255440b272b112cebb7571d99b52610982c
Author: Andy Estes <[email protected]>
Date: 2025-11-06 (Thu, 06 Nov 2025)
Changed paths:
M Source/WebCore/platform/cocoa/VideoPresentationModel.h
M Source/WebCore/platform/cocoa/VideoPresentationModelVideoElement.h
M Source/WebCore/platform/cocoa/VideoPresentationModelVideoElement.mm
M Source/WebCore/platform/graphics/cocoa/NullVideoPresentationInterface.h
M Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.h
M Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.mm
M Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm
M Source/WebCore/platform/mac/VideoPresentationInterfaceMac.h
M Source/WebCore/platform/mac/VideoPresentationInterfaceMac.mm
M Source/WebKit/Platform/ios/VideoPresentationInterfaceLMK.mm
M Source/WebKit/UIProcess/Cocoa/VideoPresentationManagerProxy.h
M Source/WebKit/UIProcess/Cocoa/VideoPresentationManagerProxy.mm
M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenViewController.h
M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenViewController.mm
M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.h
M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm
M Source/WebKit/WebProcess/cocoa/VideoPresentationManager.mm
Log Message:
-----------
Cherry-pick dd4b8a6a214f. rdar://163974170
[visionOS] Chrome missing after exiting spatial fullscreen on uploadvr.com
https://bugs.webkit.org/show_bug.cgi?id=301851
rdar://159979195
Reviewed by Jer Noble.
The following order of events can cause window chrome to be hidden in the
WKWebView's window after
watching a video in spatial fullscreen:
1. The user enters element fullscreen; WKFullscreenWindowController saves
the state of the
WKWebView window’s chrome, then hides the chrome.
2. The user enters spatial fullscreen; LinearMediaKit saves the state of
the WKWebView window’s
chrome, then hides the chrome again.
3. The website calls document.exitFullscreen();
WKFullscreenWindowController closes the element
fullscreen window and restores the saved state of the WKWebView window’s
chrome.
4. The user exits spatial fullscreen; LinearMediaKit restores the saved
state of the WKWebView
window’s chrome.
Since when LinearMediaKit saved the state of the window chrome it was
hidden, it is restored to a
hidden state in (4) even though it was previously made visible in (3).
Resolved this by checking if the native fullscreen-eligible video is in
fullscreen when exiting
element fullscreen. If it is, WKFullscreenWindowController retains
_parentWindowState so that it
can be later restored when native fullscreen exits. Made
WKFullscreenWindowController a client of
the VideoPresentationModel that enters spatial fullscreen (or any other
native fullscreen mode) so
that it can learn when the user exits native fullscreen (which required
adding a new
VideoPresentationModelClient callback). and when they do, used
_parentWindowState to restore window
chrome (as well as other state like ornaments and resizing behavior).
* Source/WebCore/platform/cocoa/VideoPresentationModel.h:
(WebCore::VideoPresentationModelClient::fullscreenModeChanged):
* Source/WebCore/platform/cocoa/VideoPresentationModelVideoElement.h:
* Source/WebCore/platform/cocoa/VideoPresentationModelVideoElement.mm:
(WebCore::VideoPresentationModelVideoElement::fullscreenModeChanged):
* Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.h:
* Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.mm:
(WebCore::VideoPresentationInterfaceIOS::enterFullscreenHandler):
(WebCore::VideoPresentationInterfaceIOS::exitFullscreenHandler):
(WebCore::VideoPresentationInterfaceIOS::didStartPictureInPicture):
(WebCore::VideoPresentationInterfaceIOS::failedToStartPictureInPicture):
(WebCore::VideoPresentationInterfaceIOS::didStopPictureInPicture):
(WebCore::VideoPresentationInterfaceIOS::setMode):
(WebCore::VideoPresentationInterfaceIOS::clearMode):
* Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm:
(VideoFullscreenControllerContext::fullscreenModeChanged):
* Source/WebKit/Platform/ios/VideoPresentationInterfaceLMK.mm:
(WebKit::VideoPresentationInterfaceLMK::swapFullscreenModesWith):
* Source/WebKit/UIProcess/Cocoa/VideoPresentationManagerProxy.h:
* Source/WebKit/UIProcess/Cocoa/VideoPresentationManagerProxy.mm:
(WebKit::VideoPresentationModelContext::fullscreenModeChanged):
(WebKit::VideoPresentationManagerProxy::setVideoFullscreenMode):
(WebKit::VideoPresentationManagerProxy::didCleanupFullscreen):
* Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenViewController.h:
* Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenViewController.mm:
(-[WKFullScreenViewController invalidate]):
(-[WKFullScreenViewController _bestVideoPresentationInterface]):
(-[WKFullScreenViewController
configureEnvironmentPickerOrFullscreenVideoButtonView]):
(-[WKFullScreenViewController _playbackSessionInterface]):
(-[WKFullScreenViewController _enterVideoFullscreenAction:]):
* Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.h:
* Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:
(-[WKFullScreenWindowController initWithWebView:]):
(-[WKFullScreenWindowController _completedExitFullScreen:]):
(-[WKFullScreenWindowController _isBestVideoInFullScreen]):
(-[WKFullScreenWindowController _shouldShowOrnaments]):
(-[WKFullScreenWindowController
_performSpatialFullScreenTransition:completionHandler:]):
(-[WKFullScreenWindowController bestVideoFullscreenModeChanged]):
(-[WKFullScreenWindowController fullScreenViewControllerDidInvalidate:]):
(-[WKFullScreenWindowController
fullScreenViewController:bestVideoPresentationInterfaceDidChange:]):
* Source/WebKit/WebProcess/cocoa/VideoPresentationManager.mm:
(WebKit::VideoPresentationManager::fullscreenModeChanged):
Canonical link: https://commits.webkit.org/302506@main
Identifier: 301765.265@safari-7623-branch
(cherry picked from commit 2216a214c74fcd5d96dc169c470b8aa19c3adfc2)
Canonical link: https://commits.webkit.org/[email protected]
Commit: cb393207eed67b99f0046ab24b5be65ca23db76d
https://github.com/WebKit/WebKit/commit/cb393207eed67b99f0046ab24b5be65ca23db76d
Author: Yusuke Suzuki <[email protected]>
Date: 2025-11-06 (Thu, 06 Nov 2025)
Changed paths:
M Source/JavaScriptCore/runtime/VM.h
M Source/JavaScriptCore/runtime/VMManager.cpp
Log Message:
-----------
Cherry-pick d3494187c3d3. rdar://164088401
[JSC] VM::m_isInService should be initialized before VMThreadContext
https://bugs.webkit.org/show_bug.cgi?id=302043
rdar://164088401
Reviewed by Mark Lam.
After VMThreadContext is initialized, VM is exposed to the other
concurrent threads. So any threads can see this VM via
VMManager::forEachVM etc. We are checking `VM::isInService()` before
using in each thread to ensure that VM is already finalizing its
initialization. However this method is reading a bool field
`VM::m_isInService`, and it is initialized after VMThreadContext is
initialized. This means that it is possible that the concurrent thread
will see a stale value which exists from the allocated memory. If it is
not 0, then we accidentally see this VM as in-service while it is not
yet. This patch moves this field ordering to ensure that initialization
of this field is done before initializing VMThreadContext. And we also
ensure that this bool field is `false` when initializing VMThreadContext
since we are not fully initializing VM yet.
* Source/JavaScriptCore/runtime/VM.h:
* Source/JavaScriptCore/runtime/VMManager.cpp:
(JSC::VMThreadContext::VMThreadContext):
Canonical link: https://commits.webkit.org/302617@main
Commit: 3fb0033e1604c18c550fe005f57d16a799708a90
https://github.com/WebKit/WebKit/commit/3fb0033e1604c18c550fe005f57d16a799708a90
Author: Russell Epstein <[email protected]>
Date: 2025-11-06 (Thu, 06 Nov 2025)
Changed paths:
M
LayoutTests/fast/repaint/hidpi-content-inside-iframe-leaves-trails-expected.txt
M LayoutTests/fast/repaint/hidpi-content-inside-iframe-leaves-trails.html
M LayoutTests/fast/repaint/iframe-on-subpixel-position-expected.txt
M
LayoutTests/platform/mac-sequoia-wk2/fast/repaint/iframe-on-subpixel-position-expected.txt
M
LayoutTests/platform/mac-wk2/fast/repaint/iframe-on-subpixel-position-expected.txt
M Source/WebCore/rendering/RenderView.cpp
M Source/WebCore/rendering/RenderView.h
Log Message:
-----------
Revert "Cherry-pick 7ca23d97bf74. rdar://163507577"
This reverts commit bf72106c60ffb2557ab454d02e3e4c3e9b901621.
Canonical link: https://commits.webkit.org/[email protected]
Commit: cccdbdf144822850a9a560216736d2bc1e440f84
https://github.com/WebKit/WebKit/commit/cccdbdf144822850a9a560216736d2bc1e440f84
Author: Antti Koivisto <[email protected]>
Date: 2025-11-06 (Thu, 06 Nov 2025)
Changed paths:
M Source/WebCore/accessibility/AccessibilityObject.cpp
M Source/WebCore/accessibility/AccessibilityRenderObject.cpp
M Source/WebCore/animation/KeyframeEffect.cpp
M Source/WebCore/animation/WebAnimationUtilities.cpp
M Source/WebCore/css/CSSSelector.cpp
M Source/WebCore/css/CSSSelector.h
M Source/WebCore/css/SelectorChecker.cpp
M Source/WebCore/css/SelectorChecker.h
M Source/WebCore/css/parser/CSSSelectorParser.cpp
M Source/WebCore/cssjit/SelectorCompiler.cpp
M Source/WebCore/dom/Document.cpp
M Source/WebCore/dom/Element.cpp
M Source/WebCore/dom/Element.h
M Source/WebCore/dom/ElementInlines.h
M Source/WebCore/dom/Node.h
M Source/WebCore/dom/NodeInlines.h
M Source/WebCore/dom/PseudoElement.cpp
M Source/WebCore/dom/PseudoElement.h
M Source/WebCore/dom/ViewTransition.cpp
M Source/WebCore/inspector/agents/InspectorCSSAgent.cpp
M Source/WebCore/inspector/agents/InspectorCSSAgent.h
M Source/WebCore/inspector/agents/InspectorDOMAgent.cpp
M Source/WebCore/inspector/agents/InspectorLayerTreeAgent.cpp
M Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp
M
Source/WebCore/layout/formattingContexts/inline/invalidation/InlineInvalidation.cpp
M Source/WebCore/layout/integration/inline/LayoutIntegrationLineLayout.cpp
M Source/WebCore/page/LocalFrameView.cpp
M Source/WebCore/rendering/MarkedText.cpp
M Source/WebCore/rendering/RenderBlock.cpp
M Source/WebCore/rendering/RenderBlockFlow.cpp
M Source/WebCore/rendering/RenderBox.cpp
M Source/WebCore/rendering/RenderBoxModelObject.h
M Source/WebCore/rendering/RenderCounter.cpp
M Source/WebCore/rendering/RenderElement.cpp
M Source/WebCore/rendering/RenderElement.h
M Source/WebCore/rendering/RenderElementInlines.h
M Source/WebCore/rendering/RenderInline.cpp
M Source/WebCore/rendering/RenderLayerBacking.cpp
M Source/WebCore/rendering/RenderLayerCompositor.cpp
M Source/WebCore/rendering/RenderLayerScrollableArea.cpp
M Source/WebCore/rendering/RenderListItem.cpp
M Source/WebCore/rendering/RenderReplaced.cpp
M Source/WebCore/rendering/RenderScrollbar.cpp
M Source/WebCore/rendering/RenderScrollbar.h
M Source/WebCore/rendering/RenderTextFragment.cpp
M Source/WebCore/rendering/RenderViewTransitionCapture.cpp
M Source/WebCore/rendering/StyledMarkedText.cpp
M Source/WebCore/rendering/TextAutoSizing.cpp
M Source/WebCore/rendering/TextDecorationPainter.cpp
M Source/WebCore/rendering/TextDecorationPainter.h
M Source/WebCore/rendering/style/RenderStyle.cpp
M Source/WebCore/rendering/style/RenderStyle.h
M Source/WebCore/rendering/style/RenderStyleConstants.cpp
M Source/WebCore/rendering/style/RenderStyleConstants.h
M Source/WebCore/rendering/style/RenderStyleInlines.h
M Source/WebCore/rendering/style/RenderStyleSetters.h
M Source/WebCore/rendering/svg/SVGTextBoxPainter.cpp
M Source/WebCore/rendering/updating/RenderTreeBuilderFirstLetter.cpp
M Source/WebCore/rendering/updating/RenderTreeUpdater.cpp
M Source/WebCore/rendering/updating/RenderTreeUpdaterGeneratedContent.cpp
M Source/WebCore/rendering/updating/RenderTreeUpdaterGeneratedContent.h
M Source/WebCore/rendering/updating/RenderTreeUpdaterViewTransition.cpp
M Source/WebCore/style/AnchorPositionEvaluator.cpp
M Source/WebCore/style/ElementRuleCollector.cpp
M Source/WebCore/style/ElementRuleCollector.h
M Source/WebCore/style/MatchedDeclarationsCache.cpp
M Source/WebCore/style/PropertyAllowlist.cpp
M Source/WebCore/style/PropertyAllowlist.h
M Source/WebCore/style/PseudoElementIdentifier.h
M Source/WebCore/style/PseudoElementRequest.h
M Source/WebCore/style/RuleData.cpp
M Source/WebCore/style/StylableInlines.h
M Source/WebCore/style/StyleAdjuster.cpp
M Source/WebCore/style/StyleBuilderState.cpp
M Source/WebCore/style/StyleChange.cpp
M Source/WebCore/style/StylePendingResources.cpp
M Source/WebCore/style/StyleResolver.cpp
M Source/WebCore/style/StyleTreeResolver.cpp
M Source/WebCore/style/Styleable.cpp
M Source/WebCore/testing/Internals.cpp
Log Message:
-----------
Cherry-pick a25210285dc7. rdar://163571796
Rename PseudoId to PseudoElementType
https://bugs.webkit.org/show_bug.cgi?id=300982
rdar://problem/162862210
Reviewed by Tim Nguyen.
Use a less vague name for this enum.
Also some related renamings and cleanups.
This patch does not touch Inspector or the inspector protocol where the old
name is still used.
* Source/WebCore/accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::shouldCacheStringValue const):
* Source/WebCore/accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::textRuns):
* Source/WebCore/animation/KeyframeEffect.cpp:
(WebCore::KeyframeEffect::isCurrentlyAffectingProperty const):
(WebCore::KeyframeEffect::computeHasSizeDependentTransform):
* Source/WebCore/animation/WebAnimationUtilities.cpp:
(WebCore::compareStyleOriginatedAnimationOwningElementPositionsInDocumentTreeOrder):
(WebCore::pseudoElementIdentifierAsString):
* Source/WebCore/css/CSSSelector.cpp:
(WebCore::CSSSelector::stylePseudoElementTypeFor):
(WebCore::CSSSelector::pseudoId): Deleted.
* Source/WebCore/css/CSSSelector.h:
* Source/WebCore/css/SelectorChecker.cpp:
(WebCore::SelectorChecker::CheckingContext::setRequestedPseudoElement):
(WebCore::SelectorChecker::CheckingContext::requestedPseudoElement const):
(WebCore::SelectorChecker::match const):
(WebCore::SelectorChecker::matchHostPseudoClass const):
(WebCore::hasViewTransitionPseudoElement):
(WebCore::hasScrollbarPseudoElement):
(WebCore::SelectorChecker::matchRecursively const):
(WebCore::SelectorChecker::checkOne const):
(WebCore::SelectorChecker::matchSelectorList const):
(WebCore::SelectorChecker::matchHasPseudoClass const):
(WebCore::SelectorChecker::checkViewTransitionPseudoClass const):
* Source/WebCore/css/SelectorChecker.h:
* Source/WebCore/css/parser/CSSSelectorParser.cpp:
(WebCore::pseudoElementIdentifierFor):
(WebCore::CSSSelectorParser::parsePseudoElement):
* Source/WebCore/cssjit/SelectorCompiler.cpp:
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateRequestedPseudoElementEqualsToSelectorPseudoElement):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateMarkPseudoStyleForPseudoElement):
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::styleForElementIgnoringPendingStylesheets):
* Source/WebCore/dom/Element.cpp:
(WebCore::beforeOrAfterPseudoElement):
(WebCore::Element::computedStyle):
(WebCore::Element::ensurePseudoElement):
(WebCore::Element::pseudoElementIfExists):
* Source/WebCore/dom/Element.h:
* Source/WebCore/dom/ElementInlines.h:
(WebCore::isInTopLayerOrBackdrop):
* Source/WebCore/dom/Node.h:
* Source/WebCore/dom/NodeInlines.h:
(WebCore::Node::isBeforePseudoElement const):
(WebCore::Node::isAfterPseudoElement const):
(WebCore::Node::pseudoElementType const):
(WebCore::Node::pseudoElementIdentifier const):
(WebCore::Node::pseudoId const): Deleted.
* Source/WebCore/dom/PseudoElement.cpp:
(WebCore::PseudoElement::PseudoElement):
(WebCore::m_pseudoElementType):
(WebCore::PseudoElement::create):
(WebCore::PseudoElement::rendererIsNeeded):
(WebCore::m_pseudoId): Deleted.
* Source/WebCore/dom/PseudoElement.h:
* Source/WebCore/dom/ViewTransition.cpp:
(WebCore::ViewTransition::handleTransitionFrame):
(WebCore::ViewTransition::updatePseudoElementRenderers):
(WebCore::ViewTransition::viewTransitionNewPseudoForCapturedElement):
* Source/WebCore/inspector/agents/InspectorCSSAgent.cpp:
(WebCore::InspectorCSSAgent::protocolValueForPseudoId):
(WebCore::InspectorCSSAgent::getMatchedStylesForNode):
* Source/WebCore/inspector/agents/InspectorCSSAgent.h:
* Source/WebCore/inspector/agents/InspectorDOMAgent.cpp:
(WebCore::elementToPushForStyleable):
(WebCore::InspectorDOMAgent::pushStyleablePathToFrontend):
(WebCore::InspectorDOMAgent::highlightSelector):
(WebCore::pseudoElementType):
(WebCore::InspectorDOMAgent::buildObjectForNode):
* Source/WebCore/inspector/agents/InspectorLayerTreeAgent.cpp:
(WebCore::InspectorLayerTreeAgent::buildObjectForLayer):
* Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp:
(WebCore::Layout::LineBuilder::adjustLineRectForInitialLetterIfApplicable):
*
Source/WebCore/layout/formattingContexts/inline/invalidation/InlineInvalidation.cpp:
(WebCore::Layout::InlineInvalidation::rootStyleWillChange):
* Source/WebCore/layout/integration/inline/LayoutIntegrationLineLayout.cpp:
(WebCore::LayoutIntegration::shouldInvalidateLineLayoutAfterChangeFor):
(WebCore::LayoutIntegration::LineLayout::updateRenderTreePositions):
* Source/WebCore/page/LocalFrameView.cpp:
(WebCore::LocalFrameView::styleHidesScrollbarWithOrientation const):
(WebCore::LocalFrameView::updateScrollCorner):
* Source/WebCore/rendering/MarkedText.cpp:
(WebCore::MarkedText::collectForHighlights):
* Source/WebCore/rendering/RenderBlock.cpp:
(WebCore::RenderBlock::nodeForHitTest const):
(WebCore::findFirstLetterBlock):
(WebCore::RenderBlock::debugDescription const):
* Source/WebCore/rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::adjustForUnsplittableChild):
(WebCore::RenderBlockFlow::computeLogicalLocationForFloat):
(WebCore::RenderBlockFlow::lowestInitialLetterLogicalBottom const):
* Source/WebCore/rendering/RenderBox.cpp:
(WebCore::RenderBox::imageChanged):
(WebCore::RenderBox::isUnsplittableForPagination const):
* Source/WebCore/rendering/RenderBoxModelObject.h:
* Source/WebCore/rendering/RenderCounter.cpp:
(WebCore::planCounter):
(WebCore::RenderCounter::updateCounter):
* Source/WebCore/rendering/RenderElement.cpp:
(WebCore::RenderElement::firstLineStyle const):
(WebCore::RenderElement::styleDidChange):
(WebCore::RenderElement::willBeDestroyed):
(WebCore::RenderElement::getCachedPseudoStyle const):
(WebCore::RenderElement::getUncachedPseudoStyle const):
(WebCore::RenderElement::textSegmentPseudoStyle const):
(WebCore::RenderElement::selectionPseudoStyle const):
(WebCore::RenderElement::spellingErrorPseudoStyle const):
(WebCore::RenderElement::grammarErrorPseudoStyle const):
(WebCore::RenderElement::targetTextPseudoStyle const):
(WebCore::RenderElement::isViewTransitionRoot const):
* Source/WebCore/rendering/RenderElement.h:
(WebCore::RenderElement::isViewTransitionContainer const):
* Source/WebCore/rendering/RenderElementInlines.h:
(WebCore::RenderElement::isBeforeContent const):
(WebCore::RenderElement::isAfterContent const):
* Source/WebCore/rendering/RenderInline.cpp:
(WebCore::RenderInline::clippedOverflowRect const):
* Source/WebCore/rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::RenderLayerBacking):
(WebCore::RenderLayerBacking::shouldClipCompositedBounds const):
* Source/WebCore/rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::collectViewTransitionNewContentLayers):
(WebCore::RenderLayerCompositor::clipsCompositingDescendants):
* Source/WebCore/rendering/RenderLayerScrollableArea.cpp:
(WebCore::RenderLayerScrollableArea::updateScrollCornerStyle):
(WebCore::RenderLayerScrollableArea::updateResizerStyle):
* Source/WebCore/rendering/RenderListItem.cpp:
(WebCore::RenderListItem::computeMarkerStyle const):
* Source/WebCore/rendering/RenderReplaced.cpp:
(WebCore::RenderReplaced::calculateHighlightColor const):
* Source/WebCore/rendering/RenderScrollbar.cpp:
(WebCore::RenderScrollbar::getScrollbarPseudoStyle const):
(WebCore::pseudoForScrollbarPart):
* Source/WebCore/rendering/RenderScrollbar.h:
* Source/WebCore/rendering/RenderTextFragment.cpp:
(WebCore::RenderTextFragment::blockForAccompanyingFirstLetter):
* Source/WebCore/rendering/RenderViewTransitionCapture.cpp:
(WebCore::RenderViewTransitionCapture::updateFromStyle):
(WebCore::RenderViewTransitionCapture::paintsContent const):
(WebCore::RenderViewTransitionCapture::debugDescription const):
* Source/WebCore/rendering/StyledMarkedText.cpp:
(WebCore::resolveStyleForMarkedText):
* Source/WebCore/rendering/TextAutoSizing.cpp:
(WebCore::cloneRenderStyleWithState):
(WebCore::TextAutoSizingValue::adjustTextNodeSizes):
* Source/WebCore/rendering/TextDecorationPainter.cpp:
(WebCore::collectStylesForRenderer):
(WebCore::TextDecorationPainter::stylesForRenderer):
* Source/WebCore/rendering/TextDecorationPainter.h:
(WebCore::TextDecorationPainter::stylesForRenderer):
* Source/WebCore/rendering/style/RenderStyle.cpp:
(WebCore::RenderStyle::createStyleInheritingFromPseudoStyle):
(WebCore::RenderStyle::changeRequiresLayout const):
* Source/WebCore/rendering/style/RenderStyle.h:
* Source/WebCore/rendering/style/RenderStyleConstants.cpp:
(WebCore::operator<<):
* Source/WebCore/rendering/style/RenderStyleConstants.h:
(WebCore::parentPseudoElement):
* Source/WebCore/rendering/style/RenderStyleInlines.h:
(WebCore::RenderStyle::hasUsedContentNone const):
(WebCore::RenderStyle::hasPseudoStyle const):
(WebCore::RenderStyle::pseudoElementType const):
(WebCore::RenderStyle::usesLegacyScrollbarStyle const):
(WebCore::RenderStyle::NonInheritedFlags::hasPseudoStyle const):
* Source/WebCore/rendering/style/RenderStyleSetters.h:
(WebCore::RenderStyle::setHasPseudoStyles):
(WebCore::RenderStyle::NonInheritedFlags::setHasPseudoStyles):
(WebCore::RenderStyle::setPseudoElementIdentifier):
* Source/WebCore/rendering/svg/SVGTextBoxPainter.cpp:
(WebCore::SVGTextBoxPainter<TextBoxPath>::paint):
* Source/WebCore/rendering/updating/RenderTreeBuilderFirstLetter.cpp:
(WebCore::styleForFirstLetter):
(WebCore::RenderTreeBuilder::FirstLetter::updateAfterDescendants):
* Source/WebCore/rendering/updating/RenderTreeUpdater.cpp:
(WebCore::RenderTreeUpdater::updateBeforeDescendants):
(WebCore::RenderTreeUpdater::updateAfterDescendants):
(WebCore::RenderTreeUpdater::tearDownRenderers):
* Source/WebCore/rendering/updating/RenderTreeUpdaterGeneratedContent.cpp:
(WebCore::keyframeEffectStackForPseudoElement):
(WebCore::needsPseudoElementForAnimation):
(WebCore::createContentRenderers):
(WebCore::RenderTreeUpdater::GeneratedContent::updateBeforeOrAfterPseudoElement):
(WebCore::RenderTreeUpdater::GeneratedContent::updateBackdropRenderer):
(WebCore::RenderTreeUpdater::GeneratedContent::updateWritingSuggestionsRenderer):
(WebCore::keyframeEffectStackForElementAndPseudoId): Deleted.
* Source/WebCore/rendering/updating/RenderTreeUpdaterGeneratedContent.h:
* Source/WebCore/rendering/updating/RenderTreeUpdaterViewTransition.cpp:
(WebCore::RenderTreeUpdater::ViewTransition::updatePseudoElementTree):
(WebCore::createRendererIfNeeded):
(WebCore::RenderTreeUpdater::ViewTransition::buildPseudoElementGroup):
(WebCore::RenderTreeUpdater::ViewTransition::updatePseudoElementGroup):
* Source/WebCore/style/AnchorPositionEvaluator.cpp:
(WebCore::Style::AnchorPositionEvaluator::findAnchorForAnchorFunctionAndAttemptResolution):
(WebCore::Style::AnchorPositionEvaluator::keyForElementOrPseudoElement):
(WebCore::Style::AnchorPositionEvaluator::isImplicitAnchor):
* Source/WebCore/style/ElementRuleCollector.cpp:
(WebCore::Style::ElementRuleCollector::ruleMatches):
(WebCore::Style::ElementRuleCollector::addAuthorKeyframeRules):
* Source/WebCore/style/ElementRuleCollector.h:
(WebCore::Style::ElementRuleCollector::matchedPseudoElements const):
(WebCore::Style::ElementRuleCollector::matchedPseudoElementIds const):
Deleted.
* Source/WebCore/style/MatchedDeclarationsCache.cpp:
(WebCore::Style::MatchedDeclarationsCache::isCacheable):
* Source/WebCore/style/PropertyAllowlist.cpp:
(WebCore::Style::propertyAllowlistForPseudoElement):
(WebCore::Style::propertyAllowlistForPseudoId): Deleted.
* Source/WebCore/style/PropertyAllowlist.h:
* Source/WebCore/style/PseudoElementIdentifier.h:
(WebCore::Style::add):
(WebCore::Style::operator<<):
(WebCore::Style::isNamedViewTransitionPseudoElement):
* Source/WebCore/style/PseudoElementRequest.h:
(WebCore::Style::PseudoElementRequest::PseudoElementRequest):
(WebCore::Style::PseudoElementRequest::type const):
(WebCore::Style::PseudoElementRequest::pseudoId const): Deleted.
* Source/WebCore/style/RuleData.cpp:
(WebCore::Style::determinePropertyAllowlist):
* Source/WebCore/style/StylableInlines.h:
(WebCore::Styleable::fromElement):
* Source/WebCore/style/StyleAdjuster.cpp:
(WebCore::Style::Adjuster::adjustFirstLetterStyle):
(WebCore::Style::Adjuster::adjustDisplayContentsStyle const):
(WebCore::Style::Adjuster::adjustVisibilityForPseudoElement):
* Source/WebCore/style/StyleBuilderState.cpp:
(WebCore::Style::BuilderState::registerContentAttribute):
* Source/WebCore/style/StyleChange.cpp:
(WebCore::Style::determineChanges):
* Source/WebCore/style/StylePendingResources.cpp:
(WebCore::Style::loadPendingResources):
* Source/WebCore/style/StyleResolver.cpp:
(WebCore::Style::Resolver::unadjustedStyleForElement):
(WebCore::Style::Resolver::styleForPseudoElement):
* Source/WebCore/style/StyleTreeResolver.cpp:
(WebCore::Style::TreeResolver::resolveElement):
(WebCore::Style::TreeResolver::resolvePseudoElement):
(WebCore::Style::TreeResolver::resolveAncestorPseudoElement):
(WebCore::Style::TreeResolver::resolveAncestorFirstLinePseudoElement):
(WebCore::Style::TreeResolver::resolveAncestorFirstLetterPseudoElement):
(WebCore::Style::TreeResolver::makeResolutionContextForPseudoElement):
(WebCore::Style::TreeResolver::makeResolutionContextForInheritedFirstLine):
(WebCore::Style::TreeResolver::updateAnchorPositioningState):
* Source/WebCore/style/Styleable.cpp:
(WebCore::Styleable::fromRenderer):
(WebCore::Styleable::renderer const):
* Source/WebCore/testing/Internals.cpp:
(WebCore::Internals::highlightPseudoElementColor):
Canonical link: https://commits.webkit.org/301770@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: f62516e4ddb4231301f509b4beca6f8482708ea3
https://github.com/WebKit/WebKit/commit/f62516e4ddb4231301f509b4beca6f8482708ea3
Author: Dan Robson <[email protected]>
Date: 2025-11-07 (Fri, 07 Nov 2025)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7
Canonical link: https://commits.webkit.org/[email protected]
Commit: eeb3f507839bb9c98bb0bfe05c8bae64fafb48da
https://github.com/WebKit/WebKit/commit/eeb3f507839bb9c98bb0bfe05c8bae64fafb48da
Author: Etienne Segonzac <[email protected]>
Date: 2025-11-07 (Fri, 07 Nov 2025)
Changed paths:
M
Source/WebCore/Modules/modern-media-controls/controls/vision-media-controls.css
Log Message:
-----------
Cherry-pick 9f59450b5e42. rdar://164260926
[visionOS] Fullscreen button doesn't glow on inline video controls, making
it hard to interact with
https://bugs.webkit.org/show_bug.cgi?id=301279
<rdar://154940919>
Reviewed by Abrar Rahman Protyasha.
Expand the original fix for the overflow button to apply to all circular
buttons in visionOS media controls.
*
Source/WebCore/Modules/modern-media-controls/controls/vision-media-controls.css:
(.media-controls.vision .controls-bar.simple-layout.top-right > .overflow):
(.media-controls.vision button.circular):
Canonical link: https://commits.webkit.org/302014@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 3530dd94fe342b5466e1afa40d94b6da8bed5e5e
https://github.com/WebKit/WebKit/commit/3530dd94fe342b5466e1afa40d94b6da8bed5e5e
Author: Etienne Segonzac <[email protected]>
Date: 2025-11-07 (Fri, 07 Nov 2025)
Changed paths:
M Source/WebKit/UIProcess/API/Cocoa/WKPreferences.h
M Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm
Log Message:
-----------
Cherry-pick a15efb377c26. rdar://163950129
[visionOS] Upstream the `isLookToScrollEnabled` API
https://bugs.webkit.org/show_bug.cgi?id=301636
<rdar://163596987>
Reviewed by Tim Horton.
Moving this property from the internal repository since it has shipped.
* Source/WebKit/UIProcess/API/Cocoa/WKPreferences.h:
* Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm:
(-[WKPreferences setIsLookToScrollEnabled:]):
(-[WKPreferences isLookToScrollEnabled]):
Canonical link: https://commits.webkit.org/302348@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: aaeb0587920576e7ae8a3a07d77dae71216b22a3
https://github.com/WebKit/WebKit/commit/aaeb0587920576e7ae8a3a07d77dae71216b22a3
Author: Razvan Caliman <[email protected]>
Date: 2025-11-07 (Fri, 07 Nov 2025)
Changed paths:
M
Source/WebInspectorUI/UserInterface/Protocol/Legacy/iOS/26.0/InspectorBackendCommands.js
A
Source/WebInspectorUI/UserInterface/Protocol/Legacy/iOS/26.2/InspectorBackendCommands.js
M
Source/WebInspectorUI/UserInterface/Protocol/Legacy/macOS/26.0/InspectorBackendCommands.js
A
Source/WebInspectorUI/UserInterface/Protocol/Legacy/macOS/26.2/InspectorBackendCommands.js
M Source/WebInspectorUI/Versions/Inspector-iOS-26.0.json
A Source/WebInspectorUI/Versions/Inspector-iOS-26.2.json
M Source/WebInspectorUI/Versions/Inspector-macOS-26.0.json
A Source/WebInspectorUI/Versions/Inspector-macOS-26.2.json
Log Message:
-----------
Cherry-pick 8f97d9a80cab. rdar://164264439
Web Inspector: Add Versioned Protocol for iOS 26.2 and macOS 26.2
https://bugs.webkit.org/show_bug.cgi?id=301943
rdar://156926409
Reviewed by BJ Burg.
Snapshot of protocol changes since 26.0
Also, retroactively updates 26.0 snapshot with changes that shipped in that
release.
*
Source/WebInspectorUI/UserInterface/Protocol/Legacy/iOS/26.0/InspectorBackendCommands.js:
*
Source/WebInspectorUI/UserInterface/Protocol/Legacy/iOS/26.2/InspectorBackendCommands.js:
Copied from
Source/WebInspectorUI/UserInterface/Protocol/Legacy/iOS/26.0/InspectorBackendCommands.js.
*
Source/WebInspectorUI/UserInterface/Protocol/Legacy/macOS/26.0/InspectorBackendCommands.js:
*
Source/WebInspectorUI/UserInterface/Protocol/Legacy/macOS/26.2/InspectorBackendCommands.js:
Copied from
Source/WebInspectorUI/UserInterface/Protocol/Legacy/macOS/26.0/InspectorBackendCommands.js.
* Source/WebInspectorUI/Versions/Inspector-iOS-26.0.json:
* Source/WebInspectorUI/Versions/Inspector-iOS-26.2.json: Copied from
Source/WebInspectorUI/Versions/Inspector-iOS-26.0.json.
* Source/WebInspectorUI/Versions/Inspector-macOS-26.0.json:
* Source/WebInspectorUI/Versions/Inspector-macOS-26.2.json: Copied from
Source/WebInspectorUI/Versions/Inspector-macOS-26.0.json.
Canonical link: https://commits.webkit.org/302555@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 52ba1d802ec057c758b671bf1c6b9d47a4b60acf
https://github.com/WebKit/WebKit/commit/52ba1d802ec057c758b671bf1c6b9d47a4b60acf
Author: Jessica Lee <[email protected]>
Date: 2025-11-07 (Fri, 07 Nov 2025)
Changed paths:
M Source/WebKitLegacy/mac/WebView/WebView.mm
Log Message:
-----------
Cherry-pick cfc6df9eb93c. rdar://164022564
WebView willStartRenderingUpdateDisplay crashes when _private->page is null
https://bugs.webkit.org/show_bug.cgi?id=302069
rdar://164022564
Reviewed by Chris Dumez and Ryosuke Niwa.
In the function WebView::_willStartRenderingUpdateDisplay (in
WebkitLegacy), the page can become null between when it is originally
null-checked if (_private->page) and when willStartRenderingUpdateDisplay
starts executing. This is due to an increased delay from WebThreadLock();
We should move WebThreadLock() before page->willStartRenderingUpdateDisplay
starts executing so that the page cannot be manipulated by the WebThread before
page->willStartRenderingUpdateDisplay runs.
* Source/WebKitLegacy/mac/WebView/WebView.mm:
(-[WebView _willStartRenderingUpdateDisplay]):
Identifier: 301765.266@safari-7623-branch
Canonical link: https://commits.webkit.org/[email protected]
Commit: e74507ac722c7f8910d8a0dcf26afbee8b6d2c68
https://github.com/WebKit/WebKit/commit/e74507ac722c7f8910d8a0dcf26afbee8b6d2c68
Author: Ben Nham <[email protected]>
Date: 2025-11-07 (Fri, 07 Nov 2025)
Changed paths:
M Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm
M Source/WebKit/UIProcess/API/Cocoa/WKProcessPoolPrivate.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebProcessPool.h
Log Message:
-----------
Cherry-pick 0300d4826f85. rdar://164196747
Make PLT debounce interval configurable
https://bugs.webkit.org/show_bug.cgi?id=302115
rdar://164196747
Reviewed by Ryosuke Niwa.
When running PLT, there is a parameter that controls the amount of time
that the main thread waits
after the last handled network request before declaring the page load done.
Currently customizing
this requires recompiling. We should be able to change this with a
preference instead.
* Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm:
(-[WKProcessPool _setPLTResourceDelayIntervalForTesting:]):
* Source/WebKit/UIProcess/API/Cocoa/WKProcessPoolPrivate.h:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::generatePageLoadTimingSoonImpl):
* Source/WebKit/UIProcess/WebProcessPool.h:
Canonical link: https://commits.webkit.org/302707@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 72a5b6651eafd5d842a18bfe33ecc5cbe3c0b9c8
https://github.com/WebKit/WebKit/commit/72a5b6651eafd5d842a18bfe33ecc5cbe3c0b9c8
Author: Kimmo Kinnunen <[email protected]>
Date: 2025-11-07 (Fri, 07 Nov 2025)
Changed paths:
M Source/ThirdParty/ANGLE/src/libANGLE/capture/capture_gles_2_0_params.cpp
M Source/ThirdParty/ANGLE/src/libANGLE/formatutils.cpp
M Source/ThirdParty/ANGLE/src/libANGLE/formatutils.h
M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/FramebufferD3D.cpp
M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d11/Image11.cpp
M
Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d11/TextureStorage11.cpp
M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/FramebufferGL.cpp
M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/TextureGL.cpp
M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/FrameBufferMtl.mm
M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/TextureMtl.mm
M Source/ThirdParty/ANGLE/src/libANGLE/renderer/null/FramebufferNULL.cpp
M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/vk_helpers.cpp
M Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/TextureWgpu.cpp
M Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/wgpu_helpers.cpp
M Source/ThirdParty/ANGLE/src/tests/gl_tests/TextureTest.cpp
Log Message:
-----------
Cherry-pick 02d2cd92abb8. rdar://164155603
ANGLE: Avoid using UNPACK_SKIP_IMAGES, UNPACK_IMAGE_HEIGHT for non-3d
textures <rdar://164155603>
Reviewed by Mike Wyrzykowski.
Avoid using UNPACK_SKIP_IMAGES, UNPACK_IMAGE_HEIGHT when uploading
textures with TexImage2D. The UNPACK_IMAGE_HEIGHT was being
being used in Metal texture uploads even when slices was == 1. This
causes validation failure. During TexImage2D the values are not
validated at ANGLE validation level since they are not supposed to
affect anything.
Consider pattern:
formatInfo.computeRowPitch(type, area.width, unpack.alignment,
unpack.rowLength, &rowPitch);
formatInfo.computeDepthPitch(area.height, unpack.imageHeight,
sourceRowPitch, &depthPitch);
formatInfo.computeSkipBytes(type, sourceRowPitch, sourceDepthPitch,
unpack, index.usesTex3D(), &sourceSkipBytes);
Computing the depthPitch would not take into account wheter the
originating command was Tex*Image2D or Tex*Image3D. It would
unconditionally use UNPACK_SKIP_IMAGES, UNPACK_IMAGE_HEIGHT.
The computed depthPitch would then be used to size buffers, read amounts
and write amounts by the implementations.
Combine the pattern to InternalFormat::computeRowDepthSkipBytes(...)
call that uses PixelUnpackState::imageHeight,
PixelUnpackState::imageSkip only for 3D texture uploads.
Compine the pack buffer parameter resolution logic other to function:
InternalFormat::computeRowSkipBytes(..., PixelPackState&,...).
* Source/ThirdParty/ANGLE/src/libANGLE/Context.cpp:
(gl::Context::texImage2D):
* Source/ThirdParty/ANGLE/src/libANGLE/capture/capture_gles_2_0_params.cpp:
(gl::CaptureTexImage2D_pixels):
* Source/ThirdParty/ANGLE/src/libANGLE/formatutils.cpp:
(gl::InternalFormat::computeRowDepthSkipBytes const):
(gl::InternalFormat::computeSkipBytes const):
(gl::InternalFormat::computePackUnpackEndByte const):
* Source/ThirdParty/ANGLE/src/libANGLE/formatutils.h:
* Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d11/Image11.cpp:
(rx::Image11::loadData):
* Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/TextureGL.cpp:
(rx::TextureGL::setSubImageRowByRowWorkaround):
* Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/TextureMtl.mm:
(rx::TextureMtl::setSubImageImpl):
* Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/vk_helpers.cpp:
(rx::vk::ImageHelper::calculateBufferInfo):
Change-Id: Iefac5156412787709ee577a9a71f19a480778e78
Identifier: 301765.268@safari-7623-branch
Canonical link: https://commits.webkit.org/[email protected]
Commit: fd92e7c623d87f008e242d461db7515cf8e4b528
https://github.com/WebKit/WebKit/commit/fd92e7c623d87f008e242d461db7515cf8e4b528
Author: Dan Robson <[email protected]>
Date: 2025-11-10 (Mon, 10 Nov 2025)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7
Canonical link: https://commits.webkit.org/[email protected]
Commit: 97936d2f0cab10552b902ece32363774266a0e46
https://github.com/WebKit/WebKit/commit/97936d2f0cab10552b902ece32363774266a0e46
Author: Tyler Wilcock <[email protected]>
Date: 2025-11-10 (Mon, 10 Nov 2025)
Changed paths:
M Source/WebCore/accessibility/AXObjectCache.cpp
M Source/WebCore/accessibility/AXObjectCache.h
M Source/WebCore/accessibility/atspi/AXObjectCacheAtspi.cpp
M Source/WebCore/accessibility/ios/AXObjectCacheIOS.mm
M Source/WebCore/accessibility/mac/AXObjectCacheMac.mm
M Source/WebCore/accessibility/playstation/AXObjectCachePlayStation.cpp
M Source/WebCore/accessibility/win/AXObjectCacheWin.cpp
Log Message:
-----------
Cherry-pick 1523cf6f4b3c. rdar://164354898
AX: frameLoadingEventNotification calls getOrCreate even when it's
unnecessary and potentially unsafe (e.g. when layout is dirty)
https://bugs.webkit.org/show_bug.cgi?id=302035
rdar://164059225
Reviewed by Joshua Hoffman.
On Cocoa ports, we have found CheckedPtr crashes stemming from the
getOrCreate(RenderObject&) performed by:
FrameLoader::prepareForLoadStart() ->
AXObjectCache::frameLoadingEventNotification
This probably means layout is dirty when we're calling this getOrCreate,
but I can't say for sure because I haven't been
able to reproduce this crash. Workaround the issue for now by avoiding the
getOrCreate if the AXLoadingEvent type is
one that the platform is going to ignore anyways.
* Source/WebCore/accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::frameLoadingEventNotification):
* Source/WebCore/accessibility/AXObjectCache.h:
* Source/WebCore/accessibility/atspi/AXObjectCacheAtspi.cpp:
(WebCore::AXObjectCache::frameLoadingEventPlatformNotification):
* Source/WebCore/accessibility/ios/AXObjectCacheIOS.mm:
(WebCore::AXObjectCache::frameLoadingEventPlatformNotification):
* Source/WebCore/accessibility/mac/AXObjectCacheMac.mm:
(WebCore::AXObjectCache::frameLoadingEventPlatformNotification):
* Source/WebCore/accessibility/playstation/AXObjectCachePlayStation.cpp:
(WebCore::AXObjectCache::frameLoadingEventPlatformNotification):
* Source/WebCore/accessibility/win/AXObjectCacheWin.cpp:
(WebCore::AXObjectCache::frameLoadingEventPlatformNotification):
Canonical link: https://commits.webkit.org/302668@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: b461893d40a753f834b55c8b312a0c181f3a6eb2
https://github.com/WebKit/WebKit/commit/b461893d40a753f834b55c8b312a0c181f3a6eb2
Author: Sihui Liu <[email protected]>
Date: 2025-11-10 (Mon, 10 Nov 2025)
Changed paths:
M Source/WebCore/loader/archive/cf/LegacyWebArchive.cpp
M Source/WebCore/loader/archive/cf/LegacyWebArchive.h
M Source/WebKitLegacy/mac/WebView/WebArchive.mm
Log Message:
-----------
Cherry-pick 581d4c4b6449. rdar://164354705
Null pointer dereference in LegacyWebArchive::protectedMainResource()
https://bugs.webkit.org/show_bug.cgi?id=302063
rdar://164088405
Reviewed by Ryosuke Niwa and Anne van Kesteren.
Archive::mainResource() can return nullptr and
LegacyWebArchive::protectedMainResource() currently defererences it
without null check, so we are seeing crashes. However, LegacyWebArchive
should not be created with null main resource,
as it cannot be loaded anyways. So instead of adding null check in
protectedMainResource(), this patch fixes the crash
by ensuring LegacyWebArchive is always created non-null main resource:
LegacyWebArchive::create*() functions now returns
nullptr instead of default LegacyWebArchive object on error.
* Source/WebCore/loader/archive/cf/LegacyWebArchive.cpp:
(WebCore::LegacyWebArchive::create):
(WebCore::LegacyWebArchive::createInternal):
(WebCore::LegacyWebArchive::extract): Deleted.
* Source/WebCore/loader/archive/cf/LegacyWebArchive.h:
* Source/WebKitLegacy/mac/WebView/WebArchive.mm:
(-[WebArchivePrivate init]):
Canonical link: https://commits.webkit.org/302691@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: da4b76329b8f9d7372f528971d4e5b45e47b3bad
https://github.com/WebKit/WebKit/commit/da4b76329b8f9d7372f528971d4e5b45e47b3bad
Author: Abrar Rahman Protyasha <[email protected]>
Date: 2025-11-10 (Mon, 10 Nov 2025)
Changed paths:
M Source/WebCore/page/EventHandler.cpp
Log Message:
-----------
Cherry-pick a41d14417920. rdar://164366267
REGRESSION(299567@main): Web content process sometimes crashes under
WebPage::didDispatchClickEvent()
https://bugs.webkit.org/show_bug.cgi?id=302199
rdar://164271251
Reviewed by Wenson Hsieh.
In 299567@main, swallowAnyClickEvent was changed to allow execution when
nodeToClick is null but m_clickCaptureElement is set, to properly handle
click events during pointer capture. However, the function unconditionally
dereferenced nodeToClick when calling didDispatchClickEvent, leading to
crashes when clicking with pointer capture active but no node under the
pointer.
The fix introduces a dispatchNode variable that is set to nodeToClick when
available (since it represents the actual physical click location needed
for touch event synthesis), or falls back to clickCaptureElement otherwise.
The call to didDispatchClickEvent is now guarded to only occur when
dispatchNode is non-null.
I was unable to produce an automated test to reproduce the crash. It
seems there is a right timing window we must thread between setting
pointer capture, removing the hit tested node, and dispatching a new
click event to the pointer captured node on a successive tap.
* Source/WebCore/page/EventHandler.cpp:
(WebCore::EventHandler::swallowAnyClickEvent):
Canonical link: https://commits.webkit.org/302771@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: a2d995d6f25a5a334c7d602d375ebd7a72cee3fe
https://github.com/WebKit/WebKit/commit/a2d995d6f25a5a334c7d602d375ebd7a72cee3fe
Author: Taher Ali <[email protected]>
Date: 2025-11-10 (Mon, 10 Nov 2025)
Changed paths:
M LayoutTests/TestExpectations
M
LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/animations/border-width-interpolation-expected.txt
R
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/border-image-width-expected.html
R
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/border-image-width-ref.html
R
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/border-image-width.html
R
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/border-width-expected.html
R
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/border-width-ref.html
R
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/border-width.html
R
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/mask-border-width-expected.html
R
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/mask-border-width-ref.html
R
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/mask-border-width.html
M
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/svg-computed-style-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/svg-computed-style.html
M Source/WebCore/layout/formattingContexts/FormattingGeometry.cpp
M Source/WebCore/layout/formattingContexts/block/BlockFormattingGeometry.cpp
M Source/WebCore/layout/formattingContexts/inline/InlineLevelBox.h
M Source/WebCore/layout/integration/LayoutIntegrationBoxGeometryUpdater.cpp
M Source/WebCore/page/LocalFrameView.cpp
M Source/WebCore/page/SpatialNavigation.cpp
M Source/WebCore/rendering/BorderEdge.cpp
M Source/WebCore/rendering/BorderPainter.cpp
M Source/WebCore/rendering/BorderShape.cpp
M Source/WebCore/rendering/NinePieceImagePainter.cpp
M Source/WebCore/rendering/RenderBoxModelObjectInlines.h
M Source/WebCore/rendering/RenderElement.cpp
M Source/WebCore/rendering/RenderImage.cpp
M Source/WebCore/rendering/RenderMultiColumnSet.cpp
M Source/WebCore/rendering/RenderTable.cpp
M Source/WebCore/rendering/RenderTableCell.cpp
M Source/WebCore/rendering/RenderTableCell.h
M Source/WebCore/rendering/RenderTableSection.cpp
M Source/WebCore/rendering/RenderTheme.cpp
M Source/WebCore/rendering/TextAutoSizing.cpp
M Source/WebCore/rendering/cocoa/RenderThemeCocoa.mm
M Source/WebCore/rendering/ios/RenderThemeIOS.mm
M Source/WebCore/rendering/style/CollapsedBorderValue.h
M Source/WebCore/rendering/style/RenderStyle.cpp
M Source/WebCore/rendering/style/RenderStyle.h
M Source/WebCore/rendering/style/RenderStyleInlines.h
M Source/WebCore/rendering/style/StyleRareInheritedData.cpp
M Source/WebCore/rendering/style/StyleRareInheritedData.h
M Source/WebCore/rendering/svg/SVGRenderSupport.cpp
M Source/WebCore/style/StyleAdjuster.cpp
M Source/WebCore/style/StyleResolveForDocument.cpp
M Source/WebCore/style/values/backgrounds/StyleBorderImageWidth.h
M Source/WebCore/style/values/backgrounds/StyleLineWidth.cpp
M Source/WebCore/style/values/backgrounds/StyleLineWidth.h
M Source/WebCore/style/values/masking/StyleMaskBorderWidth.h
M Source/WebCore/style/values/primitives/StyleZoomPrimitives.h
M Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm
M Source/WebKitLegacy/mac/DOM/DOM.mm
Log Message:
-----------
Cherry-pick ae7fb5405090. rdar://164266574
REGRESSION(301536@main): Speedometer3, MotionMark regression.
rdar://164266574
Reviewed by Brent Fulgham.
This reverts commit c38095e as it's cuasing perf regression.
* LayoutTests/TestExpectations:
*
LayoutTests/imported/w3c/web-platform-tests/css/css-backgrounds/animations/border-width-interpolation-expected.txt:
*
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/border-image-width-expected.html:
Removed.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/border-image-width-ref.html:
Removed.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/border-image-width.html:
Removed.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/border-width-expected.html:
Removed.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/border-width-ref.html:
Removed.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/border-width.html:
Removed.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/mask-border-width-expected.html:
Removed.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/mask-border-width-ref.html:
Removed.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/mask-border-width.html:
Removed.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/svg-computed-style-expected.txt:
*
LayoutTests/imported/w3c/web-platform-tests/css/css-viewport/zoom/svg-computed-style.html:
* Source/WebCore/layout/formattingContexts/FormattingGeometry.cpp:
(WebCore::Layout::FormattingGeometry::computedBorder const):
*
Source/WebCore/layout/formattingContexts/block/BlockFormattingGeometry.cpp:
(WebCore::Layout::BlockFormattingGeometry::intrinsicWidthConstraints const):
* Source/WebCore/layout/integration/LayoutIntegrationBoxGeometryUpdater.cpp:
(WebCore::LayoutIntegration::BoxGeometryUpdater::logicalBorder):
* Source/WebCore/page/LocalFrameView.cpp:
(WebCore::LocalFrameView::fixedContainerEdges const):
* Source/WebCore/page/SpatialNavigation.cpp:
(WebCore::nodeRectInAbsoluteCoordinates):
* Source/WebCore/rendering/BorderEdge.cpp:
(WebCore::borderEdges):
(WebCore::borderEdgesForOutline):
* Source/WebCore/rendering/BorderPainter.cpp:
(WebCore::BorderPainter::paintOutline const):
* Source/WebCore/rendering/BorderShape.cpp:
(WebCore::BorderShape::shapeForBorderRect):
* Source/WebCore/rendering/NinePieceImagePainter.cpp:
(WebCore::computeSlice):
(WebCore::computeSlices):
(WebCore::paintNinePieceImage):
* Source/WebCore/rendering/RenderBoxModelObjectInlines.h:
(WebCore::RenderBoxModelObject::borderAfter const):
(WebCore::RenderBoxModelObject::borderBefore const):
(WebCore::RenderBoxModelObject::borderBottom const):
(WebCore::RenderBoxModelObject::borderEnd const):
(WebCore::RenderBoxModelObject::borderLeft const):
(WebCore::RenderBoxModelObject::borderRight const):
(WebCore::RenderBoxModelObject::borderStart const):
(WebCore::RenderBoxModelObject::borderTop const):
(WebCore::RenderBoxModelObject::borderWidths const):
* Source/WebCore/rendering/RenderElement.cpp:
(WebCore::drawFocusRing):
* Source/WebCore/rendering/RenderImage.cpp:
(WebCore::RenderImage::paintAreaElementFocusRing):
* Source/WebCore/rendering/RenderMultiColumnSet.cpp:
(WebCore::RenderMultiColumnSet::paintColumnRules):
* Source/WebCore/rendering/RenderTable.cpp:
(WebCore::RenderTable::calcBorderStart const):
(WebCore::RenderTable::calcBorderEnd const):
(WebCore::RenderTable::outerBorderBefore const):
(WebCore::RenderTable::outerBorderAfter const):
(WebCore::RenderTable::outerBorderStart const):
(WebCore::RenderTable::outerBorderEnd const):
* Source/WebCore/rendering/RenderTableCell.cpp:
(WebCore::emptyBorder):
(WebCore::RenderTableCell::computeCollapsedStartBorder const):
(WebCore::RenderTableCell::computeCollapsedEndBorder const):
(WebCore::RenderTableCell::computeCollapsedBeforeBorder const):
(WebCore::RenderTableCell::computeCollapsedAfterBorder const):
(WebCore::RenderTableCell::emptyBorder const): Deleted.
* Source/WebCore/rendering/RenderTableCell.h:
* Source/WebCore/rendering/RenderTableSection.cpp:
(WebCore::RenderTableSection::calcBlockDirectionOuterBorder const):
(WebCore::RenderTableSection::calcInlineDirectionOuterBorder const):
(WebCore::RenderTableSection::paintRowGroupBorderIfRequired):
(WebCore::RenderTableSection::cachedCollapsedBorder):
* Source/WebCore/rendering/RenderTheme.cpp:
(WebCore::RenderTheme::extractControlStyleForRenderer const):
(WebCore::RenderTheme::adjustButtonOrCheckboxOrColorWellOrInnerSpinButtonOrRadioStyle
const):
* Source/WebCore/rendering/cocoa/RenderThemeCocoa.mm:
(WebCore::RenderThemeCocoa::paintMenuListButtonDecorationsForVectorBasedControls):
* Source/WebCore/rendering/ios/RenderThemeIOS.mm:
(WebCore::RenderThemeIOS::popupInternalPaddingBox const):
(WebCore::RenderThemeIOS::paintMenuListButtonDecorations):
* Source/WebCore/rendering/style/CollapsedBorderValue.h:
(WebCore::CollapsedBorderValue::CollapsedBorderValue):
* Source/WebCore/rendering/style/RenderStyle.cpp:
(WebCore::RenderStyle::imageOutsets const):
(WebCore::RenderStyle::outlineWidth const):
(WebCore::RenderStyle::outlineOffset const):
(WebCore::RenderStyle::outlineSize const):
(WebCore::RenderStyle::setDeviceScaleFactor): Deleted.
* Source/WebCore/rendering/style/RenderStyle.h:
* Source/WebCore/rendering/style/RenderStyleInlines.h:
(WebCore::RenderStyle::usedZoomForLength const):
(WebCore::RenderStyle::deviceScaleFactor const): Deleted.
* Source/WebCore/rendering/style/StyleRareInheritedData.cpp:
(WebCore::StyleRareInheritedData::StyleRareInheritedData):
(WebCore::StyleRareInheritedData::operator== const):
(WebCore::StyleRareInheritedData::dumpDifferences const):
* Source/WebCore/rendering/style/StyleRareInheritedData.h:
* Source/WebCore/rendering/svg/SVGRenderSupport.cpp:
(WebCore::SVGRenderSupport::computeFloatVisibleRectInContainer):
* Source/WebCore/style/StyleResolveForDocument.cpp:
(WebCore::Style::resolveForDocument):
* Source/WebCore/style/values/backgrounds/StyleBorderImageWidth.h:
* Source/WebCore/style/values/backgrounds/StyleLineWidth.cpp:
(WebCore::Style::CSSValueConversion<LineWidth>::operator):
(WebCore::Style::FloatBoxExtent>::operator):
(WebCore::Style::LayoutBoxExtent>::operator):
(WebCore::Style::Serialize<LineWidth>::operator): Deleted.
* Source/WebCore/style/values/backgrounds/StyleLineWidth.h:
(WebCore::Style::LineWidth::LineWidth):
* Source/WebCore/style/values/masking/StyleMaskBorderWidth.h:
* Source/WebCore/style/values/primitives/StyleZoomPrimitives.h:
(WebCore::Style::ZoomFactor::ZoomFactor):
(): Deleted.
* Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::absoluteInteractionBounds):
* Source/WebKitLegacy/mac/DOM/DOM.mm:
(-[DOMNode innerFrameQuad]):
Identifier: 301765.288@safari-7623-branch
Canonical link: https://commits.webkit.org/[email protected]
Commit: 38fa9e772d3bf56635f2232dcb301aef54228a78
https://github.com/WebKit/WebKit/commit/38fa9e772d3bf56635f2232dcb301aef54228a78
Author: Chris Dumez <[email protected]>
Date: 2025-11-10 (Mon, 10 Nov 2025)
Changed paths:
M Source/WebKit/WebProcess/Extensions/WebExtensionContextProxy.cpp
Log Message:
-----------
Cherry-pick acda47626961. rdar://164294666
RELEASE_ASSERT() under WebCore::Page::serviceWorkerGlobalObject
https://bugs.webkit.org/show_bug.cgi?id=302189
rdar://164059424
Reviewed by Youenn Fablet and Timothy Hatcher.
We're hitting an assertion inside Page::serviceWorkerGlobalObject() because
WebExtensions code is calling this function with an isolated world and this
is something we don't support and have never supported.
To address the issue, I am bailing out at the call site when the world is
not the normal one.
* Source/WebKit/WebProcess/Extensions/WebExtensionContextProxy.cpp:
(WebKit::WebExtensionContextProxy::enumerateFramesAndNamespaceObjects):
Canonical link: https://commits.webkit.org/302758@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 2c043bf8163165b97a712c5608d2c14fbccc9540
https://github.com/WebKit/WebKit/commit/2c043bf8163165b97a712c5608d2c14fbccc9540
Author: Chris Dumez <[email protected]>
Date: 2025-11-10 (Mon, 10 Nov 2025)
Changed paths:
M Source/WebCore/page/ResizeObservation.cpp
M Source/WebCore/page/ResizeObserver.cpp
M Source/WebCore/page/ResizeObserverEntry.h
Log Message:
-----------
Cherry-pick a1c0f13ff6a0. rdar://164314918
Regression(301243@main?) Potential null dereference of m_target in
ResizeObservation::computeTargetLocation()
https://bugs.webkit.org/show_bug.cgi?id=302197
rdar://164271295
Reviewed by Ryosuke Niwa.
From the crash, we can tell that we're doing a null dereference of m_target
in ResizeObservation::computeTargetLocation(), m_target being a WeakPtr.
I suspect this is a regression from 301243@main. The targets used to be kept
alive via the `m_activeObservationTargets` Vector, which used to contain
`GCReacheableRef<Element>` types. 301243@main updated the Vector to contain
`WeakPtr<Element>` and then relied on
`JSResizeObserver::visitAdditionalChildren()`
to visit the targets in the Vector. Something must be wrong with the leak
fix in
301243@main. In particular, I think that updating the stack Vectors in
`ResizeObserver::deliverObservations()` to also use WeakPtr instead of
GCReacheableRef
was a mistake. The Vectors seemed useless after 301243@main as they
contained
WeakPtrs and were unused. I think those vectors have to keep using
GCReacheableRef
to make sure the targets and their JS wrappers are kept alive while we
deliver the
observations. We need those vectors on the stack because the function clears
`m_activeObservationTargets` before delivering the observations and thus
`JSResizeObserver::visitAdditionalChildren()` will no longer be able to
visit the
targets on the GC thread.
Because my fix above may be insufficient and is speculative since we do not
have
a reproduction case, I also added a null check in
ResizeObservation::computeTargetLocation()
to avoid the null dereference. I also updated the call site to avoid
constructing a
ResizeObserverEntry for a target that has already been destroyed, since
there
is no point and it may cause trouble later on since the code may expect the
target to be still alive.
* Source/WebCore/page/ResizeObservation.cpp:
(WebCore::ResizeObservation::computeTargetLocation const):
* Source/WebCore/page/ResizeObserver.cpp:
(WebCore::ResizeObserver::deliverObservations):
* Source/WebCore/page/ResizeObserverEntry.h:
(WebCore::ResizeObserverEntry::create):
(WebCore::ResizeObserverEntry::target const):
(WebCore::ResizeObserverEntry::ResizeObserverEntry):
Canonical link: https://commits.webkit.org/302765@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: befbdb67c0d693dadff5dbd6d9996ffae0ab9aac
https://github.com/WebKit/WebKit/commit/befbdb67c0d693dadff5dbd6d9996ffae0ab9aac
Author: Jean-Yves Avenard <[email protected]>
Date: 2025-11-10 (Mon, 10 Nov 2025)
Changed paths:
M
Source/WebCore/platform/mediarecorder/cocoa/MediaRecorderPrivateWriterAVFObjC.h
M
Source/WebCore/platform/mediarecorder/cocoa/MediaRecorderPrivateWriterAVFObjC.mm
Log Message:
-----------
Cherry-pick cbd4da15ac4a. rdar://164414107
Crash: com.apple.WebKit.WebContent at AVFCore: -[AVAssetWriterInputHelper
requestMediaDataWhenReadyOnQueue:usingBlock:]
https://bugs.webkit.org/show_bug.cgi?id=302226
rdar://164271457
Reviewed by Youenn Fablet and Eric Carlson.
Don't attempt to write to the AVAssetWriter when closing when an error
occurred.
From the documentation "Before calling this method, you must ensure that
the receiver is attached to an AVAssetWriter via a prior call to -addInput: and
that -startWriting has been called on the asset writer."
so also add handling to ignore any remaining samples if it's not possible
to use the writer any longer.
*
Source/WebCore/platform/mediarecorder/cocoa/MediaRecorderPrivateWriterAVFObjC.h:
*
Source/WebCore/platform/mediarecorder/cocoa/MediaRecorderPrivateWriterAVFObjC.mm:
(WebCore::MediaRecorderPrivateWriterAVFObjC::addAudioTrack):
(WebCore::MediaRecorderPrivateWriterAVFObjC::addVideoTrack):
(WebCore::MediaRecorderPrivateWriterAVFObjC::allTracksAdded):
(WebCore::MediaRecorderPrivateWriterAVFObjC::close):
Canonical link: https://commits.webkit.org/302779@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: cbabb005ea1b1f6d9ae52e2c97c50f77e8e3c1ab
https://github.com/WebKit/WebKit/commit/cbabb005ea1b1f6d9ae52e2c97c50f77e8e3c1ab
Author: Mohsin Qureshi <[email protected]>
Date: 2025-11-11 (Tue, 11 Nov 2025)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7623.1.14.14.4
Canonical link: https://commits.webkit.org/[email protected]
Commit: b8dad810547afb06cafa35c3bb683b1b4f67cbbb
https://github.com/WebKit/WebKit/commit/b8dad810547afb06cafa35c3bb683b1b4f67cbbb
Author: Eric Carlson <[email protected]>
Date: 2025-11-11 (Tue, 11 Nov 2025)
Changed paths:
M Source/WebCore/Modules/audiosession/DOMAudioSession.cpp
M Source/WebCore/Modules/webaudio/AudioContext.cpp
M Source/WebCore/Modules/webaudio/BaseAudioContext.cpp
M Source/WebCore/Modules/webaudio/BaseAudioContext.h
M Source/WebCore/page/Page.cpp
M Source/WebCore/page/cocoa/PageCocoa.mm
M Source/WebCore/testing/Internals.cpp
M Source/WebCore/testing/Internals.h
M Source/WebCore/testing/Internals.idl
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/NowPlayingControlsTests.mm
Log Message:
-----------
Cherry-pick 8ef994b077c7. rdar://164456277
[Site Isolation] Create MediaSessionManager lazily when possible
https://bugs.webkit.org/show_bug.cgi?id=302283
rdar://163515231
Reviewed by Jer Noble.
Creating the MediaSessionManager has side effects, e.g. registering as the
NowPlaying
application on iOS, so don't create the instance until it is needed.
Test: Tools/TestWebKitAPI/Tests/WebKitCocoa/NowPlayingControlsTests.mm
* Source/WebCore/Modules/audiosession/DOMAudioSession.cpp:
(WebCore::DOMAudioSession::setType):
* Source/WebCore/Modules/webaudio/AudioContext.cpp:
(WebCore::AudioContext::defaultDestinationWillBecomeConnected):
* Source/WebCore/Modules/webaudio/BaseAudioContext.cpp:
(WebCore::BaseAudioContext::setState):
(WebCore::BaseAudioContext::mediaSessionManagerIfExists const):
* Source/WebCore/Modules/webaudio/BaseAudioContext.h:
* Source/WebCore/page/Page.cpp:
(WebCore::Page::setActivityState):
(WebCore::Page::mediaSessionManager):
* Source/WebCore/page/cocoa/PageCocoa.mm:
(WebCore::Page::setPresentingApplicationBundleIdentifier):
* Source/WebCore/testing/Internals.cpp:
(WebCore::Internals::hasMediaSessionManager const):
* Source/WebCore/testing/Internals.h:
* Source/WebCore/testing/Internals.idl:
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::m_toolbarsAreVisible):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/NowPlayingControlsTests.mm:
(-[NowPlayingTestWebView expectRegisteredAsNowPlayingApplication:]):
(TestWebKitAPI::TEST(NowPlayingControlsTests,
LazyRegisterAsNowPlayingApplication)):
Canonical link: https://commits.webkit.org/302830@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 8cad06d49394a68642093e3ad33a039e353ec984
https://github.com/WebKit/WebKit/commit/8cad06d49394a68642093e3ad33a039e353ec984
Author: Jean-Yves Avenard <[email protected]>
Date: 2025-11-11 (Tue, 11 Nov 2025)
Changed paths:
A LayoutTests/media/content/vp9-opus-good-3tracks.webm
A LayoutTests/media/media-multi-audio-tracks-webm-expected.txt
A LayoutTests/media/media-multi-audio-tracks-webm.html
M LayoutTests/platform/mac-site-isolation/TestExpectations
M LayoutTests/platform/mac-wk1/TestExpectations
M Source/WebCore/platform/graphics/cocoa/MediaPlayerPrivateWebM.h
M Source/WebCore/platform/graphics/cocoa/MediaPlayerPrivateWebM.mm
Log Message:
-----------
Cherry-pick 64f63548cbdb. rdar://164507283
com.apple.WebKit.GPU at WebCore:
WebCore::MediaPlayerPrivateWebM::notifyClientWhenReadyForMoreSamples
https://bugs.webkit.org/show_bug.cgi?id=302074
rdar://163061241
Reviewed by Youenn Fablet.
If a samples was demuxed from a track not yet activated, it will cause the
MediaPlayerPrivateWebM
to use an invalid iterator to retrieve the track number.
This condition will easily occur if the webm had more than 1 track of each
kind.
We abort notifyClientWhenReadyForMoreSamples method, if the tracks isn't
enabled yet.
Test: media/media-multi-audio-tracks-webm.html
* LayoutTests/media/content/vp9-opus-good-3tracks.webm: Added.
* LayoutTests/media/media-multi-audio-tracks-webm-expected.txt: Added.
* LayoutTests/media/media-multi-audio-tracks-webm.html: Added.
* Source/WebCore/platform/graphics/cocoa/MediaPlayerPrivateWebM.h:
* Source/WebCore/platform/graphics/cocoa/MediaPlayerPrivateWebM.mm:
(WebCore::MediaPlayerPrivateWebM::notifyClientWhenReadyForMoreSamples):
(WebCore::MediaPlayerPrivateWebM::isReadyForMoreSamples):
(WebCore::MediaPlayerPrivateWebM::maybeTrackIdentifierFor const):
Canonical link: https://commits.webkit.org/302672@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: aea1e1980b4867ac1e8f898c07ac563e58230e69
https://github.com/WebKit/WebKit/commit/aea1e1980b4867ac1e8f898c07ac563e58230e69
Author: Keith Miller <[email protected]>
Date: 2025-11-11 (Tue, 11 Nov 2025)
Changed paths:
M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Log Message:
-----------
Cherry-pick 6d14496d4801. rdar://164506723
Validate proven values for MaterializeNewArrayWithButterfly at FTL lowering
time
https://bugs.webkit.org/show_bug.cgi?id=302338
rdar://164352313
Reviewed by Yijia Huang.
We're seeing crashes in that ASSERT in the AbstractInterpreter. Let's try
moving the validation to where it's actually important that it's true,
which is at lowering.
No new tests, speculative fix.
Canonical link: https://commits.webkit.org/302860@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 890b1ca0fc8219804d6734e3dee88c89a3933238
https://github.com/WebKit/WebKit/commit/890b1ca0fc8219804d6734e3dee88c89a3933238
Author: Elijah Sawyers <[email protected]>
Date: 2025-11-11 (Tue, 11 Nov 2025)
Changed paths:
M Source/WebKit/Shared/Extensions/WebExtensionSQLiteStore.cpp
M
Source/WebKit/UIProcess/Extensions/API/WebExtensionContextAPIDeclarativeNetRequest.cpp
Log Message:
-----------
Cherry-pick 2c40b8db2d24. rdar://164436702
Crash in WebKit:
WTF::Detail::CallableWrapper<WebKit::WebExtensionContext::updateDeclarativeNetRequestRulesInStorage
https://bugs.webkit.org/show_bug.cgi?id=302274
rdar://164266092
Reviewed by Timothy Hatcher.
This patch fixes a crash where the savepoint identifier is being accessed
without first checking
that it's non-null. To fix this, return an error if we don't have a
savepoint identifier.
These changes also include cleanup to use isEmpty rather than length when
checking for an error
message.
* Source/WebKit/Shared/Extensions/WebExtensionSQLiteStore.cpp:
(WebKit::WebExtensionSQLiteStore::deleteDatabase):
(WebKit::WebExtensionSQLiteStore::createSavepoint):
*
Source/WebKit/UIProcess/Extensions/API/WebExtensionContextAPIDeclarativeNetRequest.cpp:
(WebKit::WebExtensionContext::updateDeclarativeNetRequestRulesInStorage):
(WebKit::WebExtensionContext::declarativeNetRequestGetDynamicRules):
(WebKit::WebExtensionContext::declarativeNetRequestGetSessionRules):
Canonical link: https://commits.webkit.org/302816@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 612714590ec95572cba7ee7c08f6c72a0a566ebd
https://github.com/WebKit/WebKit/commit/612714590ec95572cba7ee7c08f6c72a0a566ebd
Author: Mohsin Qureshi <[email protected]>
Date: 2025-11-12 (Wed, 12 Nov 2025)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7
Canonical link: https://commits.webkit.org/[email protected]
Commit: fc2a019a355807680a97130341a962ae37ea5ce5
https://github.com/WebKit/WebKit/commit/fc2a019a355807680a97130341a962ae37ea5ce5
Author: Alan Baradlay <[email protected]>
Date: 2025-11-12 (Wed, 12 Nov 2025)
Changed paths:
M Source/WebCore/layout/integration/inline/LayoutIntegrationLineLayout.cpp
M Source/WebCore/rendering/FloatingObjects.cpp
M Source/WebCore/rendering/FloatingObjects.h
M Source/WebCore/rendering/RenderBlockFlow.cpp
M Source/WebCore/rendering/RenderBox.cpp
M Source/WebCore/rendering/updating/RenderTreeBuilder.cpp
Log Message:
-----------
Cherry-pick ccb42032033b. rdar://164557986
Cherry-pick 7825665ffb56. rdar://164558496
Crash in WebCore::RenderBox::removeFloatingAndInvalidateForLayout
https://bugs.webkit.org/show_bug.cgi?id=302360
Reviewed by Antti Koivisto.
This is a speculative fix to avoid null-deref in
FloatingObject::renderer().
(Normally a renderer should not outlive its FloatingObject(s), but it
may happen when an
overhanging float generates many FloatingObject across different
subtrees and we fail
to invalidate those subtrees when the renderer goes out of scope.)
*
Source/WebCore/layout/integration/LayoutIntegrationFormattingContextLayout.cpp:
(WebCore::LayoutIntegration::layoutWithFormattingContextForBlockInInline):
*
Source/WebCore/layout/integration/inline/LayoutIntegrationLineLayout.cpp:
(WebCore::LayoutIntegration::LineLayout::preparePlacedFloats):
* Source/WebCore/rendering/FloatingObjects.cpp:
(WebCore::FloatingObject::copyToNewContainer const):
(WebCore::FloatingObject::cloneForNewParent const):
callers ensure we've got valid renderer here.
(WebCore::FloatingObject::translationOffsetToAncestor const):
(WebCore::operator<<):
(WebCore::FindNextFloatLogicalBottomAdapter::collectIfNeeded):
(WebCore::FloatingObjects::shiftFloatsBy):
(WebCore::ComputeFloatOffsetForLineLayoutAdapter<FloatingObject::FloatLeft>::updateOffsetIfNeeded):
(WebCore::ComputeFloatOffsetForLineLayoutAdapter<FloatingObject::FloatRight>::updateOffsetIfNeeded):
* Source/WebCore/rendering/FloatingObjects.h:
(WebCore::FloatingObject::renderer const):
(WebCore::FloatingObjectHashFunctions::hash):
(WebCore::FloatingObjectHashFunctions::equal):
(WebCore::FloatingObjectHashTranslator::equal):
* Source/WebCore/rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::rebuildFloatingObjectSetFromIntrudingFloats):
(WebCore::RenderBlockFlow::styleDidChange):
(WebCore::RenderBlockFlow::addFloatsToNewParent const):
(WebCore::RenderBlockFlow::repaintOverhangingFloats):
(WebCore::RenderBlockFlow::paintFloats):
(WebCore::RenderBlockFlow::clipOutFloatingBoxes):
(WebCore::RenderBlockFlow::computeLogicalLocationForFloat):
(WebCore::RenderBlockFlow::positionNewFloats):
(WebCore::RenderBlockFlow::lowestInitialLetterLogicalBottom const):
(WebCore::RenderBlockFlow::addOverhangingFloats):
(WebCore::RenderBlockFlow::addIntrudingFloats):
(WebCore::RenderBlockFlow::markSiblingsWithFloatsForLayout):
(WebCore::RenderBlockFlow::flipFloatForWritingModeForChild const):
(WebCore::RenderBlockFlow::hitTestFloats):
* Source/WebCore/rendering/RenderBox.cpp:
(WebCore::RenderBox::addOverflowFromFloatBox):
(WebCore::RenderBox::updateFloatPainterAfterSelfPaintingLayerChange):
* Source/WebCore/rendering/updating/RenderTreeBuilder.cpp:
(WebCore::RenderTreeBuilder::removeFloatingObjects):
Canonical link: https://commits.webkit.org/302908@main
Identifier: 301765.305@safari-7623-branch
Commit: ae22702a4e5a4b4ee0d6327c30202898debfe81a
https://github.com/WebKit/WebKit/commit/ae22702a4e5a4b4ee0d6327c30202898debfe81a
Author: Mohsin Qureshi <[email protected]>
Date: 2025-11-13 (Thu, 13 Nov 2025)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7
Canonical link: https://commits.webkit.org/[email protected]
Commit: 594a85d217f725aac62dfc362c175ce136475ee1
https://github.com/WebKit/WebKit/commit/594a85d217f725aac62dfc362c175ce136475ee1
Author: Kimmo Kinnunen <[email protected]>
Date: 2025-11-13 (Thu, 13 Nov 2025)
Changed paths:
M Source/WebKit/WebProcess/GPU/graphics/RemoteGraphicsContextProxy.cpp
M Source/WebKit/WebProcess/GPU/graphics/RemoteGraphicsContextProxy.h
M Source/WebKit/WebProcess/GPU/graphics/RemoteResourceCacheProxy.cpp
M Source/WebKit/WebProcess/GPU/graphics/RemoteResourceCacheProxy.h
Log Message:
-----------
Cherry-pick 4cd951ea3ba2. rdar://164649563
GPUP: Avoid message check failures on failure to send NativeImages to GPUP
https://bugs.webkit.org/show_bug.cgi?id=301999
rdar://164076543
Reviewed by Mike Wyrzykowski.
NativeImage send to GPUP might fail due to resource exhausition (memory,
file handles) or due to the image not existing due to previous GPUP
crash.
Add return value to recordResourceUse() to check if the image was sent
successfully, and only issue the respective RemoteGraphicsContext
rendering command in case it was.
* Source/WebKit/WebProcess/GPU/graphics/RemoteGraphicsContextProxy.cpp:
(WebKit::RemoteGraphicsContextProxy::clipToImageBuffer):
(WebKit::RemoteGraphicsContextProxy::drawNativeImage):
(WebKit::RemoteGraphicsContextProxy::drawSystemImage):
(WebKit::RemoteGraphicsContextProxy::drawPattern):
(WebKit::RemoteGraphicsContextProxy::recordResourceUse):
* Source/WebKit/WebProcess/GPU/graphics/RemoteGraphicsContextProxy.h:
* Source/WebKit/WebProcess/GPU/graphics/RemoteResourceCacheProxy.cpp:
(WebKit::RemoteResourceCacheProxy::recordNativeImageUse):
* Source/WebKit/WebProcess/GPU/graphics/RemoteResourceCacheProxy.h:
Canonical link: https://commits.webkit.org/302636@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: ac1f8e9c43973d3d0e410e5746ae8ecec807563d
https://github.com/WebKit/WebKit/commit/ac1f8e9c43973d3d0e410e5746ae8ecec807563d
Author: Mohsin Qureshi <[email protected]>
Date: 2025-11-13 (Thu, 13 Nov 2025)
Changed paths:
M Source/WebKit/WebProcess/GPU/graphics/RemoteGraphicsContextProxy.cpp
M Source/WebKit/WebProcess/GPU/graphics/RemoteGraphicsContextProxy.h
M Source/WebKit/WebProcess/GPU/graphics/RemoteResourceCacheProxy.cpp
M Source/WebKit/WebProcess/GPU/graphics/RemoteResourceCacheProxy.h
Log Message:
-----------
Revert 4cd951ea3ba2. rdar://164649563
This reverts commit 594a85d217f725aac62dfc362c175ce136475ee1.
Canonical link: https://commits.webkit.org/[email protected]
Commit: 62e7498c058e8c0f5bd3bb4e78991c51371b936f
https://github.com/WebKit/WebKit/commit/62e7498c058e8c0f5bd3bb4e78991c51371b936f
Author: Mohsin Qureshi <[email protected]>
Date: 2025-11-14 (Fri, 14 Nov 2025)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7
Canonical link: https://commits.webkit.org/[email protected]
Commit: 565b35154ebfb37273dfa67de85605084c1ea62e
https://github.com/WebKit/WebKit/commit/565b35154ebfb37273dfa67de85605084c1ea62e
Author: Franco Vieira de Souza <[email protected]>
Date: 2025-11-14 (Fri, 14 Nov 2025)
Changed paths:
M Source/WebKit/UIProcess/ios/WKTouchEventsGestureRecognizer.mm
Log Message:
-----------
Cherry-pick 4635cf86519a. rdar://164742549
Stop using WallTime on WKTouchEvent
https://bugs.webkit.org/show_bug.cgi?id=302135
rdar://164214808
Reviewed by Abrar Rahman Protyasha.
The conversion from MonotonicTime to WallTime was removed. The
conversion has been wrong since 299753@main, which changed
WebEvent's timestamp from WallTime to MonotonicTime.
* Source/WebKit/UIProcess/ios/WKTouchEventsGestureRecognizer.mm:
(-[WKTouchEventsGestureRecognizer _touchEventForChildTouch:withParent:]):
(-[WKTouchEventsGestureRecognizer _recordTouches:ofType:forEvent:]):
(approximateWallTime): Deleted.
Canonical link: https://commits.webkit.org/302718@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: b006b16c44548809d5a36831832faea58cfd8041
https://github.com/WebKit/WebKit/commit/b006b16c44548809d5a36831832faea58cfd8041
Author: Yusuke Suzuki <[email protected]>
Date: 2025-11-14 (Fri, 14 Nov 2025)
Changed paths:
M Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp
Log Message:
-----------
Cherry-pick 0cfb4a033f7e. rdar://164593392
[JSC] StoreBarrierInsertionPhase's escape should mark all transitively
incoming values to phi
https://bugs.webkit.org/show_bug.cgi?id=302502
rdar://164593392
Reviewed by Keith Miller and Mark Lam.
Let's have the following code.
BB#1
a: NewObject
b: NewObject
...
c: Upsilon(@b, ^f)
Branch(BB#2, BB#3)
BB#2
...
d: Something
e: Upsilon(@d, ^f)
Jump(BB#3)
BB#3
f: Phi(@c, @e)
...
g: PutByOffset(@a, @f)
...
h: PutByOffset(@b, ...)
...
Since @b can cause GC, epoch is bumped and @a can be in the old region.
As a result, in @g, we should insert a StoreBarrier after that. And
because this old @a can leak @f to the world scanned by concurrent GC,
we need to escape @f and subsequent code must insert a StoreBarrier when
@f's properties are modified. However we are marking @f, but not marking
all incoming values @b and @d propagated through Upsilon. As a result,
@h can use @b directly (since BB#3 is dominated by BB#1, it is fine),
and we failed to insert a StoreBarrier after @h since @b is not marked!
This patch fixes it by marking all transitively incoming values for the
escaped one. The code will mark the node itself, and then mark all
incoming nodes when the node is Phi.
* Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp:
Identifier: 301765.315@safari-7623-branch
Canonical link: https://commits.webkit.org/[email protected]
Commit: 7767f52bdd2565f8d9fe973cbdbb4027067f6658
https://github.com/WebKit/WebKit/commit/7767f52bdd2565f8d9fe973cbdbb4027067f6658
Author: Mohsin Qureshi <[email protected]>
Date: 2025-11-14 (Fri, 14 Nov 2025)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7
Canonical link: https://commits.webkit.org/[email protected]
Commit: 9d5cf7efab639a00ecd11599291a799733ba88d5
https://github.com/WebKit/WebKit/commit/9d5cf7efab639a00ecd11599291a799733ba88d5
Author: Mohsin Qureshi <[email protected]>
Date: 2025-11-15 (Sat, 15 Nov 2025)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7
Canonical link: https://commits.webkit.org/[email protected]
Commit: d8845f972d20d49f797d0dcbf3228c4b8a79bc42
https://github.com/WebKit/WebKit/commit/d8845f972d20d49f797d0dcbf3228c4b8a79bc42
Author: Mohsin Qureshi <[email protected]>
Date: 2025-11-17 (Mon, 17 Nov 2025)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7
Canonical link: https://commits.webkit.org/[email protected]
Commit: c346c0458050e381d3b077a3388037889992ac51
https://github.com/WebKit/WebKit/commit/c346c0458050e381d3b077a3388037889992ac51
Author: Youenn Fablet <[email protected]>
Date: 2025-11-17 (Mon, 17 Nov 2025)
Changed paths:
M Source/WebCore/Modules/streams/StreamPipeToUtilities.cpp
Log Message:
-----------
Cherry-pick 6e95d94a448e. rdar://164088592
StreamPipeToState::doWrite needs to handle a null write promise
rdar://164088592
https://bugs.webkit.org/show_bug.cgi?id=302067
Reviewed by Chris Dumez.
In case of a worker, the write operation may result in an exception,
leading to a null promise.
In that case, we bail out.
* Source/WebCore/Modules/streams/StreamPipeToUtilities.cpp:
(WebCore::StreamPipeToState::doWrite):
Canonical link: https://commits.webkit.org/302645@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 1aa2b76ad6db878e9a5b81ba23c4c55430078313
https://github.com/WebKit/WebKit/commit/1aa2b76ad6db878e9a5b81ba23c4c55430078313
Author: Yulun Wu <[email protected]>
Date: 2025-11-17 (Mon, 17 Nov 2025)
Changed paths:
A
LayoutTests/fast/css3-text/css3-text-wrap/text-wrap-pretty-line-break-crash-4-expected.txt
A
LayoutTests/fast/css3-text/css3-text-wrap/text-wrap-pretty-line-break-crash-4.html
A
LayoutTests/fast/css3-text/css3-text-wrap/text-wrap-pretty-line-break-crash-5-expected.txt
A
LayoutTests/fast/css3-text/css3-text-wrap/text-wrap-pretty-line-break-crash-5.html
M
Source/WebCore/layout/formattingContexts/inline/InlineContentConstrainer.cpp
Log Message:
-----------
Cherry-pick 1ba13fd5f322. rdar://164901509
Cherry-pick 44bd78d54f85. rdar://164901509
[text-wrap][pretty] Fix incorrect index in InlineContentConstrainer
hyphenation fallback
https://bugs.webkit.org/show_bug.cgi?id=302553
<rdar://164680038>
Reviewed by Alan Baradlay.
This PR fixes a bug where the hyphenation fallback was using the wrong
starting inline item position. We should use:
breakOpportunities[lastValidStateIndex]
to correctly look up the actual inline item index from
the break opportunities array.
This PR also adds bounds checks before accessing the arrays.
Combined changes:
*
LayoutTests/fast/css3-text/css3-text-wrap/text-wrap-pretty-line-break-crash-4-expected.txt:
Added.
*
LayoutTests/fast/css3-text/css3-text-wrap/text-wrap-pretty-line-break-crash-4.html:
Added.
*
LayoutTests/fast/css3-text/css3-text-wrap/text-wrap-pretty-line-break-crash-5-expected.txt:
Added.
*
LayoutTests/fast/css3-text/css3-text-wrap/text-wrap-pretty-line-break-crash-5.html:
Added.
*
Source/WebCore/layout/formattingContexts/inline/InlineContentConstrainer.cpp:
(WebCore::Layout::InlineContentConstrainer::prettifyRange):
Canonical link: https://commits.webkit.org/303130@main
Canonical link:
https://commits.webkit.org/[email protected]
Canonical link: https://commits.webkit.org/[email protected]
Commit: b50d9f2ccc0ddcd83cec80f5ca1fbdd262bf4477
https://github.com/WebKit/WebKit/commit/b50d9f2ccc0ddcd83cec80f5ca1fbdd262bf4477
Author: Mohsin Qureshi <[email protected]>
Date: 2025-11-17 (Mon, 17 Nov 2025)
Changed paths:
M Source/WebCore/Modules/streams/StreamPipeToUtilities.cpp
Log Message:
-----------
Revert 6e95d94a448e. rdar://164088592
This reverts commit c346c0458050e381d3b077a3388037889992ac51.
Canonical link: https://commits.webkit.org/[email protected]
Commit: fd402f4efee031d3e0b856071128179edbfc6bce
https://github.com/WebKit/WebKit/commit/fd402f4efee031d3e0b856071128179edbfc6bce
Author: Mohsin Qureshi <[email protected]>
Date: 2025-11-18 (Tue, 18 Nov 2025)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7
Canonical link: https://commits.webkit.org/[email protected]
Commit: 7732a1acb12f1f24f7e32a501947a0c76d4b9492
https://github.com/WebKit/WebKit/commit/7732a1acb12f1f24f7e32a501947a0c76d4b9492
Author: Sihui Liu <[email protected]>
Date: 2025-11-18 (Tue, 18 Nov 2025)
Changed paths:
M Source/WebCore/loader/FrameLoader.cpp
Log Message:
-----------
Cherry-pick a8867a943aab. rdar://164964499
Null dereference of m_policyDocumentLoader in
FrameLoader::continueLoadAfterNavigationPolicy()
rdar://164964499
https://bugs.webkit.org/show_bug.cgi?id=302721
Reviewed by Rupin Mittal, Per Arne Vollan, and Matthew Finkel.
Add a null check for m_policyDocumentLoader before accessing it.
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::continueLoadAfterNavigationPolicy):
Canonical link: https://commits.webkit.org/303212@main
Canonical link: https://commits.webkit.org/[email protected]
Compare: https://github.com/WebKit/WebKit/compare/805628683357%5E...7732a1acb12f
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
