diff -Nru webkit2gtk-2.16.1/debian/changelog webkit2gtk-2.16.2/debian/changelog
--- webkit2gtk-2.16.1/debian/changelog	2017-05-08 18:17:20.000000000 +0000
+++ webkit2gtk-2.16.2/debian/changelog	2017-05-13 22:16:26.000000000 +0000
@@ -1,3 +1,13 @@
+webkit2gtk (2.16.2-0ubuntu0.17.04.1) zesty; urgency=medium
+
+  * New upstream release (LP: #1690536)
+  * Drop patches applied in new release
+    - fix-ftbfs-x32.patch
+    - fix-google-login.patch
+    - fix-new-youtube.patch
+
+ -- Jeremy Bicha <jbicha@ubuntu.com>  Sat, 13 May 2017 18:16:26 -0400
+
 webkit2gtk (2.16.1-1ubuntu0.17.04.1) zesty; urgency=medium
 
   * Add fix-google-login.patch:
diff -Nru webkit2gtk-2.16.1/debian/patches/fix-ftbfs-x32.patch webkit2gtk-2.16.2/debian/patches/fix-ftbfs-x32.patch
--- webkit2gtk-2.16.1/debian/patches/fix-ftbfs-x32.patch	2017-05-08 18:17:20.000000000 +0000
+++ webkit2gtk-2.16.2/debian/patches/fix-ftbfs-x32.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,16 +0,0 @@
-From: Thorsten Glaser <tg@mirbsd.de>
-Subject: Fix FTBFS in x32
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856498
-Index: webkitgtk/Source/WTF/wtf/Platform.h
-===================================================================
---- webkitgtk.orig/Source/WTF/wtf/Platform.h
-+++ webkitgtk/Source/WTF/wtf/Platform.h
-@@ -679,7 +679,7 @@
- #endif
- 
- #if !defined(USE_JSVALUE64) && !defined(USE_JSVALUE32_64)
--#if (CPU(X86_64) && (OS(UNIX) || OS(WINDOWS))) \
-+#if (CPU(X86_64) && !defined(__ILP32__) && (OS(UNIX) || OS(WINDOWS))) \
-     || (CPU(IA64) && !CPU(IA64_32)) \
-     || CPU(ALPHA) \
-     || CPU(ARM64) \
diff -Nru webkit2gtk-2.16.1/debian/patches/fix-google-login.patch webkit2gtk-2.16.2/debian/patches/fix-google-login.patch
--- webkit2gtk-2.16.1/debian/patches/fix-google-login.patch	2017-05-08 18:17:20.000000000 +0000
+++ webkit2gtk-2.16.2/debian/patches/fix-google-login.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,31 +0,0 @@
-From: Michael Catanzaro  <mcatanzaro@igalia.com>
-Subject: [GTK] Cannot sign in with new Google sign-in page
-Bug: https://bugs.webkit.org/show_bug.cgi?id=171770
-Bug-Ubuntu: https://launchpad.net/bugs/1687019 
- Reviewed by Carlos Garcia Campos.
-
- Google's new authentication page does not work with the Firefox user
- agent that's required to make various Google websites work. Special-case
- accounts.google.com so that it receives our standard user agent.
-
-Index: webkitgtk/Source/WebCore/platform/UserAgentQuirks.cpp
-===================================================================
---- webkitgtk/Source/WebCore/platform/UserAgentQuirks.cpp	(revision 216342)
-+++ webkitgtk/Source/WebCore/platform/UserAgentQuirks.cpp	(revision 216343)
-@@ -42,6 +42,7 @@
-     // https://webkit.org/b/142074 carefully before changing. Test that Earth
-     // view is available in Google Maps. Test Google Calendar. Test downloading
--    // the Hangouts browser plugin. Change platformVersionForUAString() to
--    // return "FreeBSD amd64" and test Maps and Calendar again.
-+    // the Hangouts browser plugin. Test logging out and logging in to a Google
-+    // account. Change platformVersionForUAString() to return "FreeBSD amd64"
-+    // and test everything again.
-     if (baseDomain.startsWith("google."))
-         return true;
-@@ -76,5 +77,5 @@
- static bool urlRequiresFirefoxBrowser(const URL& url)
- {
--    return isGoogle(url);
-+    return isGoogle(url) && url.host() != "accounts.google.com";
- }
- 
diff -Nru webkit2gtk-2.16.1/debian/patches/fix-new-youtube.patch webkit2gtk-2.16.2/debian/patches/fix-new-youtube.patch
--- webkit2gtk-2.16.1/debian/patches/fix-new-youtube.patch	2017-05-08 18:17:20.000000000 +0000
+++ webkit2gtk-2.16.2/debian/patches/fix-new-youtube.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,22 +0,0 @@
-From: Michael Catanzaro  <mcatanzaro@igalia.com>
-Subject: YouTube user agent quirk breaks new YouTube
-Bug: https://bugs.webkit.org/show_bug.cgi?id=171603
- Reviewed by Carlos Garcia Campos.
-
- Our user agent quirk to make YouTube 360 work breaks the new YouTube UI, causing it to
- attempt to use the obsolete custom elements v0 API. WebKit only supports the v1 API. We
- have to remove this quirk.
-
-Index: webkitgtk/Source/WebCore/platform/UserAgentQuirks.cpp
-===================================================================
---- webkitgtk/Source/WebCore/platform/UserAgentQuirks.cpp	(revision 216138)
-+++ webkitgtk/Source/WebCore/platform/UserAgentQuirks.cpp	(revision 216139)
-@@ -65,8 +65,4 @@
-     // https://bugs.webkit.org/show_bug.cgi?id=147296
-     if (baseDomain == "typekit.net" || baseDomain == "typekit.com")
--        return true;
--
--    // Needed for YouTube 360 with WebKitGTK+ and WPE (requires ENABLE_MEDIA_SOURCE).
--    if (baseDomain == "youtube.com")
-         return true;
- 
diff -Nru webkit2gtk-2.16.1/debian/patches/series webkit2gtk-2.16.2/debian/patches/series
--- webkit2gtk-2.16.1/debian/patches/series	2017-05-08 18:17:20.000000000 +0000
+++ webkit2gtk-2.16.2/debian/patches/series	2017-05-13 22:16:26.000000000 +0000
@@ -2,6 +2,3 @@
 fix-ftbfs-alpha.patch
 fix-ftbfs-armel.patch
 fix-ftbfs-hurd.patch
-fix-ftbfs-x32.patch
-fix-google-login.patch
-fix-new-youtube.patch
diff -Nru webkit2gtk-2.16.1/Documentation/webkit2gtk-4.0/html/index.html webkit2gtk-2.16.2/Documentation/webkit2gtk-4.0/html/index.html
--- webkit2gtk-2.16.1/Documentation/webkit2gtk-4.0/html/index.html	2017-04-04 07:34:15.000000000 +0000
+++ webkit2gtk-2.16.2/Documentation/webkit2gtk-4.0/html/index.html	2017-05-09 08:22:06.000000000 +0000
@@ -14,7 +14,7 @@
 <div class="titlepage">
 <div>
 <div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">WebKit2GTK+ Reference Manual</p></th></tr></table></div>
-<div><p class="releaseinfo">for WebKit2GTK+ 2.16.1</p></div>
+<div><p class="releaseinfo">for WebKit2GTK+ 2.16.2</p></div>
 </div>
 <hr>
 </div>
diff -Nru webkit2gtk-2.16.1/Documentation/webkit2gtk-4.0/html/webkit2gtk-4.0-WebKitVersion.html webkit2gtk-2.16.2/Documentation/webkit2gtk-4.0/html/webkit2gtk-4.0-WebKitVersion.html
--- webkit2gtk-2.16.1/Documentation/webkit2gtk-4.0/html/webkit2gtk-4.0-WebKitVersion.html	2017-04-04 07:34:05.000000000 +0000
+++ webkit2gtk-2.16.2/Documentation/webkit2gtk-4.0/html/webkit2gtk-4.0-WebKitVersion.html	2017-05-09 08:21:56.000000000 +0000
@@ -177,7 +177,7 @@
 <hr>
 <div class="refsect2">
 <a name="WEBKIT-MICRO-VERSION:CAPS"></a><h3>WEBKIT_MICRO_VERSION</h3>
-<pre class="programlisting">#define WEBKIT_MICRO_VERSION (1)
+<pre class="programlisting">#define WEBKIT_MICRO_VERSION (2)
 </pre>
 <p>Like <a class="link" href="webkit2gtk-4.0-WebKitVersion.html#webkit-get-micro-version" title="webkit_get_micro_version ()"><code class="function">webkit_get_micro_version()</code></a>, but from the headers used at
 application compile time, rather than from the library linked
diff -Nru webkit2gtk-2.16.1/Documentation/webkitdomgtk-4.0/html/index.html webkit2gtk-2.16.2/Documentation/webkitdomgtk-4.0/html/index.html
--- webkit2gtk-2.16.1/Documentation/webkitdomgtk-4.0/html/index.html	2017-04-04 07:33:45.000000000 +0000
+++ webkit2gtk-2.16.2/Documentation/webkitdomgtk-4.0/html/index.html	2017-05-09 08:21:36.000000000 +0000
@@ -14,7 +14,7 @@
 <div class="titlepage">
 <div>
 <div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">WebKitDOMGTK+ Reference Manual</p></th></tr></table></div>
-<div><p class="releaseinfo">for WebKitDOMGTK+ 2.16.1</p></div>
+<div><p class="releaseinfo">for WebKitDOMGTK+ 2.16.2</p></div>
 </div>
 <hr>
 </div>
diff -Nru webkit2gtk-2.16.1/NEWS webkit2gtk-2.16.2/NEWS
--- webkit2gtk-2.16.1/NEWS	2017-04-04 07:41:30.000000000 +0000
+++ webkit2gtk-2.16.2/NEWS	2017-05-09 07:56:50.000000000 +0000
@@ -1,4 +1,16 @@
 ==================
+WebKitGTK+  2.16.2
+==================
+
+  - Update user agent quirks to make Youtube and new Google login page work.
+  - Fix rendering of animated PNGs.
+  - Fix playing of some live streams.
+  - Update several web inspector icons.
+  - Fix the build with NPAPI plugins enabled but X11 disabled.
+  - Fix the build with OpenGL disabled.
+  - Fix several crashes and rendering issues.
+
+==================
 WebKitGTK+  2.16.1
 ==================
 
diff -Nru webkit2gtk-2.16.1/Source/bmalloc/bmalloc/bmalloc.h webkit2gtk-2.16.2/Source/bmalloc/bmalloc/bmalloc.h
--- webkit2gtk-2.16.1/Source/bmalloc/bmalloc/bmalloc.h	2017-02-20 16:20:18.000000000 +0000
+++ webkit2gtk-2.16.2/Source/bmalloc/bmalloc/bmalloc.h	2017-05-08 12:35:15.000000000 +0000
@@ -76,7 +76,7 @@
     scavengeThisThread();
 
     std::unique_lock<StaticMutex> lock(PerProcess<Heap>::mutex());
-    PerProcess<Heap>::get()->scavenge(lock, std::chrono::milliseconds(0));
+    PerProcess<Heap>::get()->scavenge(lock, Sync);
 }
 
 inline bool isEnabled()
diff -Nru webkit2gtk-2.16.1/Source/bmalloc/bmalloc/Heap.cpp webkit2gtk-2.16.2/Source/bmalloc/bmalloc/Heap.cpp
--- webkit2gtk-2.16.1/Source/bmalloc/bmalloc/Heap.cpp	2017-02-20 16:20:18.000000000 +0000
+++ webkit2gtk-2.16.2/Source/bmalloc/bmalloc/Heap.cpp	2017-05-08 12:35:17.000000000 +0000
@@ -36,7 +36,6 @@
 
 Heap::Heap(std::lock_guard<StaticMutex>&)
     : m_vmPageSizePhysical(vmPageSizePhysical())
-    , m_isAllocatingPages(false)
     , m_scavenger(*this, &Heap::concurrentScavenge)
     , m_debugHeap(nullptr)
 {
@@ -108,52 +107,63 @@
 
 void Heap::concurrentScavenge()
 {
-    std::unique_lock<StaticMutex> lock(PerProcess<Heap>::mutex());
-
 #if BOS(DARWIN)
-    if (auto requestedQOSClass = PerProcess<Heap>::getFastCase()->takeRequestedScavengerThreadQOSClass())
-        pthread_set_qos_class_self_np(requestedQOSClass, 0);
+    pthread_set_qos_class_self_np(m_requestedScavengerThreadQOSClass, 0);
 #endif
 
-    scavenge(lock, scavengeSleepDuration);
+    std::unique_lock<StaticMutex> lock(PerProcess<Heap>::mutex());
+
+    scavenge(lock, Async);
 }
 
-void Heap::scavenge(std::unique_lock<StaticMutex>& lock, std::chrono::milliseconds sleepDuration)
+void Heap::scavenge(std::unique_lock<StaticMutex>& lock, ScavengeMode scavengeMode)
 {
-    waitUntilFalse(lock, sleepDuration, m_isAllocatingPages);
+    m_isAllocatingPages.fill(false);
+    m_isAllocatingLargePages = false;
 
-    scavengeSmallPages(lock, sleepDuration);
-    scavengeLargeObjects(lock, sleepDuration);
+    if (scavengeMode == Async)
+        sleep(lock, scavengeSleepDuration);
 
-    sleep(lock, sleepDuration);
+    scavengeSmallPages(lock, scavengeMode);
+    scavengeLargeObjects(lock, scavengeMode);
 }
 
-void Heap::scavengeSmallPages(std::unique_lock<StaticMutex>& lock, std::chrono::milliseconds sleepDuration)
+void Heap::scavengeSmallPages(std::unique_lock<StaticMutex>& lock, ScavengeMode scavengeMode)
 {
-    for (auto& smallPages : m_smallPages) {
+    for (size_t pageClass = 0; pageClass < pageClassCount; pageClass++) {
+        auto& smallPages = m_smallPages[pageClass];
+
         while (!smallPages.isEmpty()) {
+            if (m_isAllocatingPages[pageClass]) {
+                m_scavenger.run();
+                break;
+            }
+
             SmallPage* page = smallPages.pop();
-            size_t pageClass = m_pageClasses[page->sizeClass()];
-            m_vmHeap.deallocateSmallPage(lock, pageClass, page);
-            waitUntilFalse(lock, sleepDuration, m_isAllocatingPages);
+            m_vmHeap.deallocateSmallPage(lock, pageClass, page, scavengeMode);
         }
     }
 }
 
-void Heap::scavengeLargeObjects(std::unique_lock<StaticMutex>& lock, std::chrono::milliseconds sleepDuration)
+void Heap::scavengeLargeObjects(std::unique_lock<StaticMutex>& lock, ScavengeMode scavengeMode)
 {
     auto& ranges = m_largeFree.ranges();
     for (size_t i = ranges.size(); i-- > 0; i = std::min(i, ranges.size())) {
+        if (m_isAllocatingLargePages) {
+            m_scavenger.run();
+            break;
+        }
+
         auto range = ranges.pop(i);
 
-        lock.unlock();
+        if (scavengeMode == Async)
+            lock.unlock();
         vmDeallocatePhysicalPagesSloppy(range.begin(), range.size());
-        lock.lock();
+        if (scavengeMode == Async)
+            lock.lock();
 
         range.setPhysicalSize(0);
         ranges.push(range);
-
-        waitUntilFalse(lock, sleepDuration, m_isAllocatingPages);
     }
 }
 
@@ -167,7 +177,7 @@
         if (!m_smallPages[pageClass].isEmpty())
             return m_smallPages[pageClass].pop();
 
-        m_isAllocatingPages = true;
+        m_isAllocatingPages[pageClass] = true;
 
         SmallPage* page = m_vmHeap.allocateSmallPage(lock, pageClass);
         m_objectTypes.set(Chunk::get(page), ObjectType::Small);
@@ -336,7 +346,7 @@
     }
     
     if (range.physicalSize() < range.size()) {
-        m_isAllocatingPages = true;
+        m_isAllocatingLargePages = true;
 
         vmAllocatePhysicalPagesSloppy(range.begin() + range.physicalSize(), range.size() - range.physicalSize());
         range.setPhysicalSize(range.size());
diff -Nru webkit2gtk-2.16.1/Source/bmalloc/bmalloc/Heap.h webkit2gtk-2.16.2/Source/bmalloc/bmalloc/Heap.h
--- webkit2gtk-2.16.1/Source/bmalloc/bmalloc/Heap.h	2017-02-20 16:20:18.000000000 +0000
+++ webkit2gtk-2.16.2/Source/bmalloc/bmalloc/Heap.h	2017-05-08 12:35:15.000000000 +0000
@@ -66,10 +66,9 @@
     size_t largeSize(std::lock_guard<StaticMutex>&, void*);
     void shrinkLarge(std::lock_guard<StaticMutex>&, const Range&, size_t);
 
-    void scavenge(std::unique_lock<StaticMutex>&, std::chrono::milliseconds sleepDuration);
+    void scavenge(std::unique_lock<StaticMutex>&, ScavengeMode);
 
 #if BOS(DARWIN)
-    qos_class_t takeRequestedScavengerThreadQOSClass() { return std::exchange(m_requestedScavengerThreadQOSClass, QOS_CLASS_UNSPECIFIED); }
     void setScavengerThreadQOSClass(qos_class_t overrideClass) { m_requestedScavengerThreadQOSClass = overrideClass; }
 #endif
 
@@ -103,8 +102,8 @@
     LargeRange splitAndAllocate(LargeRange&, size_t alignment, size_t);
 
     void concurrentScavenge();
-    void scavengeSmallPages(std::unique_lock<StaticMutex>&, std::chrono::milliseconds);
-    void scavengeLargeObjects(std::unique_lock<StaticMutex>&, std::chrono::milliseconds);
+    void scavengeSmallPages(std::unique_lock<StaticMutex>&, ScavengeMode);
+    void scavengeLargeObjects(std::unique_lock<StaticMutex>&, ScavengeMode);
 
     size_t m_vmPageSizePhysical;
     Vector<LineMetadata> m_smallLineMetadata;
@@ -118,7 +117,9 @@
 
     Map<Chunk*, ObjectType, ChunkHash> m_objectTypes;
 
-    bool m_isAllocatingPages;
+    std::array<bool, pageClassCount> m_isAllocatingPages;
+    bool m_isAllocatingLargePages;
+
     AsyncTask<Heap, decltype(&Heap::concurrentScavenge)> m_scavenger;
 
     Environment m_environment;
diff -Nru webkit2gtk-2.16.1/Source/bmalloc/bmalloc/VMHeap.h webkit2gtk-2.16.2/Source/bmalloc/bmalloc/VMHeap.h
--- webkit2gtk-2.16.1/Source/bmalloc/bmalloc/VMHeap.h	2017-02-20 16:20:18.000000000 +0000
+++ webkit2gtk-2.16.2/Source/bmalloc/bmalloc/VMHeap.h	2017-05-08 12:35:15.000000000 +0000
@@ -41,10 +41,12 @@
 class EndTag;
 class Heap;
 
+typedef enum { Sync, Async } ScavengeMode;
+
 class VMHeap {
 public:
     SmallPage* allocateSmallPage(std::lock_guard<StaticMutex>&, size_t);
-    void deallocateSmallPage(std::unique_lock<StaticMutex>&, size_t, SmallPage*);
+    void deallocateSmallPage(std::unique_lock<StaticMutex>&, size_t, SmallPage*, ScavengeMode);
 
     LargeRange tryAllocateLargeChunk(std::lock_guard<StaticMutex>&, size_t alignment, size_t);
     
@@ -68,11 +70,13 @@
     return page;
 }
 
-inline void VMHeap::deallocateSmallPage(std::unique_lock<StaticMutex>& lock, size_t pageClass, SmallPage* page)
+inline void VMHeap::deallocateSmallPage(std::unique_lock<StaticMutex>& lock, size_t pageClass, SmallPage* page, ScavengeMode scavengeMode)
 {
-    lock.unlock();
+    if (scavengeMode == Async)
+        lock.unlock();
     vmDeallocatePhysicalPagesSloppy(page->begin()->begin(), pageSize(pageClass));
-    lock.lock();
+    if (scavengeMode == Async)
+        lock.lock();
     
     m_smallPages[pageClass].push(page);
 }
diff -Nru webkit2gtk-2.16.1/Source/cmake/OptionsCommon.cmake webkit2gtk-2.16.2/Source/cmake/OptionsCommon.cmake
--- webkit2gtk-2.16.1/Source/cmake/OptionsCommon.cmake	2017-02-27 07:11:15.000000000 +0000
+++ webkit2gtk-2.16.2/Source/cmake/OptionsCommon.cmake	2017-05-06 08:48:27.000000000 +0000
@@ -215,7 +215,10 @@
 if (NOT APPLE)
    # If using Ninja with cmake >= 3.6.0 and icecream, then the build is broken
    # if enable the response files. See https://bugs.webkit.org/show_bug.cgi?id=168770
-   if (NOT ((${CMAKE_CXX_COMPILER} MATCHES ".*icecc.*") AND (CMAKE_GENERATOR STREQUAL "Ninja") AND (${CMAKE_VERSION} VERSION_GREATER 3.5)))
+   if (NOT ((((${CMAKE_CXX_COMPILER} MATCHES ".*ccache.*") AND ($ENV{CCACHE_PREFIX} MATCHES ".*icecc.*"))
+        OR (${CMAKE_CXX_COMPILER} MATCHES ".*icecc.*")
+        OR (${AR_VERSION} MATCHES "^BSD ar [^ ]* - libarchive"))
+       AND (CMAKE_GENERATOR STREQUAL "Ninja") AND (${CMAKE_VERSION} VERSION_GREATER 3.5)))
       set(CMAKE_NINJA_FORCE_RESPONSE_FILE 1)
    endif ()
 endif ()
diff -Nru webkit2gtk-2.16.1/Source/cmake/OptionsGTK.cmake webkit2gtk-2.16.2/Source/cmake/OptionsGTK.cmake
--- webkit2gtk-2.16.1/Source/cmake/OptionsGTK.cmake	2017-04-04 07:31:58.000000000 +0000
+++ webkit2gtk-2.16.2/Source/cmake/OptionsGTK.cmake	2017-05-09 07:47:09.000000000 +0000
@@ -2,7 +2,7 @@
 
 set(PROJECT_VERSION_MAJOR 2)
 set(PROJECT_VERSION_MINOR 16)
-set(PROJECT_VERSION_MICRO 1)
+set(PROJECT_VERSION_MICRO 2)
 set(PROJECT_VERSION ${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_MICRO})
 set(WEBKITGTK_API_VERSION 4.0)
 
@@ -14,8 +14,8 @@
 
 # Libtool library version, not to be confused with API version.
 # See http://www.gnu.org/software/libtool/manual/html_node/Libtool-versioning.html
-CALCULATE_LIBRARY_VERSIONS_FROM_LIBTOOL_TRIPLE(WEBKIT2 56 4 19)
-CALCULATE_LIBRARY_VERSIONS_FROM_LIBTOOL_TRIPLE(JAVASCRIPTCORE 23 8 5)
+CALCULATE_LIBRARY_VERSIONS_FROM_LIBTOOL_TRIPLE(WEBKIT2 56 5 19)
+CALCULATE_LIBRARY_VERSIONS_FROM_LIBTOOL_TRIPLE(JAVASCRIPTCORE 23 9 5)
 
 # These are shared variables, but we special case their definition so that we can use the
 # CMAKE_INSTALL_* variables that are populated by the GNUInstallDirs macro.
@@ -106,7 +106,6 @@
 WEBKIT_OPTION_DEPEND(ENABLE_3D_TRANSFORMS ENABLE_OPENGL)
 WEBKIT_OPTION_DEPEND(ENABLE_ACCELERATED_2D_CANVAS ENABLE_OPENGL)
 WEBKIT_OPTION_DEPEND(ENABLE_GLES2 ENABLE_OPENGL)
-WEBKIT_OPTION_DEPEND(ENABLE_NETSCAPE_PLUGIN_API ENABLE_X11_TARGET)
 WEBKIT_OPTION_DEPEND(ENABLE_PLUGIN_PROCESS_GTK2 ENABLE_X11_TARGET)
 WEBKIT_OPTION_DEPEND(ENABLE_THREADED_COMPOSITOR ENABLE_OPENGL)
 WEBKIT_OPTION_DEPEND(ENABLE_WEBGL ENABLE_OPENGL)
@@ -190,14 +189,12 @@
 # only their definedness is. They should only be defined in the true case.
 if (${ENABLE_X11_TARGET})
     SET_AND_EXPOSE_TO_BUILD(MOZ_X11 1)
-endif ()
-if (${WTF_OS_UNIX})
     SET_AND_EXPOSE_TO_BUILD(XP_UNIX 1)
 endif ()
 
 set(ENABLE_WEBKIT OFF)
 set(ENABLE_WEBKIT2 ON)
-set(ENABLE_PLUGIN_PROCESS ${ENABLE_X11_TARGET})
+set(ENABLE_PLUGIN_PROCESS ${ENABLE_NETSCAPE_PLUGIN_API})
 
 add_definitions(-DBUILDING_GTK__=1)
 add_definitions(-DGETTEXT_PACKAGE="WebKit2GTK-${WEBKITGTK_API_VERSION}")
diff -Nru webkit2gtk-2.16.1/Source/cmake/WebKitMacros.cmake webkit2gtk-2.16.2/Source/cmake/WebKitMacros.cmake
--- webkit2gtk-2.16.1/Source/cmake/WebKitMacros.cmake	2017-02-20 16:20:18.000000000 +0000
+++ webkit2gtk-2.16.2/Source/cmake/WebKitMacros.cmake	2017-05-08 17:05:06.000000000 +0000
@@ -283,6 +283,7 @@
         ${${_target}_SOURCES}
     )
     target_include_directories(${_target} PUBLIC "$<BUILD_INTERFACE:${${_target}_INCLUDE_DIRECTORIES}>")
+    target_include_directories(${_target} PRIVATE "$<BUILD_INTERFACE:${${_target}_PRIVATE_INCLUDE_DIRECTORIES}>")
     target_link_libraries(${_target} ${${_target}_LIBRARIES})
     set_target_properties(${_target} PROPERTIES COMPILE_DEFINITIONS "BUILDING_${_target}")
 
diff -Nru webkit2gtk-2.16.1/Source/JavaScriptCore/API/JSStringRef.cpp webkit2gtk-2.16.2/Source/JavaScriptCore/API/JSStringRef.cpp
--- webkit2gtk-2.16.1/Source/JavaScriptCore/API/JSStringRef.cpp	2017-02-20 16:20:08.000000000 +0000
+++ webkit2gtk-2.16.2/Source/JavaScriptCore/API/JSStringRef.cpp	2017-05-08 13:38:20.000000000 +0000
@@ -37,7 +37,7 @@
 JSStringRef JSStringCreateWithCharacters(const JSChar* chars, size_t numChars)
 {
     initializeThreading();
-    return &OpaqueJSString::create(chars, numChars).leakRef();
+    return &OpaqueJSString::create(reinterpret_cast<const UChar*>(chars), numChars).leakRef();
 }
 
 JSStringRef JSStringCreateWithUTF8CString(const char* string)
@@ -62,7 +62,7 @@
 JSStringRef JSStringCreateWithCharactersNoCopy(const JSChar* chars, size_t numChars)
 {
     initializeThreading();
-    return OpaqueJSString::create(StringImpl::createWithoutCopying(chars, numChars)).leakRef();
+    return OpaqueJSString::create(StringImpl::createWithoutCopying(reinterpret_cast<const UChar*>(chars), numChars)).leakRef();
 }
 
 JSStringRef JSStringRetain(JSStringRef string)
@@ -87,7 +87,7 @@
 {
     if (!string)
         return nullptr;
-    return string->characters();
+    return reinterpret_cast<const JSChar*>(string->characters());
 }
 
 size_t JSStringGetMaximumUTF8CStringSize(JSStringRef string)
diff -Nru webkit2gtk-2.16.1/Source/JavaScriptCore/heap/MachineStackMarker.cpp webkit2gtk-2.16.2/Source/JavaScriptCore/heap/MachineStackMarker.cpp
--- webkit2gtk-2.16.1/Source/JavaScriptCore/heap/MachineStackMarker.cpp	2017-04-03 14:00:46.000000000 +0000
+++ webkit2gtk-2.16.2/Source/JavaScriptCore/heap/MachineStackMarker.cpp	2017-04-04 15:34:55.000000000 +0000
@@ -33,6 +33,7 @@
 #include <setjmp.h>
 #include <stdlib.h>
 #include <wtf/MainThread.h>
+#include <wtf/NeverDestroyed.h>
 #include <wtf/StdLibExtras.h>
 
 #if OS(DARWIN)
@@ -69,14 +70,14 @@
 // We use SIGUSR2 to suspend and resume machine threads in JavaScriptCore.
 static const int SigThreadSuspendResume = SIGUSR2;
 static StaticLock globalSignalLock;
-thread_local static std::atomic<JSC::MachineThreads::Thread*> threadLocalCurrentThread;
+thread_local static std::atomic<JSC::MachineThreads::ThreadData*> threadLocalCurrentThread { nullptr };
 
 static void pthreadSignalHandlerSuspendResume(int, siginfo_t*, void* ucontext)
 {
     // Touching thread local atomic types from signal handlers is allowed.
-    JSC::MachineThreads::Thread* thread = threadLocalCurrentThread.load();
+    JSC::MachineThreads::ThreadData* threadData = threadLocalCurrentThread.load();
 
-    if (thread->suspended.load(std::memory_order_acquire)) {
+    if (threadData->suspended.load(std::memory_order_acquire)) {
         // This is signal handler invocation that is intended to be used to resume sigsuspend.
         // So this handler invocation itself should not process.
         //
@@ -88,9 +89,9 @@
 
     ucontext_t* userContext = static_cast<ucontext_t*>(ucontext);
 #if CPU(PPC)
-    thread->suspendedMachineContext = *userContext->uc_mcontext.uc_regs;
+    threadData->suspendedMachineContext = *userContext->uc_mcontext.uc_regs;
 #else
-    thread->suspendedMachineContext = userContext->uc_mcontext;
+    threadData->suspendedMachineContext = userContext->uc_mcontext;
 #endif
 
     // Allow suspend caller to see that this thread is suspended.
@@ -99,7 +100,7 @@
     //
     // And sem_post emits memory barrier that ensures that suspendedMachineContext is correctly saved.
     // http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_11
-    sem_post(&thread->semaphoreForSuspendResume);
+    sem_post(&threadData->semaphoreForSuspendResume);
 
     // Reaching here, SigThreadSuspendResume is blocked in this handler (this is configured by sigaction's sa_mask).
     // So before calling sigsuspend, SigThreadSuspendResume to this thread is deferred. This ensures that the handler is not executed recursively.
@@ -109,7 +110,7 @@
     sigsuspend(&blockedSignalSet);
 
     // Allow resume caller to see that this thread is resumed.
-    sem_post(&thread->semaphoreForSuspendResume);
+    sem_post(&threadData->semaphoreForSuspendResume);
 }
 #endif // USE(PTHREADS) && !OS(WINDOWS) && !OS(DARWIN)
 
@@ -215,18 +216,29 @@
     }
 }
 
+static MachineThreads::ThreadData* threadData()
+{
+    static NeverDestroyed<ThreadSpecific<MachineThreads::ThreadData, CanBeGCThread::True>> threadData;
+    return threadData.get();
+}
+
+MachineThreads::Thread::Thread(ThreadData* threadData)
+    : data(threadData)
+{
+    ASSERT(threadData);
+}
+
 Thread* MachineThreads::Thread::createForCurrentThread()
 {
-    auto stackBounds = wtfThreadData().stack();
-    return new Thread(getCurrentPlatformThread(), stackBounds.origin(), stackBounds.end());
+    return new Thread(threadData());
 }
 
 bool MachineThreads::Thread::operator==(const PlatformThread& other) const
 {
 #if OS(DARWIN) || OS(WINDOWS)
-    return platformThread == other;
+    return data->platformThread == other;
 #elif USE(PTHREADS)
-    return !!pthread_equal(platformThread, other);
+    return !!pthread_equal(data->platformThread, other);
 #else
 #error Need a way to compare threads on this platform
 #endif
@@ -325,11 +337,13 @@
     conservativeRoots.add(currentThreadState.stackTop, currentThreadState.stackOrigin, jitStubRoutines, codeBlocks);
 }
 
-MachineThreads::Thread::Thread(const PlatformThread& platThread, void* base, void* end)
-    : platformThread(platThread)
-    , stackBase(base)
-    , stackEnd(end)
+MachineThreads::ThreadData::ThreadData()
 {
+    auto stackBounds = wtfThreadData().stack();
+    platformThread = getCurrentPlatformThread();
+    stackBase = stackBounds.origin();
+    stackEnd = stackBounds.end();
+
 #if OS(WINDOWS)
     ASSERT(platformThread == GetCurrentThreadId());
     bool isSuccessful =
@@ -362,7 +376,7 @@
 #endif
 }
 
-MachineThreads::Thread::~Thread()
+MachineThreads::ThreadData::~ThreadData()
 {
 #if OS(WINDOWS)
     CloseHandle(platformThreadHandle);
@@ -371,7 +385,7 @@
 #endif
 }
 
-bool MachineThreads::Thread::suspend()
+bool MachineThreads::ThreadData::suspend()
 {
 #if OS(DARWIN)
     kern_return_t result = thread_suspend(platformThread);
@@ -408,7 +422,7 @@
 #endif
 }
 
-void MachineThreads::Thread::resume()
+void MachineThreads::ThreadData::resume()
 {
 #if OS(DARWIN)
     thread_resume(platformThread);
@@ -439,9 +453,9 @@
 #endif
 }
 
-size_t MachineThreads::Thread::getRegisters(Thread::Registers& registers)
+size_t MachineThreads::ThreadData::getRegisters(ThreadData::Registers& registers)
 {
-    Thread::Registers::PlatformRegisters& regs = registers.regs;
+    ThreadData::Registers::PlatformRegisters& regs = registers.regs;
 #if OS(DARWIN)
 #if CPU(X86)
     unsigned user_count = sizeof(regs)/sizeof(int);
@@ -496,7 +510,7 @@
 #endif
 }
 
-void* MachineThreads::Thread::Registers::stackPointer() const
+void* MachineThreads::ThreadData::Registers::stackPointer() const
 {
 #if OS(DARWIN)
 
@@ -601,7 +615,7 @@
 }
 
 #if ENABLE(SAMPLING_PROFILER)
-void* MachineThreads::Thread::Registers::framePointer() const
+void* MachineThreads::ThreadData::Registers::framePointer() const
 {
 #if OS(DARWIN)
 
@@ -684,7 +698,7 @@
 #endif
 }
 
-void* MachineThreads::Thread::Registers::instructionPointer() const
+void* MachineThreads::ThreadData::Registers::instructionPointer() const
 {
 #if OS(DARWIN)
 
@@ -765,7 +779,8 @@
 #error Need a way to get the instruction pointer for another thread on this platform
 #endif
 }
-void* MachineThreads::Thread::Registers::llintPC() const
+
+void* MachineThreads::ThreadData::Registers::llintPC() const
 {
     // LLInt uses regT4 as PC.
 #if OS(DARWIN)
@@ -858,9 +873,9 @@
 }
 #endif // ENABLE(SAMPLING_PROFILER)
 
-void MachineThreads::Thread::freeRegisters(Thread::Registers& registers)
+void MachineThreads::ThreadData::freeRegisters(ThreadData::Registers& registers)
 {
-    Thread::Registers::PlatformRegisters& regs = registers.regs;
+    ThreadData::Registers::PlatformRegisters& regs = registers.regs;
 #if USE(PTHREADS) && !OS(WINDOWS) && !OS(DARWIN)
     pthread_attr_destroy(&regs.attribute);
 #else
@@ -883,7 +898,7 @@
     return redZoneAdjustment;
 }
 
-std::pair<void*, size_t> MachineThreads::Thread::captureStack(void* stackTop)
+std::pair<void*, size_t> MachineThreads::ThreadData::captureStack(void* stackTop)
 {
     char* begin = reinterpret_cast_ptr<char*>(stackBase);
     char* end = bitwise_cast<char*>(WTF::roundUpToMultipleOf<sizeof(void*)>(reinterpret_cast<uintptr_t>(stackTop)));
@@ -971,12 +986,12 @@
                 }
                 
                 // Re-do the suspension to get the actual failure result for logging.
-                kern_return_t error = thread_suspend(thread->platformThread);
+                kern_return_t error = thread_suspend(thread->platformThread());
                 ASSERT(error != KERN_SUCCESS);
 
                 WTFReportError(__FILE__, __LINE__, WTF_PRETTY_FUNCTION,
                     "JavaScript garbage collection encountered an invalid thread (err 0x%x): Thread [%d/%d: %p] platformThread %p.",
-                    error, index, numberOfThreads, thread, reinterpret_cast<void*>(thread->platformThread));
+                    error, index, numberOfThreads, thread, reinterpret_cast<void*>(thread->platformThread()));
 
                 // Put the invalid thread on the threadsToBeDeleted list.
                 // We can't just delete it here because we have suspended other
diff -Nru webkit2gtk-2.16.1/Source/JavaScriptCore/heap/MachineStackMarker.h webkit2gtk-2.16.2/Source/JavaScriptCore/heap/MachineStackMarker.h
--- webkit2gtk-2.16.1/Source/JavaScriptCore/heap/MachineStackMarker.h	2017-04-03 14:00:46.000000000 +0000
+++ webkit2gtk-2.16.2/Source/JavaScriptCore/heap/MachineStackMarker.h	2017-04-04 15:23:50.000000000 +0000
@@ -74,14 +74,13 @@
 
     JS_EXPORT_PRIVATE void addCurrentThread(); // Only needs to be called by clients that can use the same heap from multiple threads.
 
-    class Thread {
+    class ThreadData {
         WTF_MAKE_FAST_ALLOCATED;
-        Thread(const PlatformThread& platThread, void* base, void* end);
-
     public:
-        ~Thread();
+        ThreadData();
+        ~ThreadData();
 
-        static Thread* createForCurrentThread();
+        static ThreadData* createForCurrentThread();
 
         struct Registers {
             void* stackPointer() const;
@@ -118,12 +117,9 @@
 #else
 #error Need a thread register struct for this platform
 #endif
-            
+
             PlatformRegisters regs;
         };
-        
-        bool operator==(const PlatformThread& other) const;
-        bool operator!=(const PlatformThread& other) const { return !(*this == other); }
 
         bool suspend();
         void resume();
@@ -131,7 +127,6 @@
         void freeRegisters(Registers&);
         std::pair<void*, size_t> captureStack(void* stackTop);
 
-        Thread* next;
         PlatformThread platformThread;
         void* stackBase;
         void* stackEnd;
@@ -145,6 +140,32 @@
 #endif
     };
 
+    class Thread {
+        WTF_MAKE_FAST_ALLOCATED;
+        Thread(ThreadData*);
+
+    public:
+        using Registers = ThreadData::Registers;
+
+        static Thread* createForCurrentThread();
+
+        bool operator==(const PlatformThread& other) const;
+        bool operator!=(const PlatformThread& other) const { return !(*this == other); }
+
+        bool suspend() { return data->suspend(); }
+        void resume() { data->resume(); }
+        size_t getRegisters(Registers& regs) { return data->getRegisters(regs); }
+        void freeRegisters(Registers& regs) { data->freeRegisters(regs); }
+        std::pair<void*, size_t> captureStack(void* stackTop) { return data->captureStack(stackTop); }
+
+        const PlatformThread& platformThread() { return data->platformThread; }
+        void* stackBase() const { return data->stackBase; }
+        void* stackEnd() const { return data->stackEnd; }
+
+        Thread* next;
+        ThreadData* data;
+    };
+
     Lock& getLock() { return m_registeredThreadsMutex; }
     Thread* threadsListHead(const LockHolder&) const { ASSERT(m_registeredThreadsMutex.isLocked()); return m_registeredThreads; }
     Thread* machineThreadForCurrentThread();
diff -Nru webkit2gtk-2.16.1/Source/JavaScriptCore/offlineasm/arm.rb webkit2gtk-2.16.2/Source/JavaScriptCore/offlineasm/arm.rb
--- webkit2gtk-2.16.1/Source/JavaScriptCore/offlineasm/arm.rb	2017-02-20 16:20:12.000000000 +0000
+++ webkit2gtk-2.16.2/Source/JavaScriptCore/offlineasm/arm.rb	2017-05-08 16:57:13.000000000 +0000
@@ -94,6 +94,7 @@
 ARM_EXTRA_GPRS = [SpecialRegister.new("r6"), SpecialRegister.new("r10"), SpecialRegister.new("r12")]
 ARM_EXTRA_FPRS = [SpecialRegister.new("d7")]
 ARM_SCRATCH_FPR = SpecialRegister.new("d6")
+OS_DARWIN = ((RUBY_PLATFORM =~ /darwin/i) != nil)
 
 def armMoveImmediate(value, register)
     # Currently we only handle the simple cases, and fall back to mov/movt for the complex ones.
@@ -568,7 +569,11 @@
             end
         when "call"
             if operands[0].label?
-                $asm.puts "blx #{operands[0].asmLabel}"
+                if OS_DARWIN
+                    $asm.puts "blx #{operands[0].asmLabel}"
+                else
+                    $asm.puts "bl #{operands[0].asmLabel}"
+                end
             else
                 $asm.puts "blx #{operands[0].armOperand}"
             end
diff -Nru webkit2gtk-2.16.1/Source/JavaScriptCore/runtime/DateConversion.cpp webkit2gtk-2.16.2/Source/JavaScriptCore/runtime/DateConversion.cpp
--- webkit2gtk-2.16.1/Source/JavaScriptCore/runtime/DateConversion.cpp	2017-02-20 16:20:13.000000000 +0000
+++ webkit2gtk-2.16.2/Source/JavaScriptCore/runtime/DateConversion.cpp	2017-05-08 13:38:20.000000000 +0000
@@ -107,7 +107,8 @@
 #if OS(WINDOWS)
             TIME_ZONE_INFORMATION timeZoneInformation;
             GetTimeZoneInformation(&timeZoneInformation);
-            const WCHAR* timeZoneName = t.isDST() ? timeZoneInformation.DaylightName : timeZoneInformation.StandardName;
+            const WCHAR* winTimeZoneName = t.isDST() ? timeZoneInformation.DaylightName : timeZoneInformation.StandardName;
+            String timeZoneName(reinterpret_cast<const UChar*>(winTimeZoneName));
 #else
             struct tm gtm = t;
             char timeZoneName[70];
@@ -115,11 +116,7 @@
 #endif
             if (timeZoneName[0]) {
                 builder.appendLiteral(" (");
-#if OS(WINDOWS)
-                builder.append(String(timeZoneName));
-#else
                 builder.append(timeZoneName);
-#endif
                 builder.append(')');
             }
         }
diff -Nru webkit2gtk-2.16.1/Source/JavaScriptCore/runtime/MathCommon.cpp webkit2gtk-2.16.2/Source/JavaScriptCore/runtime/MathCommon.cpp
--- webkit2gtk-2.16.1/Source/JavaScriptCore/runtime/MathCommon.cpp	2017-02-20 16:20:13.000000000 +0000
+++ webkit2gtk-2.16.2/Source/JavaScriptCore/runtime/MathCommon.cpp	2017-05-08 08:07:21.000000000 +0000
@@ -469,67 +469,7 @@
 
 int32_t JIT_OPERATION operationToInt32SensibleSlow(double number)
 {
-    // This function is specialized `operationToInt32` for the slow case of
-    // the sensible double-to-int32 operation. It is available in x86.
-    //
-    // In the sensible double-to-int32, first we attempt to truncate the
-    // double value to int32 by using cvttsd2si_rr.
-    // According to the Intel's manual, cvttsd2si perform the following truncate
-    // operation.
-    //
-    // If src = NaN, +-Inf, or |(src)rz| > 0x7fffffff and (src)rz != 0x80000000,
-    // the result becomes 0x80000000. Otherwise, the operation succeeds.
-    // Note that ()rz is rouding towards zero.
-    //
-    // We call this slow case function when the above cvttsd2si fails. We check
-    // this condition by performing `result == 0x80000000`. So this function only
-    // accepts the following numbers.
-    //
-    //     NaN, +-Inf, |(src)rz| > 0x7fffffff.
-    //
-    // As a result, the exp of the double is always >= 31.
-    // This condition simplifies and speeds up the toInt32 implementation.
-    int64_t bits = WTF::bitwise_cast<int64_t>(number);
-    int32_t exp = (static_cast<int32_t>(bits >> 52) & 0x7ff) - 0x3ff;
-
-    // If exponent < 0 there will be no bits to the left of the decimal point
-    // after rounding; if the exponent is > 83 then no bits of precision can be
-    // left in the low 32-bit range of the result (IEEE-754 doubles have 52 bits
-    // of fractional precision).
-    // Note this case handles 0, -0, and all infinite, NaN, & denormal value.
-
-    // If exp < 0, truncate operation succeeds. So this function does not
-    // encounter that case. If exp > 83, it means exp >= 84. In that case,
-    // the following operation produces 0 for the result.
-    ASSERT(exp >= 0);
-
-    // Select the appropriate 32-bits from the floating point mantissa. If the
-    // exponent is 52 then the bits we need to select are already aligned to the
-    // lowest bits of the 64-bit integer representation of the number, no need
-    // to shift. If the exponent is greater than 52 we need to shift the value
-    // left by (exp - 52), if the value is less than 52 we need to shift right
-    // accordingly.
-    int32_t result = (exp > 52)
-        ? static_cast<int32_t>(bits << (exp - 52))
-        : static_cast<int32_t>(bits >> (52 - exp));
-
-    // IEEE-754 double precision values are stored omitting an implicit 1 before
-    // the decimal point; we need to reinsert this now. We may also the shifted
-    // invalid bits into the result that are not a part of the mantissa (the sign
-    // and exponent bits from the floatingpoint representation); mask these out.
-    //
-    // The important observation is that exp is always >= 31. So the above case
-    // is needed to be cared only when the exp == 31.
-    ASSERT(exp >= 31);
-    if (exp == 31) {
-        int32_t missingOne = 1 << exp;
-        result &= (missingOne - 1);
-        result += missingOne;
-    }
-
-    // If the input value was negative (we could test either 'number' or 'bits',
-    // but testing 'bits' is likely faster) invert the result appropriately.
-    return bits < 0 ? -result : result;
+    return toInt32Internal<ToInt32Mode::AfterSensibleConversionAttempt>(number);
 }
 
 #if HAVE(ARM_IDIV_INSTRUCTIONS)
diff -Nru webkit2gtk-2.16.1/Source/JavaScriptCore/runtime/MathCommon.h webkit2gtk-2.16.2/Source/JavaScriptCore/runtime/MathCommon.h
--- webkit2gtk-2.16.1/Source/JavaScriptCore/runtime/MathCommon.h	2017-02-20 16:20:13.000000000 +0000
+++ webkit2gtk-2.16.2/Source/JavaScriptCore/runtime/MathCommon.h	2017-05-08 08:07:21.000000000 +0000
@@ -73,9 +73,14 @@
 //
 // The operation can be described as round towards zero, then select the 32 least
 // bits of the resulting value in 2s-complement representation.
-ALWAYS_INLINE int32_t toInt32(double number)
+enum ToInt32Mode {
+    Generic,
+    AfterSensibleConversionAttempt,
+};
+template<ToInt32Mode Mode>
+ALWAYS_INLINE int32_t toInt32Internal(double number)
 {
-    int64_t bits = WTF::bitwise_cast<int64_t>(number);
+    uint64_t bits = WTF::bitwise_cast<uint64_t>(number);
     int32_t exp = (static_cast<int32_t>(bits >> 52) & 0x7ff) - 0x3ff;
 
     // If exponent < 0 there will be no bits to the left of the decimal point
@@ -83,7 +88,14 @@
     // left in the low 32-bit range of the result (IEEE-754 doubles have 52 bits
     // of fractional precision).
     // Note this case handles 0, -0, and all infinite, NaN, & denormal value.
-    if (exp < 0 || exp > 83)
+
+    // We need to check exp > 83 because:
+    // 1. exp may be used as a left shift value below in (exp - 52), and
+    // 2. Left shift amounts that exceed 31 results in undefined behavior. See:
+    //    http://en.cppreference.com/w/cpp/language/operator_arithmetic#Bitwise_shift_operators
+    //
+    // Using an unsigned comparison here also gives us a exp < 0 check for free.
+    if (static_cast<uint32_t>(exp) > 83u)
         return 0;
 
     // Select the appropriate 32-bits from the floating point mantissa. If the
@@ -92,23 +104,61 @@
     // to shift. If the exponent is greater than 52 we need to shift the value
     // left by (exp - 52), if the value is less than 52 we need to shift right
     // accordingly.
-    int32_t result = (exp > 52)
-        ? static_cast<int32_t>(bits << (exp - 52))
-        : static_cast<int32_t>(bits >> (52 - exp));
+    uint32_t result = (exp > 52)
+        ? static_cast<uint32_t>(bits << (exp - 52))
+        : static_cast<uint32_t>(bits >> (52 - exp));
 
     // IEEE-754 double precision values are stored omitting an implicit 1 before
     // the decimal point; we need to reinsert this now. We may also the shifted
     // invalid bits into the result that are not a part of the mantissa (the sign
     // and exponent bits from the floatingpoint representation); mask these out.
-    if (exp < 32) {
-        int32_t missingOne = 1 << exp;
-        result &= missingOne - 1;
-        result += missingOne;
+    // Note that missingOne should be held as uint32_t since ((1 << 31) - 1) causes
+    // int32_t overflow.
+    if (Mode == ToInt32Mode::AfterSensibleConversionAttempt) {
+        if (exp == 31) {
+            // This is an optimization for when toInt32() is called in the slow path
+            // of a JIT operation. Currently, this optimization is only applicable for
+            // x86 ports. This optimization offers 5% performance improvement in
+            // kraken-crypto-pbkdf2.
+            //
+            // On x86, the fast path does a sensible double-to-int32 conversion, by
+            // first attempting to truncate the double value to int32 using the
+            // cvttsd2si_rr instruction. According to Intel's manual, cvttsd2si performs
+            // the following truncate operation:
+            //
+            //     If src = NaN, +-Inf, or |(src)rz| > 0x7fffffff and (src)rz != 0x80000000,
+            //     then the result becomes 0x80000000. Otherwise, the operation succeeds.
+            //
+            // Note that the ()rz notation means rounding towards zero.
+            // We'll call the slow case function only when the above cvttsd2si fails. The
+            // JIT code checks for fast path failure by checking if result == 0x80000000.
+            // Hence, the slow path will only see the following possible set of numbers:
+            //
+            //     NaN, +-Inf, or |(src)rz| > 0x7fffffff.
+            //
+            // As a result, the exp of the double is always >= 31. We can take advantage
+            // of this by specifically checking for (exp == 31) and give the compiler a
+            // chance to constant fold the operations below.
+            const constexpr uint32_t missingOne = 1U << 31;
+            result &= missingOne - 1;
+            result += missingOne;
+        }
+    } else {
+        if (exp < 32) {
+            const uint32_t missingOne = 1U << exp;
+            result &= missingOne - 1;
+            result += missingOne;
+        }
     }
 
     // If the input value was negative (we could test either 'number' or 'bits',
     // but testing 'bits' is likely faster) invert the result appropriately.
-    return bits < 0 ? -result : result;
+    return static_cast<int64_t>(bits) < 0 ? -static_cast<int32_t>(result) : static_cast<int32_t>(result);
+}
+
+ALWAYS_INLINE int32_t toInt32(double number)
+{
+    return toInt32Internal<ToInt32Mode::Generic>(number);
 }
 
 // This implements ToUInt32, defined in ECMA-262 9.6.
diff -Nru webkit2gtk-2.16.1/Source/JavaScriptCore/runtime/SamplingProfiler.cpp webkit2gtk-2.16.2/Source/JavaScriptCore/runtime/SamplingProfiler.cpp
--- webkit2gtk-2.16.1/Source/JavaScriptCore/runtime/SamplingProfiler.cpp	2017-04-03 13:58:30.000000000 +0000
+++ webkit2gtk-2.16.2/Source/JavaScriptCore/runtime/SamplingProfiler.cpp	2017-04-04 15:23:50.000000000 +0000
@@ -169,8 +169,8 @@
     {
         uint8_t* fpCast = bitwise_cast<uint8_t*>(exec);
         for (MachineThreads::Thread* thread = m_vm.heap.machineThreads().threadsListHead(m_machineThreadsLocker); thread; thread = thread->next) {
-            uint8_t* stackBase = static_cast<uint8_t*>(thread->stackBase);
-            uint8_t* stackLimit = static_cast<uint8_t*>(thread->stackEnd);
+            uint8_t* stackBase = static_cast<uint8_t*>(thread->stackBase());
+            uint8_t* stackLimit = static_cast<uint8_t*>(thread->stackEnd());
             RELEASE_ASSERT(stackBase);
             RELEASE_ASSERT(stackLimit);
             if (fpCast <= stackBase && fpCast >= stackLimit)
diff -Nru webkit2gtk-2.16.1/Source/WebCore/accessibility/AccessibilityRenderObject.cpp webkit2gtk-2.16.2/Source/WebCore/accessibility/AccessibilityRenderObject.cpp
--- webkit2gtk-2.16.1/Source/WebCore/accessibility/AccessibilityRenderObject.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/accessibility/AccessibilityRenderObject.cpp	2017-05-08 12:41:22.000000000 +0000
@@ -532,7 +532,9 @@
 
 bool AccessibilityRenderObject::isOffScreen() const
 {
-    ASSERT(m_renderer);
+    if (!m_renderer)
+        return true;
+
     IntRect contentRect = snappedIntRect(m_renderer->absoluteClippedOverflowRect());
     // FIXME: unclear if we need LegacyIOSDocumentVisibleRect.
     IntRect viewRect = m_renderer->view().frameView().visibleContentRect(ScrollableArea::LegacyIOSDocumentVisibleRect);
@@ -1570,12 +1572,18 @@
 
 bool AccessibilityRenderObject::isUnvisited() const
 {
+    if (!m_renderer)
+        return true;
+
     // FIXME: Is it a privacy violation to expose unvisited information to accessibility APIs?
     return m_renderer->style().isLink() && m_renderer->style().insideLink() == InsideUnvisitedLink;
 }
 
 bool AccessibilityRenderObject::isVisited() const
 {
+    if (!m_renderer)
+        return false;
+
     // FIXME: Is it a privacy violation to expose visited information to accessibility APIs?
     return m_renderer->style().isLink() && m_renderer->style().insideLink() == InsideVisitedLink;
 }
@@ -2434,6 +2442,9 @@
 
 void AccessibilityRenderObject::handleAriaExpandedChanged()
 {
+    // This object might be deleted under the call to the parentObject() method.
+    auto protectedThis = makeRef(*this);
+    
     // Find if a parent of this object should handle aria-expanded changes.
     AccessibilityObject* containerParent = this->parentObject();
     while (containerParent) {
diff -Nru webkit2gtk-2.16.1/Source/WebCore/accessibility/AXObjectCache.cpp webkit2gtk-2.16.2/Source/WebCore/accessibility/AXObjectCache.cpp
--- webkit2gtk-2.16.1/Source/WebCore/accessibility/AXObjectCache.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/accessibility/AXObjectCache.cpp	2017-05-08 15:45:34.000000000 +0000
@@ -2684,6 +2684,8 @@
 
 void AXObjectCache::recomputeDeferredIsIgnored(RenderBlock& renderer)
 {
+    if (renderer.beingDestroyed())
+        return;
     m_deferredIsIgnoredChangeList.add(&renderer);
 }
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/bindings/js/JSEventListener.cpp webkit2gtk-2.16.2/Source/WebCore/bindings/js/JSEventListener.cpp
--- webkit2gtk-2.16.1/Source/WebCore/bindings/js/JSEventListener.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/bindings/js/JSEventListener.cpp	2017-05-08 08:48:23.000000000 +0000
@@ -1,6 +1,6 @@
 /*
  *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
- *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2013 Apple Inc. All Rights Reserved.
+ *  Copyright (C) 2003-2017 Apple Inc. All Rights Reserved.
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
@@ -47,7 +47,7 @@
     : EventListener(JSEventListenerType)
     , m_wrapper(wrapper)
     , m_isAttribute(isAttribute)
-    , m_isolatedWorld(&isolatedWorld)
+    , m_isolatedWorld(isolatedWorld)
 {
     if (wrapper) {
         JSC::Heap::heap(wrapper)->writeBarrier(wrapper, function);
@@ -62,7 +62,7 @@
 
 JSObject* JSEventListener::initializeJSFunction(ScriptExecutionContext*) const
 {
-    return 0;
+    return nullptr;
 }
 
 void JSEventListener::visitJSFunction(SlotVisitor& visitor)
@@ -101,7 +101,7 @@
     if (!jsFunction)
         return;
 
-    JSDOMGlobalObject* globalObject = toJSDOMGlobalObject(scriptExecutionContext, *m_isolatedWorld);
+    JSDOMGlobalObject* globalObject = toJSDOMGlobalObject(scriptExecutionContext, m_isolatedWorld);
     if (!globalObject)
         return;
 
@@ -216,31 +216,31 @@
     return JSEventListener::create(asObject(listener), &wrapper, true, currentWorld(&state));
 }
 
-JSC::JSValue eventHandlerAttribute(EventTarget& target, const AtomicString& eventType)
+JSC::JSValue eventHandlerAttribute(EventTarget& target, const AtomicString& eventType, DOMWrapperWorld& isolatedWorld)
 {
-    return eventHandlerAttribute(target.attributeEventListener(eventType), *target.scriptExecutionContext());
+    return eventHandlerAttribute(target.attributeEventListener(eventType, isolatedWorld), *target.scriptExecutionContext());
 }
 
 void setEventHandlerAttribute(JSC::ExecState& state, JSC::JSObject& wrapper, EventTarget& target, const AtomicString& eventType, JSC::JSValue value)
 {
-    target.setAttributeEventListener(eventType, createEventListenerForEventHandlerAttribute(state, value, wrapper));
+    target.setAttributeEventListener(eventType, createEventListenerForEventHandlerAttribute(state, value, wrapper), currentWorld(&state));
 }
 
-JSC::JSValue windowEventHandlerAttribute(HTMLElement& element, const AtomicString& eventType)
+JSC::JSValue windowEventHandlerAttribute(HTMLElement& element, const AtomicString& eventType, DOMWrapperWorld& isolatedWorld)
 {
     auto& document = element.document();
-    return eventHandlerAttribute(document.getWindowAttributeEventListener(eventType), document);
+    return eventHandlerAttribute(document.getWindowAttributeEventListener(eventType, isolatedWorld), document);
 }
 
 void setWindowEventHandlerAttribute(JSC::ExecState& state, JSC::JSObject& wrapper, HTMLElement& element, const AtomicString& eventType, JSC::JSValue value)
 {
     ASSERT(wrapper.globalObject());
-    element.document().setWindowAttributeEventListener(eventType, createEventListenerForEventHandlerAttribute(state, value, *wrapper.globalObject()));
+    element.document().setWindowAttributeEventListener(eventType, createEventListenerForEventHandlerAttribute(state, value, *wrapper.globalObject()), currentWorld(&state));
 }
 
-JSC::JSValue windowEventHandlerAttribute(DOMWindow& window, const AtomicString& eventType)
+JSC::JSValue windowEventHandlerAttribute(DOMWindow& window, const AtomicString& eventType, DOMWrapperWorld& isolatedWorld)
 {
-    return eventHandlerAttribute(window, eventType);
+    return eventHandlerAttribute(window, eventType, isolatedWorld);
 }
 
 void setWindowEventHandlerAttribute(JSC::ExecState& state, JSC::JSObject& wrapper, DOMWindow& window, const AtomicString& eventType, JSC::JSValue value)
@@ -248,10 +248,10 @@
     setEventHandlerAttribute(state, wrapper, window, eventType, value);
 }
 
-JSC::JSValue documentEventHandlerAttribute(HTMLElement& element, const AtomicString& eventType)
+JSC::JSValue documentEventHandlerAttribute(HTMLElement& element, const AtomicString& eventType, DOMWrapperWorld& isolatedWorld)
 {
     auto& document = element.document();
-    return eventHandlerAttribute(document.attributeEventListener(eventType), document);
+    return eventHandlerAttribute(document.attributeEventListener(eventType, isolatedWorld), document);
 }
 
 void setDocumentEventHandlerAttribute(JSC::ExecState& state, JSC::JSObject& wrapper, HTMLElement& element, const AtomicString& eventType, JSC::JSValue value)
@@ -260,12 +260,12 @@
     auto& document = element.document();
     auto* documentWrapper = JSC::jsCast<JSDocument*>(toJS(&state, JSC::jsCast<JSDOMGlobalObject*>(wrapper.globalObject()), document));
     ASSERT(documentWrapper);
-    document.setAttributeEventListener(eventType, createEventListenerForEventHandlerAttribute(state, value, *documentWrapper));
+    document.setAttributeEventListener(eventType, createEventListenerForEventHandlerAttribute(state, value, *documentWrapper), currentWorld(&state));
 }
 
-JSC::JSValue documentEventHandlerAttribute(Document& document, const AtomicString& eventType)
+JSC::JSValue documentEventHandlerAttribute(Document& document, const AtomicString& eventType, DOMWrapperWorld& isolatedWorld)
 {
-    return eventHandlerAttribute(document, eventType);
+    return eventHandlerAttribute(document, eventType, isolatedWorld);
 }
 
 void setDocumentEventHandlerAttribute(JSC::ExecState& state, JSC::JSObject& wrapper, Document& document, const AtomicString& eventType, JSC::JSValue value)
diff -Nru webkit2gtk-2.16.1/Source/WebCore/bindings/js/JSEventListener.h webkit2gtk-2.16.2/Source/WebCore/bindings/js/JSEventListener.h
--- webkit2gtk-2.16.1/Source/WebCore/bindings/js/JSEventListener.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/bindings/js/JSEventListener.h	2017-05-08 08:48:20.000000000 +0000
@@ -1,6 +1,6 @@
 /*
  *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
- *  Copyright (C) 2003, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003-2017 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
@@ -25,6 +25,7 @@
 #include <heap/Weak.h>
 #include <heap/WeakInlines.h>
 #include <wtf/Ref.h>
+#include <wtf/TypeCasts.h>
 #include <wtf/text/TextPosition.h>
 #include <wtf/text/WTFString.h>
 
@@ -54,7 +55,7 @@
     {
         return listener->type() == JSEventListenerType
             ? static_cast<const JSEventListener*>(listener)
-            : 0;
+            : nullptr;
     }
 
     virtual ~JSEventListener();
@@ -65,7 +66,7 @@
     bool isAttribute() const { return m_isAttribute; }
 
     JSC::JSObject* jsFunction(ScriptExecutionContext*) const;
-    DOMWrapperWorld& isolatedWorld() const { return *m_isolatedWorld; }
+    DOMWrapperWorld& isolatedWorld() const { return m_isolatedWorld; }
 
     JSC::JSObject* wrapper() const { return m_wrapper.get(); }
     void setWrapper(JSC::VM&, JSC::JSObject* wrapper) const { m_wrapper = JSC::Weak<JSC::JSObject>(wrapper); }
@@ -87,23 +88,23 @@
     mutable JSC::Weak<JSC::JSObject> m_wrapper;
 
     bool m_isAttribute;
-    RefPtr<DOMWrapperWorld> m_isolatedWorld;
+    Ref<DOMWrapperWorld> m_isolatedWorld;
 };
 
 // For "onxxx" attributes that automatically set up JavaScript event listeners.
-JSC::JSValue eventHandlerAttribute(EventTarget&, const AtomicString& eventType);
+JSC::JSValue eventHandlerAttribute(EventTarget&, const AtomicString& eventType, DOMWrapperWorld&);
 void setEventHandlerAttribute(JSC::ExecState&, JSC::JSObject&, EventTarget&, const AtomicString& eventType, JSC::JSValue);
 
 // Like the functions above, but for attributes that forward event handlers to the window object rather than setting them on the target.
-JSC::JSValue windowEventHandlerAttribute(HTMLElement&, const AtomicString& eventType);
+JSC::JSValue windowEventHandlerAttribute(HTMLElement&, const AtomicString& eventType, DOMWrapperWorld&);
 void setWindowEventHandlerAttribute(JSC::ExecState&, JSC::JSObject&, HTMLElement&, const AtomicString& eventType, JSC::JSValue);
-JSC::JSValue windowEventHandlerAttribute(DOMWindow&, const AtomicString& eventType);
+JSC::JSValue windowEventHandlerAttribute(DOMWindow&, const AtomicString& eventType, DOMWrapperWorld&);
 void setWindowEventHandlerAttribute(JSC::ExecState&, JSC::JSObject&, DOMWindow&, const AtomicString& eventType, JSC::JSValue);
 
 // Like the functions above, but for attributes that forward event handlers to the document rather than setting them on the target.
-JSC::JSValue documentEventHandlerAttribute(HTMLElement&, const AtomicString& eventType);
+JSC::JSValue documentEventHandlerAttribute(HTMLElement&, const AtomicString& eventType, DOMWrapperWorld&);
 void setDocumentEventHandlerAttribute(JSC::ExecState&, JSC::JSObject&, HTMLElement&, const AtomicString& eventType, JSC::JSValue);
-JSC::JSValue documentEventHandlerAttribute(Document&, const AtomicString& eventType);
+JSC::JSValue documentEventHandlerAttribute(Document&, const AtomicString& eventType, DOMWrapperWorld&);
 void setDocumentEventHandlerAttribute(JSC::ExecState&, JSC::JSObject&, Document&, const AtomicString& eventType, JSC::JSValue);
 
 inline JSC::JSObject* JSEventListener::jsFunction(ScriptExecutionContext* scriptExecutionContext) const
@@ -128,7 +129,7 @@
 
     // If m_wrapper is 0, then m_jsFunction is zombied, and should never be accessed.
     if (!m_wrapper)
-        return 0;
+        return nullptr;
 
     // Try to verify that m_jsFunction wasn't recycled. (Not exact, since an
     // event listener can be almost anything, but this makes test-writing easier).
@@ -138,3 +139,7 @@
 }
 
 } // namespace WebCore
+
+SPECIALIZE_TYPE_TRAITS_BEGIN(WebCore::JSEventListener)
+static bool isType(const WebCore::EventListener& input) { return input.type() == WebCore::JSEventListener::JSEventListenerType; }
+SPECIALIZE_TYPE_TRAITS_END()
diff -Nru webkit2gtk-2.16.1/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm webkit2gtk-2.16.2/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
--- webkit2gtk-2.16.1/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm	2017-03-13 11:14:02.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm	2017-05-08 08:25:45.000000000 +0000
@@ -3662,7 +3662,7 @@
                     : $attribute->extendedAttributes->{DocumentEventHandler} ? "documentEventHandlerAttribute"
                     : "eventHandlerAttribute";
                 my $eventName = EventHandlerAttributeEventName($attribute);
-                push(@implContent, "    return $getter(thisObject.wrapped(), $eventName);\n");
+                push(@implContent, "    return $getter(thisObject.wrapped(), $eventName, worldForDOMObject(&thisObject));\n");
             } elsif ($codeGenerator->IsConstructorType($attribute->type)) {
                 my $constructorType = $attribute->type->name;
                 $constructorType =~ s/Constructor$//;
@@ -3834,7 +3834,7 @@
                 # FIXME: Find a way to do this special case without hardcoding the class and attribute names here.
                 if ((($interfaceName eq "DOMWindow") or ($interfaceName eq "WorkerGlobalScope")) and $name eq "onerror") {
                     $implIncludes{"JSErrorHandler.h"} = 1;
-                    push(@implContent, "    thisObject.wrapped().setAttributeEventListener($eventName, createJSErrorHandler(&state, value, &thisObject));\n");
+                    push(@implContent, "    thisObject.wrapped().setAttributeEventListener($eventName, createJSErrorHandler(&state, value, &thisObject), worldForDOMObject(&thisObject));\n");
                 } else {
                     $implIncludes{"JSEventListener.h"} = 1;
                     my $setter = $attribute->extendedAttributes->{WindowEventHandler} ? "setWindowEventHandlerAttribute"
diff -Nru webkit2gtk-2.16.1/Source/WebCore/css/CSSCalculationValue.cpp webkit2gtk-2.16.2/Source/WebCore/css/CSSCalculationValue.cpp
--- webkit2gtk-2.16.1/Source/WebCore/css/CSSCalculationValue.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/css/CSSCalculationValue.cpp	2017-05-08 13:39:49.000000000 +0000
@@ -598,7 +598,8 @@
         if (unitCategory(type) == CalcOther)
             return false;
         
-        result->value = CSSCalcPrimitiveValue::create(CSSPrimitiveValue::create(token.numericValue(), type), token.numericValueType() == IntegerValueType);
+        bool isInteger = token.numericValueType() == IntegerValueType || (token.numericValueType() == NumberValueType && token.numericValue() == trunc(token.numericValue()));
+        result->value = CSSCalcPrimitiveValue::create(CSSPrimitiveValue::create(token.numericValue(), type), isInteger);
         
         return true;
     }
diff -Nru webkit2gtk-2.16.1/Source/WebCore/css/CSSComputedStyleDeclaration.cpp webkit2gtk-2.16.2/Source/WebCore/css/CSSComputedStyleDeclaration.cpp
--- webkit2gtk-2.16.1/Source/WebCore/css/CSSComputedStyleDeclaration.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/css/CSSComputedStyleDeclaration.cpp	2017-05-08 13:45:46.000000000 +0000
@@ -1190,11 +1190,18 @@
 
 static Ref<CSSValue> createTransitionPropertyValue(const Animation& animation)
 {
-    if (animation.animationMode() == Animation::AnimateNone)
+    switch (animation.animationMode()) {
+    case Animation::AnimateNone:
         return CSSValuePool::singleton().createIdentifierValue(CSSValueNone);
-    if (animation.animationMode() == Animation::AnimateAll)
+    case Animation::AnimateAll:
         return CSSValuePool::singleton().createIdentifierValue(CSSValueAll);
-    return CSSValuePool::singleton().createValue(getPropertyNameString(animation.property()), CSSPrimitiveValue::CSS_STRING);
+    case Animation::AnimateSingleProperty:
+        return CSSValuePool::singleton().createValue(getPropertyNameString(animation.property()), CSSPrimitiveValue::CSS_STRING);
+    case Animation::AnimateUnknownProperty:
+        return CSSValuePool::singleton().createValue(animation.unknownProperty(), CSSPrimitiveValue::CSS_STRING);
+    }
+    ASSERT_NOT_REACHED();
+    return CSSValuePool::singleton().createIdentifierValue(CSSValueNone);
 }
 
 static Ref<CSSValueList> transitionPropertyValue(const AnimationList* animationList)
diff -Nru webkit2gtk-2.16.1/Source/WebCore/css/CSSProperties.json webkit2gtk-2.16.2/Source/WebCore/css/CSSProperties.json
--- webkit2gtk-2.16.1/Source/WebCore/css/CSSProperties.json	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/css/CSSProperties.json	2017-05-08 07:10:14.000000000 +0000
@@ -2025,7 +2025,8 @@
                 "end"
             ],
             "codegen-properties": {
-                "converter": "TextAlign"
+                "converter": "TextAlign",
+                "custom": "Initial|Value"
             }
         },
         "text-anchor": {
diff -Nru webkit2gtk-2.16.1/Source/WebCore/css/CSSToStyleMap.cpp webkit2gtk-2.16.2/Source/WebCore/css/CSSToStyleMap.cpp
--- webkit2gtk-2.16.1/Source/WebCore/css/CSSToStyleMap.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/css/CSSToStyleMap.cpp	2017-05-08 13:45:44.000000000 +0000
@@ -443,13 +443,21 @@
     if (primitiveValue.valueID() == CSSValueAll) {
         animation.setAnimationMode(Animation::AnimateAll);
         animation.setProperty(CSSPropertyInvalid);
-    } else if (primitiveValue.valueID() == CSSValueNone) {
+        return;
+    }
+    if (primitiveValue.valueID() == CSSValueNone) {
         animation.setAnimationMode(Animation::AnimateNone);
         animation.setProperty(CSSPropertyInvalid);
-    } else if (primitiveValue.propertyID() != CSSPropertyInvalid) {
-        animation.setAnimationMode(Animation::AnimateSingleProperty);
-        animation.setProperty(primitiveValue.propertyID());
+        return;
+    }
+    if (primitiveValue.propertyID() == CSSPropertyInvalid) {
+        animation.setAnimationMode(Animation::AnimateUnknownProperty);
+        animation.setProperty(CSSPropertyInvalid);
+        animation.setUnknownProperty(primitiveValue.stringValue());
+        return;
     }
+    animation.setAnimationMode(Animation::AnimateSingleProperty);
+    animation.setProperty(primitiveValue.propertyID());
 }
 
 void CSSToStyleMap::mapAnimationTimingFunction(Animation& animation, const CSSValue& value)
diff -Nru webkit2gtk-2.16.1/Source/WebCore/css/parser/CSSSelectorParser.cpp webkit2gtk-2.16.2/Source/WebCore/css/parser/CSSSelectorParser.cpp
--- webkit2gtk-2.16.1/Source/WebCore/css/parser/CSSSelectorParser.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/css/parser/CSSSelectorParser.cpp	2017-05-08 08:55:40.000000000 +0000
@@ -257,7 +257,6 @@
     if (pseudo == CSSSelector::PseudoClassNot) {
         ASSERT(simpleSelector.selectorList());
         ASSERT(simpleSelector.selectorList()->first());
-        ASSERT(!simpleSelector.selectorList()->first()->tagHistory());
         pseudo = simpleSelector.selectorList()->first()->pseudoClassType();
     }
     return isPseudoClassValidAfterPseudoElement(pseudo, compoundPseudoElement);
diff -Nru webkit2gtk-2.16.1/Source/WebCore/css/StyleBuilderCustom.h webkit2gtk-2.16.2/Source/WebCore/css/StyleBuilderCustom.h
--- webkit2gtk-2.16.1/Source/WebCore/css/StyleBuilderCustom.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/css/StyleBuilderCustom.h	2017-05-08 07:09:11.000000000 +0000
@@ -127,6 +127,8 @@
     static void applyValueBaselineShift(StyleResolver&, CSSValue&);
     static void applyValueDirection(StyleResolver&, CSSValue&);
     static void applyValueVerticalAlign(StyleResolver&, CSSValue&);
+    static void applyInitialTextAlign(StyleResolver&);
+    static void applyValueTextAlign(StyleResolver&, CSSValue&);
 #if ENABLE(DASHBOARD_SUPPORT)
     static void applyValueWebkitDashboardRegion(StyleResolver&, CSSValue&);
 #endif
@@ -168,6 +170,18 @@
     styleResolver.style()->setHasExplicitlySetDirection(true);
 }
 
+inline void StyleBuilderCustom::applyInitialTextAlign(StyleResolver& styleResolver)
+{
+    styleResolver.style()->setTextAlign(RenderStyle::initialTextAlign());
+    styleResolver.style()->setHasExplicitlySetTextAlign(true);
+}
+
+inline void StyleBuilderCustom::applyValueTextAlign(StyleResolver& styleResolver, CSSValue& value)
+{
+    styleResolver.style()->setTextAlign(StyleBuilderConverter::convertTextAlign(styleResolver, value));
+    styleResolver.style()->setHasExplicitlySetTextAlign(true);
+}
+
 inline void StyleBuilderCustom::resetEffectiveZoom(StyleResolver& styleResolver)
 {
     // Reset the zoom in effect. This allows the setZoom method to accurately compute a new zoom in effect.
diff -Nru webkit2gtk-2.16.1/Source/WebCore/css/StyleResolver.cpp webkit2gtk-2.16.2/Source/WebCore/css/StyleResolver.cpp
--- webkit2gtk-2.16.1/Source/WebCore/css/StyleResolver.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/css/StyleResolver.cpp	2017-05-08 07:09:11.000000000 +0000
@@ -843,9 +843,11 @@
                 style.setFloating(NoFloat);
             }
 
-            // FIXME: We shouldn't be overriding start/-webkit-auto like this. Do it in html.css instead.
-            // Table headers with a text-align of -webkit-auto will change the text-align to center.
-            if (element->hasTagName(thTag) && style.textAlign() == TASTART)
+            // User agents are expected to have a rule in their user agent stylesheet that matches th elements that have a parent
+            // node whose computed value for the 'text-align' property is its initial value, whose declaration block consists of
+            // just a single declaration that sets the 'text-align' property to the value 'center'.
+            // https://html.spec.whatwg.org/multipage/rendering.html#rendering
+            if (element->hasTagName(thTag) && !style.hasExplicitlySetTextAlign() && parentStyle.textAlign() == RenderStyle::initialTextAlign())
                 style.setTextAlign(CENTER);
 
             if (element->hasTagName(legendTag))
diff -Nru webkit2gtk-2.16.1/Source/WebCore/dom/Attr.cpp webkit2gtk-2.16.2/Source/WebCore/dom/Attr.cpp
--- webkit2gtk-2.16.1/Source/WebCore/dom/Attr.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/dom/Attr.cpp	2017-05-08 10:58:04.000000000 +0000
@@ -26,6 +26,7 @@
 #include "AttributeChangeInvalidation.h"
 #include "Event.h"
 #include "ExceptionCode.h"
+#include "NoEventDispatchAssertion.h"
 #include "ScopedEventQueue.h"
 #include "StyleProperties.h"
 #include "StyledElement.h"
@@ -167,8 +168,10 @@
     } else
         m_standaloneValue = newValue;
 
-    if (m_element)
+    if (m_element) {
+        NoEventDispatchAssertion::DisableAssertionsInScope allowedScope;
         m_element->attributeChanged(qualifiedName(), oldValue, newValue);
+    }
 }
 
 CSSStyleDeclaration* Attr::style()
diff -Nru webkit2gtk-2.16.1/Source/WebCore/dom/CharacterData.cpp webkit2gtk-2.16.2/Source/WebCore/dom/CharacterData.cpp
--- webkit2gtk-2.16.1/Source/WebCore/dom/CharacterData.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/dom/CharacterData.cpp	2017-05-04 06:20:52.000000000 +0000
@@ -22,6 +22,7 @@
 #include "config.h"
 #include "CharacterData.h"
 
+#include "Attr.h"
 #include "ElementTraversal.h"
 #include "EventNames.h"
 #include "ExceptionCode.h"
@@ -208,7 +209,9 @@
 
 void CharacterData::notifyParentAfterChange(ContainerNode::ChildChangeSource source)
 {
-    NoEventDispatchAssertion assertNoEventDispatch;
+#if !ASSERT_DISABLED
+    auto assertNoEventDispatch = std::make_unique<NoEventDispatchAssertion>();
+#endif
 
     document().incDOMTreeVersion();
 
@@ -221,6 +224,13 @@
         ElementTraversal::nextSibling(*this),
         source
     };
+
+#if !ASSERT_DISABLED
+    // Attribute CharacterData is expected to fire events.
+    if (is<Attr>(*parentNode()))
+        assertNoEventDispatch = nullptr;
+#endif
+
     parentNode()->childrenChanged(change);
 }
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/dom/ComposedTreeIterator.cpp webkit2gtk-2.16.2/Source/WebCore/dom/ComposedTreeIterator.cpp
--- webkit2gtk-2.16.1/Source/WebCore/dom/ComposedTreeIterator.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/dom/ComposedTreeIterator.cpp	2017-05-08 17:37:49.000000000 +0000
@@ -179,10 +179,10 @@
 {
     while (context().iterator == context().end && m_contextStack.size() > 1) {
         m_contextStack.removeLast();
-        if (context().iterator == context().end)
-            return;
         if (is<HTMLSlotElement>(current()) && advanceInSlot(1))
             return;
+        if (context().iterator == context().end)
+            return;
         context().iterator.traverseNextSkippingChildren();
     }
 }
diff -Nru webkit2gtk-2.16.1/Source/WebCore/dom/ContainerNode.cpp webkit2gtk-2.16.2/Source/WebCore/dom/ContainerNode.cpp
--- webkit2gtk-2.16.1/Source/WebCore/dom/ContainerNode.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/dom/ContainerNode.cpp	2017-05-08 10:58:04.000000000 +0000
@@ -69,8 +69,9 @@
 
 ChildNodesLazySnapshot* ChildNodesLazySnapshot::latestSnapshot;
 
-#ifndef NDEBUG
+#if !ASSERT_DISABLED
 unsigned NoEventDispatchAssertion::s_count = 0;
+unsigned NoEventDispatchAssertion::DisableAssertionsInScope::s_existingCount = 0;
 NoEventDispatchAssertion::EventAllowedScope* NoEventDispatchAssertion::EventAllowedScope::s_currentScope = nullptr;
 #endif
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/dom/Document.cpp webkit2gtk-2.16.2/Source/WebCore/dom/Document.cpp
--- webkit2gtk-2.16.1/Source/WebCore/dom/Document.cpp	2017-04-03 17:10:47.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/dom/Document.cpp	2017-05-08 12:50:02.000000000 +0000
@@ -683,6 +683,7 @@
         m_fullScreenElement = nullptr;
         m_fullScreenElementStack.clear();
 #endif
+        m_associatedFormControls.clear();
 
         detachParser();
 
@@ -2683,13 +2684,13 @@
         ImageLoader::dispatchPendingErrorEvents();
         HTMLLinkElement::dispatchPendingLoadEvents();
         HTMLStyleElement::dispatchPendingLoadEvents();
-    }
 
-    // To align the HTML load event and the SVGLoad event for the outermost <svg> element, fire it from
-    // here, instead of doing it from SVGElement::finishedParsingChildren (if externalResourcesRequired="false",
-    // which is the default, for ='true' its fired at a later time, once all external resources finished loading).
-    if (svgExtensions())
-        accessSVGExtensions().dispatchSVGLoadEventToOutermostSVGElements();
+        // To align the HTML load event and the SVGLoad event for the outermost <svg> element, fire it from
+        // here, instead of doing it from SVGElement::finishedParsingChildren (if externalResourcesRequired="false",
+        // which is the default, for ='true' its fired at a later time, once all external resources finished loading).
+        if (svgExtensions())
+            accessSVGExtensions().dispatchSVGLoadEventToOutermostSVGElements();
+    }
 
     dispatchWindowLoadEvent();
     dispatchPageshowEvent(PageshowEventNotPersisted);
@@ -4050,30 +4051,30 @@
     return const_cast<Document&>(*this);
 }
 
-void Document::setAttributeEventListener(const AtomicString& eventType, const QualifiedName& attributeName, const AtomicString& attributeValue)
+void Document::setAttributeEventListener(const AtomicString& eventType, const QualifiedName& attributeName, const AtomicString& attributeValue, DOMWrapperWorld& isolatedWorld)
 {
-    setAttributeEventListener(eventType, JSLazyEventListener::create(*this, attributeName, attributeValue));
+    setAttributeEventListener(eventType, JSLazyEventListener::create(*this, attributeName, attributeValue), isolatedWorld);
 }
 
-void Document::setWindowAttributeEventListener(const AtomicString& eventType, RefPtr<EventListener>&& listener)
+void Document::setWindowAttributeEventListener(const AtomicString& eventType, RefPtr<EventListener>&& listener, DOMWrapperWorld& isolatedWorld)
 {
     if (!m_domWindow)
         return;
-    m_domWindow->setAttributeEventListener(eventType, WTFMove(listener));
+    m_domWindow->setAttributeEventListener(eventType, WTFMove(listener), isolatedWorld);
 }
 
-void Document::setWindowAttributeEventListener(const AtomicString& eventType, const QualifiedName& attributeName, const AtomicString& attributeValue)
+void Document::setWindowAttributeEventListener(const AtomicString& eventType, const QualifiedName& attributeName, const AtomicString& attributeValue, DOMWrapperWorld& isolatedWorld)
 {
     if (!m_domWindow)
         return;
-    setWindowAttributeEventListener(eventType, JSLazyEventListener::create(*m_domWindow, attributeName, attributeValue));
+    setWindowAttributeEventListener(eventType, JSLazyEventListener::create(*m_domWindow, attributeName, attributeValue), isolatedWorld);
 }
 
-EventListener* Document::getWindowAttributeEventListener(const AtomicString& eventType)
+EventListener* Document::getWindowAttributeEventListener(const AtomicString& eventType, DOMWrapperWorld& isolatedWorld)
 {
     if (!m_domWindow)
         return nullptr;
-    return m_domWindow->attributeEventListener(eventType);
+    return m_domWindow->attributeEventListener(eventType, isolatedWorld);
 }
 
 void Document::dispatchWindowEvent(Event& event, EventTarget* target)
diff -Nru webkit2gtk-2.16.1/Source/WebCore/dom/Document.h webkit2gtk-2.16.2/Source/WebCore/dom/Document.h
--- webkit2gtk-2.16.1/Source/WebCore/dom/Document.h	2017-04-03 16:25:32.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/dom/Document.h	2017-05-08 08:25:45.000000000 +0000
@@ -757,9 +757,9 @@
     void setContextDocument(Document& document) { m_contextDocument = document.createWeakPtr(); }
 
     // Helper functions for forwarding DOMWindow event related tasks to the DOMWindow if it exists.
-    void setWindowAttributeEventListener(const AtomicString& eventType, const QualifiedName& attributeName, const AtomicString& value);
-    void setWindowAttributeEventListener(const AtomicString& eventType, RefPtr<EventListener>&&);
-    EventListener* getWindowAttributeEventListener(const AtomicString& eventType);
+    void setWindowAttributeEventListener(const AtomicString& eventType, const QualifiedName& attributeName, const AtomicString& value, DOMWrapperWorld&);
+    void setWindowAttributeEventListener(const AtomicString& eventType, RefPtr<EventListener>&&, DOMWrapperWorld&);
+    EventListener* getWindowAttributeEventListener(const AtomicString& eventType, DOMWrapperWorld&);
     WEBCORE_EXPORT void dispatchWindowEvent(Event&, EventTarget* = nullptr);
     void dispatchWindowLoadEvent();
 
@@ -1154,6 +1154,9 @@
     bool hasTouchEventHandlers() const { return false; }
 #endif
 
+    void setUserDidInteractWithPage(bool userDidInteractWithPage) { ASSERT(&topDocument() == this); m_userDidInteractWithPage = userDidInteractWithPage; }
+    bool userDidInteractWithPage() const { ASSERT(&topDocument() == this); return m_userDidInteractWithPage; }
+
     // Used for testing. Count handlers in the main document, and one per frame which contains handlers.
     WEBCORE_EXPORT unsigned wheelEventHandlerCount() const;
     WEBCORE_EXPORT unsigned touchEventHandlerCount() const;
@@ -1272,7 +1275,7 @@
 #endif
 
     using ContainerNode::setAttributeEventListener;
-    void setAttributeEventListener(const AtomicString& eventType, const QualifiedName& attributeName, const AtomicString& value);
+    void setAttributeEventListener(const AtomicString& eventType, const QualifiedName& attributeName, const AtomicString& value, DOMWrapperWorld& isolatedWorld);
 
     DOMSelection* getSelection();
 
@@ -1735,6 +1738,7 @@
     RefPtr<MediaSession> m_defaultMediaSession;
 #endif
     bool m_areDeviceMotionAndOrientationUpdatesSuspended { false };
+    bool m_userDidInteractWithPage { false };
 
 #if ENABLE(MEDIA_STREAM)
     bool m_hasHadActiveMediaStreamTrack { false };
diff -Nru webkit2gtk-2.16.1/Source/WebCore/dom/Element.cpp webkit2gtk-2.16.2/Source/WebCore/dom/Element.cpp
--- webkit2gtk-2.16.1/Source/WebCore/dom/Element.cpp	2017-04-03 16:55:15.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/dom/Element.cpp	2017-05-08 08:25:45.000000000 +0000
@@ -4,7 +4,7 @@
  *           (C) 2001 Peter Kelly (pmk@post.com)
  *           (C) 2001 Dirk Mueller (mueller@kde.org)
  *           (C) 2007 David Smith (catfish.man@gmail.com)
- * Copyright (C) 2004-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2004-2017 Apple Inc. All rights reserved.
  *           (C) 2007 Eric Seidel (eric@webkit.org)
  *
  * This library is free software; you can redistribute it and/or
@@ -2055,7 +2055,7 @@
 
 void Element::setAttributeEventListener(const AtomicString& eventType, const QualifiedName& attributeName, const AtomicString& attributeValue)
 {
-    setAttributeEventListener(eventType, JSLazyEventListener::create(*this, attributeName, attributeValue));
+    setAttributeEventListener(eventType, JSLazyEventListener::create(*this, attributeName, attributeValue), mainThreadNormalWorld());
 }
 
 void Element::setIsNamedFlowContentElement()
diff -Nru webkit2gtk-2.16.1/Source/WebCore/dom/EventTarget.cpp webkit2gtk-2.16.2/Source/WebCore/dom/EventTarget.cpp
--- webkit2gtk-2.16.1/Source/WebCore/dom/EventTarget.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/dom/EventTarget.cpp	2017-05-08 08:25:43.000000000 +0000
@@ -2,7 +2,7 @@
  * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
  *           (C) 1999 Antti Koivisto (koivisto@kde.org)
  *           (C) 2001 Dirk Mueller (mueller@kde.org)
- * Copyright (C) 2004, 2005, 2006, 2007 Apple Inc. All rights reserved.
+ * Copyright (C) 2004-2017 Apple Inc. All rights reserved.
  * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org)
  *           (C) 2007, 2008 Nikolas Zimmermann <zimmermann@kde.org>
  *
@@ -32,9 +32,11 @@
 #include "config.h"
 #include "EventTarget.h"
 
+#include "DOMWrapperWorld.h"
 #include "EventNames.h"
 #include "ExceptionCode.h"
 #include "InspectorInstrumentation.h"
+#include "JSEventListener.h"
 #include "NoEventDispatchAssertion.h"
 #include "ScriptController.h"
 #include "WebKitAnimationEvent.h"
@@ -104,9 +106,9 @@
     return data && data->eventListenerMap.remove(eventType, listener, options.capture);
 }
 
-bool EventTarget::setAttributeEventListener(const AtomicString& eventType, RefPtr<EventListener>&& listener)
+bool EventTarget::setAttributeEventListener(const AtomicString& eventType, RefPtr<EventListener>&& listener, DOMWrapperWorld& isolatedWorld)
 {
-    auto* existingListener = attributeEventListener(eventType);
+    auto* existingListener = attributeEventListener(eventType, isolatedWorld);
     if (!listener) {
         if (existingListener)
             removeEventListener(eventType, *existingListener, false);
@@ -119,12 +121,18 @@
     return addEventListener(eventType, listener.releaseNonNull());
 }
 
-EventListener* EventTarget::attributeEventListener(const AtomicString& eventType)
+EventListener* EventTarget::attributeEventListener(const AtomicString& eventType, DOMWrapperWorld& isolatedWorld)
 {
     for (auto& eventListener : eventListeners(eventType)) {
-        if (eventListener->callback().isAttribute())
-            return &eventListener->callback();
+        auto& listener = eventListener->callback();
+        if (!listener.isAttribute())
+            continue;
+
+        auto& listenerWorld = downcast<JSEventListener>(listener).isolatedWorld();
+        if (&listenerWorld == &isolatedWorld)
+            return &listener;
     }
+
     return nullptr;
 }
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/dom/EventTarget.h webkit2gtk-2.16.2/Source/WebCore/dom/EventTarget.h
--- webkit2gtk-2.16.1/Source/WebCore/dom/EventTarget.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/dom/EventTarget.h	2017-05-08 08:25:43.000000000 +0000
@@ -2,7 +2,7 @@
  * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
  *           (C) 1999 Antti Koivisto (koivisto@kde.org)
  *           (C) 2001 Dirk Mueller (mueller@kde.org)
- * Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2004-2017 Apple Inc. All rights reserved.
  * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org)
  *           (C) 2007, 2008 Nikolas Zimmermann <zimmermann@kde.org>
  *
@@ -41,6 +41,7 @@
 namespace WebCore {
 
 class DOMWindow;
+class DOMWrapperWorld;
 class Node;
 
 struct EventTargetData {
@@ -104,8 +105,8 @@
     virtual void uncaughtExceptionInEventHandler();
 
     // Used for legacy "onevent" attributes.
-    bool setAttributeEventListener(const AtomicString& eventType, RefPtr<EventListener>&&);
-    EventListener* attributeEventListener(const AtomicString& eventType);
+    bool setAttributeEventListener(const AtomicString& eventType, RefPtr<EventListener>&&, DOMWrapperWorld&);
+    EventListener* attributeEventListener(const AtomicString& eventType, DOMWrapperWorld&);
 
     bool hasEventListeners() const;
     bool hasEventListeners(const AtomicString& eventType) const;
diff -Nru webkit2gtk-2.16.1/Source/WebCore/dom/NoEventDispatchAssertion.h webkit2gtk-2.16.2/Source/WebCore/dom/NoEventDispatchAssertion.h
--- webkit2gtk-2.16.1/Source/WebCore/dom/NoEventDispatchAssertion.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/dom/NoEventDispatchAssertion.h	2017-05-08 10:58:04.000000000 +0000
@@ -108,6 +108,32 @@
 #endif
 
 #if !ASSERT_DISABLED
+    class DisableAssertionsInScope {
+    public:
+        DisableAssertionsInScope()
+        {
+            if (!isMainThread())
+                return;
+            s_existingCount = s_count;
+            s_count = 0;
+        }
+
+        ~DisableAssertionsInScope()
+        {
+            s_count = s_existingCount;
+            s_existingCount = 0;
+        }
+    private:
+        WEBCORE_EXPORT static unsigned s_existingCount;
+    };
+#else
+    class DisableAssertionsInScope {
+    public:
+        DisableAssertionsInScope() { }
+    };
+#endif
+
+#if !ASSERT_DISABLED
 private:
     WEBCORE_EXPORT static unsigned s_count;
 #endif
diff -Nru webkit2gtk-2.16.1/Source/WebCore/dom/UserGestureIndicator.cpp webkit2gtk-2.16.2/Source/WebCore/dom/UserGestureIndicator.cpp
--- webkit2gtk-2.16.1/Source/WebCore/dom/UserGestureIndicator.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/dom/UserGestureIndicator.cpp	2017-05-08 07:44:04.000000000 +0000
@@ -54,8 +54,10 @@
     if (state)
         currentToken() = UserGestureToken::create(state.value());
 
-    if (document && currentToken()->processingUserGesture())
+    if (document && currentToken()->processingUserGesture()) {
         document->topDocument().updateLastHandledUserGestureTimestamp();
+        document->topDocument().setUserDidInteractWithPage(true);
+    }
 }
 
 UserGestureIndicator::UserGestureIndicator(RefPtr<UserGestureToken> token)
diff -Nru webkit2gtk-2.16.1/Source/WebCore/editing/MarkupAccumulator.cpp webkit2gtk-2.16.2/Source/WebCore/editing/MarkupAccumulator.cpp
--- webkit2gtk-2.16.1/Source/WebCore/editing/MarkupAccumulator.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/editing/MarkupAccumulator.cpp	2017-05-08 10:11:50.000000000 +0000
@@ -214,10 +214,10 @@
     result.append(m_markup);
 }
 
-void MarkupAccumulator::appendAttributeValue(StringBuilder& result, const String& attribute, bool documentIsHTML)
+void MarkupAccumulator::appendAttributeValue(StringBuilder& result, const String& attribute, bool isSerializingHTML)
 {
     appendCharactersReplacingEntities(result, attribute, 0, attribute.length(),
-        documentIsHTML ? EntityMaskInHTMLAttributeValue : EntityMaskInAttributeValue);
+        isSerializingHTML ? EntityMaskInHTMLAttributeValue : EntityMaskInAttributeValue);
 }
 
 void MarkupAccumulator::appendCustomAttributes(StringBuilder&, const Element&, Namespaces*)
@@ -489,12 +489,12 @@
 
 void MarkupAccumulator::appendAttribute(StringBuilder& result, const Element& element, const Attribute& attribute, Namespaces* namespaces)
 {
-    bool documentIsHTML = element.document().isHTMLDocument();
+    bool isSerializingHTML = element.document().isHTMLDocument() && !inXMLFragmentSerialization();
 
     result.append(' ');
 
     QualifiedName prefixedName = attribute.name();
-    if (documentIsHTML && !attributeIsInSerializedNamespace(attribute))
+    if (isSerializingHTML && !attributeIsInSerializedNamespace(attribute))
         result.append(attribute.name().localName());
     else {
         if (!attribute.namespaceURI().isEmpty()) {
@@ -524,11 +524,11 @@
         appendQuotedURLAttributeValue(result, element, attribute);
     else {
         result.append('"');
-        appendAttributeValue(result, attribute.value(), documentIsHTML);
+        appendAttributeValue(result, attribute.value(), isSerializingHTML);
         result.append('"');
     }
 
-    if ((inXMLFragmentSerialization() || !documentIsHTML) && namespaces && shouldAddNamespaceAttribute(attribute, *namespaces))
+    if (!isSerializingHTML && namespaces && shouldAddNamespaceAttribute(attribute, *namespaces))
         appendNamespace(result, prefixedName.prefix(), prefixedName.namespaceURI(), *namespaces);
 }
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/editing/MarkupAccumulator.h webkit2gtk-2.16.2/Source/WebCore/editing/MarkupAccumulator.h
--- webkit2gtk-2.16.1/Source/WebCore/editing/MarkupAccumulator.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/editing/MarkupAccumulator.h	2017-05-08 10:11:50.000000000 +0000
@@ -92,7 +92,7 @@
     void appendStartMarkup(StringBuilder&, const Node&, Namespaces*);
     void appendEndMarkup(StringBuilder&, const Element&);
 
-    void appendAttributeValue(StringBuilder&, const String&, bool);
+    void appendAttributeValue(StringBuilder&, const String&, bool isSerializingHTML);
     void appendNamespace(StringBuilder&, const AtomicString& prefix, const AtomicString& namespaceURI, Namespaces&, bool allowEmptyDefaultNS = false);
     void appendXMLDeclaration(StringBuilder&, const Document&);
     void appendDocumentType(StringBuilder&, const DocumentType&);
diff -Nru webkit2gtk-2.16.1/Source/WebCore/editing/ReplaceSelectionCommand.cpp webkit2gtk-2.16.2/Source/WebCore/editing/ReplaceSelectionCommand.cpp
--- webkit2gtk-2.16.1/Source/WebCore/editing/ReplaceSelectionCommand.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/editing/ReplaceSelectionCommand.cpp	2017-05-08 08:25:45.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005, 2006, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2005-2017 Apple Inc. All rights reserved.
  * Copyright (C) 2009, 2010, 2011 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -32,6 +32,7 @@
 #include "BeforeTextInsertedEvent.h"
 #include "BreakBlockquoteCommand.h"
 #include "CSSStyleDeclaration.h"
+#include "DOMWrapperWorld.h"
 #include "DataTransfer.h"
 #include "Document.h"
 #include "DocumentFragment.h"
@@ -167,7 +168,7 @@
     
     Node* shadowAncestorNode = editableRoot->deprecatedShadowAncestorNode();
     
-    if (!editableRoot->attributeEventListener(eventNames().webkitBeforeTextInsertedEvent)
+    if (!editableRoot->attributeEventListener(eventNames().webkitBeforeTextInsertedEvent, mainThreadNormalWorld())
         && !(shadowAncestorNode && shadowAncestorNode->renderer() && shadowAncestorNode->renderer()->isTextControl())
         && editableRoot->hasRichlyEditableStyle()) {
         removeInterchangeNodes(m_fragment.get());
diff -Nru webkit2gtk-2.16.1/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp webkit2gtk-2.16.2/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp
--- webkit2gtk-2.16.1/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp	2017-05-08 09:47:13.000000000 +0000
@@ -2087,8 +2087,10 @@
         return;
     IntRect sourceRect(destRect);
     sourceRect.move(-destOffset);
+    sourceRect.intersect(IntRect(0, 0, data.width(), data.height()));
 
-    buffer->putByteArray(Unmultiplied, data.data(), IntSize(data.width(), data.height()), sourceRect, IntPoint(destOffset), coordinateSystem);
+    if (!sourceRect.isEmpty())
+        buffer->putByteArray(Unmultiplied, data.data(), IntSize(data.width(), data.height()), sourceRect, IntPoint(destOffset), coordinateSystem);
 
     didDraw(destRect, CanvasDidDrawApplyNone); // ignore transform, shadow and clip
 }
diff -Nru webkit2gtk-2.16.1/Source/WebCore/html/HTMLBodyElement.cpp webkit2gtk-2.16.2/Source/WebCore/html/HTMLBodyElement.cpp
--- webkit2gtk-2.16.1/Source/WebCore/html/HTMLBodyElement.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/html/HTMLBodyElement.cpp	2017-05-08 08:25:43.000000000 +0000
@@ -3,7 +3,7 @@
  *           (C) 1999 Antti Koivisto (koivisto@kde.org)
  *           (C) 2000 Simon Hausmann (hausmann@kde.org)
  *           (C) 2001 Dirk Mueller (mueller@kde.org)
- * Copyright (C) 2004, 2006-2010, 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2004-2017 Apple Inc. All rights reserved.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Library General Public
@@ -28,6 +28,7 @@
 #include "CSSParser.h"
 #include "CSSValueKeywords.h"
 #include "DOMWindow.h"
+#include "DOMWrapperWorld.h"
 #include "EventNames.h"
 #include "Frame.h"
 #include "FrameView.h"
@@ -173,13 +174,13 @@
     }
 
     if (name == onselectionchangeAttr) {
-        document().setAttributeEventListener(eventNames().selectionchangeEvent, name, value);
+        document().setAttributeEventListener(eventNames().selectionchangeEvent, name, value, mainThreadNormalWorld());
         return;
     }
 
     auto& eventName = eventNameForWindowEventHandlerAttribute(name);
     if (!eventName.isNull()) {
-        document().setWindowAttributeEventListener(eventName, name, value);
+        document().setWindowAttributeEventListener(eventName, name, value, mainThreadNormalWorld());
         return;
     }
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/html/HTMLFrameSetElement.cpp webkit2gtk-2.16.2/Source/WebCore/html/HTMLFrameSetElement.cpp
--- webkit2gtk-2.16.1/Source/WebCore/html/HTMLFrameSetElement.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/html/HTMLFrameSetElement.cpp	2017-05-08 08:25:45.000000000 +0000
@@ -3,7 +3,7 @@
  *           (C) 1999 Antti Koivisto (koivisto@kde.org)
  *           (C) 2000 Simon Hausmann (hausmann@kde.org)
  *           (C) 2001 Dirk Mueller (mueller@kde.org)
- * Copyright (C) 2004, 2006, 2009, 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2004-2017 Apple Inc. All rights reserved.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Library General Public
@@ -25,6 +25,7 @@
 #include "HTMLFrameSetElement.h"
 
 #include "CSSPropertyNames.h"
+#include "DOMWrapperWorld.h"
 #include "Document.h"
 #include "ElementIterator.h"
 #include "Event.h"
@@ -142,7 +143,7 @@
 
     auto& eventName = HTMLBodyElement::eventNameForWindowEventHandlerAttribute(name);
     if (!eventName.isNull()) {
-        document().setWindowAttributeEventListener(eventName, name, value);
+        document().setWindowAttributeEventListener(eventName, name, value, mainThreadNormalWorld());
         return;
     }
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/html/SearchInputType.cpp webkit2gtk-2.16.2/Source/WebCore/html/SearchInputType.cpp
--- webkit2gtk-2.16.1/Source/WebCore/html/SearchInputType.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/html/SearchInputType.cpp	2017-05-09 06:32:50.000000000 +0000
@@ -55,8 +55,11 @@
 void SearchInputType::addSearchResult()
 {
 #if !PLATFORM(IOS)
-    if (auto* renderer = element().renderer())
-        downcast<RenderSearchField>(*renderer).addSearchResult();
+    // Normally we've got the correct renderer by the time we get here. However when the input type changes
+    // we don't update the associated renderers until after the next tree update, so we could actually end up here
+    // with a mismatched renderer (e.g. through form submission).
+    if (is<RenderSearchField>(element().renderer()))
+        downcast<RenderSearchField>(*element().renderer()).addSearchResult();
 #endif
 }
 
@@ -158,8 +161,7 @@
     unsigned length = element().innerTextValue().length();
 
     if (!length) {
-        stopSearchEventTimer();
-        element().onSearch();
+        m_searchEventTimer.startOneShot(0_ms);
         return;
     }
 
@@ -185,9 +187,8 @@
 
 void SearchInputType::didSetValueByUserEdit()
 {
-    if (m_cancelButton && element().renderer())
+    if (m_cancelButton && is<RenderSearchField>(element().renderer()))
         downcast<RenderSearchField>(*element().renderer()).updateCancelButtonVisibility();
-
     // If the incremental attribute is set, then dispatch the search event
     if (searchEventsShouldBeDispatched())
         startSearchEventTimer();
diff -Nru webkit2gtk-2.16.1/Source/WebCore/inspector/InspectorDOMStorageAgent.cpp webkit2gtk-2.16.2/Source/WebCore/inspector/InspectorDOMStorageAgent.cpp
--- webkit2gtk-2.16.1/Source/WebCore/inspector/InspectorDOMStorageAgent.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/inspector/InspectorDOMStorageAgent.cpp	2017-05-07 09:24:48.000000000 +0000
@@ -45,6 +45,7 @@
 #include "Storage.h"
 #include "StorageNamespace.h"
 #include "StorageNamespaceProvider.h"
+#include "StorageType.h"
 #include "VoidCallback.h"
 #include <inspector/InspectorFrontendDispatchers.h>
 #include <inspector/InspectorValues.h>
@@ -163,7 +164,7 @@
     if (!m_enabled)
         return;
 
-    RefPtr<Inspector::Protocol::DOMStorage::StorageId> id = storageId(securityOrigin, storageType == LocalStorage);
+    RefPtr<Inspector::Protocol::DOMStorage::StorageId> id = storageId(securityOrigin, storageType == StorageType::Local);
 
     if (key.isNull())
         m_frontendDispatcher->domStorageItemsCleared(id);
diff -Nru webkit2gtk-2.16.1/Source/WebCore/inspector/InspectorInstrumentation.h webkit2gtk-2.16.2/Source/WebCore/inspector/InspectorInstrumentation.h
--- webkit2gtk-2.16.1/Source/WebCore/inspector/InspectorInstrumentation.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/inspector/InspectorInstrumentation.h	2017-05-07 09:24:50.000000000 +0000
@@ -83,6 +83,8 @@
 class WebKitNamedFlow;
 class WorkerInspectorProxy;
 
+enum class StorageType;
+
 struct ReplayPosition;
 struct WebSocketFrame;
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/loader/EmptyClients.cpp webkit2gtk-2.16.2/Source/WebCore/loader/EmptyClients.cpp
--- webkit2gtk-2.16.1/Source/WebCore/loader/EmptyClients.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/loader/EmptyClients.cpp	2017-05-07 09:25:30.000000000 +0000
@@ -56,6 +56,7 @@
 #include "StorageArea.h"
 #include "StorageNamespace.h"
 #include "StorageNamespaceProvider.h"
+#include "StorageType.h"
 #include "TextCheckerClient.h"
 #include "ThreadableWebSocketChannel.h"
 #include "UserContentProvider.h"
@@ -550,7 +551,7 @@
         void clear(Frame*) final { }
         bool contains(const String&) final { return false; }
         bool canAccessStorage(Frame*) final { return false; }
-        StorageType storageType() const final { return LocalStorage; }
+        StorageType storageType() const final { return StorageType::Local; }
         size_t memoryBytesUsedByCache() final { return 0; }
         SecurityOriginData securityOrigin() const final { return { }; }
     };
@@ -562,6 +563,7 @@
 
     RefPtr<StorageNamespace> createSessionStorageNamespace(Page&, unsigned) final;
     RefPtr<StorageNamespace> createLocalStorageNamespace(unsigned) final;
+    RefPtr<StorageNamespace> createEphemeralLocalStorageNamespace(Page&, unsigned) final;
     RefPtr<StorageNamespace> createTransientLocalStorageNamespace(SecurityOrigin&, unsigned) final;
 };
 
@@ -675,6 +677,11 @@
 {
     return adoptRef(*new EmptyStorageNamespace);
 }
+
+RefPtr<StorageNamespace> EmptyStorageNamespaceProvider::createEphemeralLocalStorageNamespace(Page&, unsigned)
+{
+    return adoptRef(*new EmptyStorageNamespace);
+}
 
 RefPtr<StorageNamespace> EmptyStorageNamespaceProvider::createTransientLocalStorageNamespace(SecurityOrigin&, unsigned)
 {
diff -Nru webkit2gtk-2.16.1/Source/WebCore/loader/FrameLoader.cpp webkit2gtk-2.16.2/Source/WebCore/loader/FrameLoader.cpp
--- webkit2gtk-2.16.1/Source/WebCore/loader/FrameLoader.cpp	2017-04-03 16:25:32.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/loader/FrameLoader.cpp	2017-05-08 14:05:50.000000000 +0000
@@ -775,6 +775,13 @@
     if (m_isComplete)
         return;
 
+    // FIXME: It would be better if resource loads were kicked off after render tree update (or didn't complete synchronously).
+    //        https://bugs.webkit.org/show_bug.cgi?id=171729
+    if (m_frame.document()->inRenderTreeUpdate()) {
+        scheduleCheckCompleted();
+        return;
+    }
+
     // Are we still parsing?
     if (m_frame.document()->parsing())
         return;
@@ -1916,20 +1923,20 @@
     if (pdl != m_provisionalDocumentLoader)
         return;
 
-    // Nothing else can interupt this commit - set the Provisional->Committed transition in stone
     if (m_documentLoader)
         m_documentLoader->stopLoadingSubresources();
     if (m_documentLoader)
         m_documentLoader->stopLoadingPlugIns();
 
+    // Setting our document loader invokes the unload event handler of our child frames.
+    // Script can do anything. If the script initiates a new load, we need to abandon the
+    // current load or the two will stomp each other.
     setDocumentLoader(m_provisionalDocumentLoader.get());
-    setProvisionalDocumentLoader(nullptr);
-
-    if (pdl != m_documentLoader) {
-        ASSERT(m_state == FrameStateComplete);
+    if (pdl != m_provisionalDocumentLoader)
         return;
-    }
+    setProvisionalDocumentLoader(nullptr);
 
+    // Nothing else can interupt this commit - set the Provisional->Committed transition in stone
     setState(FrameStateCommittedPage);
 
     // Handle adding the URL to the back/forward list.
@@ -2988,7 +2995,7 @@
 
 static bool shouldAskForNavigationConfirmation(Document& document, const BeforeUnloadEvent& event)
 {
-    bool userDidInteractWithPage = document.topDocument().lastHandledUserGestureTimestamp() > 0;
+    bool userDidInteractWithPage = document.topDocument().userDidInteractWithPage();
     // Web pages can request we ask for confirmation before navigating by:
     // - Cancelling the BeforeUnloadEvent (modern way)
     // - Setting the returnValue attribute on the BeforeUnloadEvent to a non-empty string.
diff -Nru webkit2gtk-2.16.1/Source/WebCore/Modules/indexeddb/IDBRequest.cpp webkit2gtk-2.16.2/Source/WebCore/Modules/indexeddb/IDBRequest.cpp
--- webkit2gtk-2.16.1/Source/WebCore/Modules/indexeddb/IDBRequest.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/Modules/indexeddb/IDBRequest.cpp	2017-05-08 14:04:29.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2015, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -370,7 +370,9 @@
 
     // FIXME: This conversion should be done lazily, when script needs the JSValues, so that global object
     // of the IDBRequest wrapper can be used, rather than the lexicalGlobalObject.
-    m_result = Result { JSC::Strong<JSC::Unknown> { context->vm(), toJS<IDLIDBKeyData>(*state, *jsCast<JSDOMGlobalObject*>(state->lexicalGlobalObject()), keyData) } };
+    VM& vm = context->vm();
+    JSLockHolder lock(vm);
+    m_result = Result { JSC::Strong<JSC::Unknown> { vm, toJS<IDLIDBKeyData>(*state, *jsCast<JSDOMGlobalObject*>(state->lexicalGlobalObject()), keyData) } };
 }
 
 void IDBRequest::setResult(const Vector<IDBKeyData>& keyDatas)
@@ -387,8 +389,9 @@
 
     // FIXME: This conversion should be done lazily, when script needs the JSValues, so that global object
     // of the IDBRequest wrapper can be used, rather than the lexicalGlobalObject.
-    Locker<JSLock> locker(context->vm().apiLock());
-    m_result = Result { JSC::Strong<JSC::Unknown> { context->vm(), toJS<IDLSequence<IDLIDBKeyData>>(*state, *jsCast<JSDOMGlobalObject*>(state->lexicalGlobalObject()), keyDatas) } };
+    VM& vm = context->vm();
+    JSLockHolder lock(vm);
+    m_result = Result { JSC::Strong<JSC::Unknown> { vm, toJS<IDLSequence<IDLIDBKeyData>>(*state, *jsCast<JSDOMGlobalObject*>(state->lexicalGlobalObject()), keyDatas) } };
 }
 
 void IDBRequest::setResult(const Vector<IDBValue>& values)
@@ -405,8 +408,9 @@
 
     // FIXME: This conversion should be done lazily, when script needs the JSValues, so that global object
     // of the IDBRequest wrapper can be used, rather than the lexicalGlobalObject.
-    Locker<JSLock> locker(context->vm().apiLock());
-    m_result = Result { JSC::Strong<JSC::Unknown> { context->vm(), toJS<IDLSequence<IDLIDBValue>>(*state, *jsCast<JSDOMGlobalObject*>(state->lexicalGlobalObject()), values) } };
+    VM& vm = context->vm();
+    JSLockHolder lock(vm);
+    m_result = Result { JSC::Strong<JSC::Unknown> { vm, toJS<IDLSequence<IDLIDBValue>>(*state, *jsCast<JSDOMGlobalObject*>(state->lexicalGlobalObject()), values) } };
 }
 
 void IDBRequest::setResult(uint64_t number)
@@ -436,7 +440,9 @@
 
     // FIXME: This conversion should be done lazily, when script needs the JSValues, so that global object
     // of the IDBRequest wrapper can be used, rather than the lexicalGlobalObject.
-    m_result = Result { JSC::Strong<JSC::Unknown> { context->vm(), toJS<IDLIDBValue>(*state, *jsCast<JSDOMGlobalObject*>(state->lexicalGlobalObject()), value) } };
+    VM& vm = context->vm();
+    JSLockHolder lock(vm);
+    m_result = Result { JSC::Strong<JSC::Unknown> { vm, toJS<IDLIDBValue>(*state, *jsCast<JSDOMGlobalObject*>(state->lexicalGlobalObject()), value) } };
 }
 
 void IDBRequest::setResultToUndefined()
diff -Nru webkit2gtk-2.16.1/Source/WebCore/page/animation/AnimationBase.cpp webkit2gtk-2.16.2/Source/WebCore/page/animation/AnimationBase.cpp
--- webkit2gtk-2.16.1/Source/WebCore/page/animation/AnimationBase.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/page/animation/AnimationBase.cpp	2017-05-08 06:52:35.000000000 +0000
@@ -163,10 +163,10 @@
             m_compositeAnimation->animationController().removeFromAnimationsWaitingForStyle(this);
         LOG(Animations, "%p AnimationState %s -> New", this, nameForState(m_animationState));
         m_animationState = AnimationState::New;
-        m_startTime = 0;
-        m_pauseTime = -1;
+        m_startTime = std::nullopt;
+        m_pauseTime = std::nullopt;
         m_requestedStartTime = 0;
-        m_nextIterationDuration = -1;
+        m_nextIterationDuration = std::nullopt;
         endAnimation();
         return;
     }
@@ -176,10 +176,10 @@
             m_compositeAnimation->animationController().removeFromAnimationsWaitingForStyle(this);
         LOG(Animations, "%p AnimationState %s -> New", this, nameForState(m_animationState));
         m_animationState = AnimationState::New;
-        m_startTime = 0;
-        m_pauseTime = -1;
+        m_startTime = std::nullopt;
+        m_pauseTime = std::nullopt;
         m_requestedStartTime = 0;
-        m_nextIterationDuration = -1;
+        m_nextIterationDuration = std::nullopt;
         endAnimation();
 
         if (!paused())
@@ -209,7 +209,7 @@
     if (input == AnimationStateInput::ResumeOverride) {
         if (m_animationState == AnimationState::Looping || m_animationState == AnimationState::Ending) {
             // Start the animation
-            startAnimation(beginAnimationUpdateTime() - m_startTime);
+            startAnimation(beginAnimationUpdateTime() - m_startTime.value_or(0));
         }
         return;
     }
@@ -227,7 +227,7 @@
                 // We are pausing before we even started.
                 LOG(Animations, "%p AnimationState %s -> AnimationState::PausedNew", this, nameForState(m_animationState));
                 m_animationState = AnimationState::PausedNew;
-                m_pauseTime = 0;
+                m_pauseTime = std::nullopt;
             }
 
 #if ENABLE(CSS_ANIMATIONS_LEVEL_2)
@@ -299,11 +299,11 @@
                 LOG(Animations, "%p AnimationState %s -> StartTimeSet (time is %f)", this, nameForState(m_animationState), param);
 
                 // We have a start time, set it, unless the startTime is already set
-                if (m_startTime <= 0) {
+                if (!m_startTime) {
                     m_startTime = param;
                     // If the value for 'animation-delay' is negative then the animation appears to have started in the past.
                     if (m_animation->delay() < 0)
-                        m_startTime += m_animation->delay();
+                        m_startTime = m_startTime.value() + m_animation->delay();
                 }
 
                 // Now that we know the start time, fire the start event.
@@ -319,7 +319,7 @@
                 // We are pausing while waiting for a start response. Cancel the animation and wait. When 
                 // we unpause, we will act as though the start timer just fired
                 m_pauseTime = beginAnimationUpdateTime();
-                pauseAnimation(beginAnimationUpdateTime() - m_startTime);
+                pauseAnimation(beginAnimationUpdateTime() - m_startTime.value_or(0));
                 LOG(Animations, "%p AnimationState %s -> PausedWaitResponse", this, nameForState(m_animationState));
                 m_animationState = AnimationState::PausedWaitResponse;
             }
@@ -339,7 +339,7 @@
             } else {
                 // We are pausing while running. Cancel the animation and wait
                 m_pauseTime = beginAnimationUpdateTime();
-                pauseAnimation(beginAnimationUpdateTime() - m_startTime);
+                pauseAnimation(beginAnimationUpdateTime() - m_startTime.value_or(0));
                 LOG(Animations, "%p AnimationState %s -> PausedRun", this, nameForState(m_animationState));
                 m_animationState = AnimationState::PausedRun;
             }
@@ -371,7 +371,7 @@
             } else {
                 // We are pausing while running. Cancel the animation and wait
                 m_pauseTime = beginAnimationUpdateTime();
-                pauseAnimation(beginAnimationUpdateTime() - m_startTime);
+                pauseAnimation(beginAnimationUpdateTime() - m_startTime.value_or(0));
                 LOG(Animations, "%p AnimationState %s -> PausedRun", this, nameForState(m_animationState));
                 m_animationState = AnimationState::PausedRun;
             }
@@ -381,8 +381,8 @@
             ASSERT(input == AnimationStateInput::PlayStateRunning);
             ASSERT(paused());
             // Update the times
-            m_startTime += beginAnimationUpdateTime() - m_pauseTime;
-            m_pauseTime = -1;
+            m_startTime = m_startTime.value() + beginAnimationUpdateTime() - m_pauseTime.value_or(0);
+            m_pauseTime = std::nullopt;
 
             // we were waiting for the start timer to fire, go back and wait again
             LOG(Animations, "%p AnimationState %s -> New", this, nameForState(m_animationState));
@@ -406,18 +406,18 @@
                     // to start, so jump back to the New state and reset.
                     LOG(Animations, "%p AnimationState %s -> AnimationState::New", this, nameForState(m_animationState));
                     m_animationState = AnimationState::New;
-                    m_pauseTime = -1;
+                    m_pauseTime = std::nullopt;
                     updateStateMachine(input, param);
                     break;
                 }
 
                 // Update the times
                 if (m_animationState == AnimationState::PausedRun)
-                    m_startTime += beginAnimationUpdateTime() - m_pauseTime;
+                    m_startTime = m_startTime.value() + beginAnimationUpdateTime() - m_pauseTime.value_or(0);
                 else
                     m_startTime = 0;
 
-                m_pauseTime = -1;
+                m_pauseTime = std::nullopt;
 
                 if (m_animationState == AnimationState::PausedWaitStyleAvailable) {
                     LOG(Animations, "%p AnimationState %s -> StartWaitStyleAvailable", this, nameForState(m_animationState));
@@ -436,7 +436,7 @@
                         updateStateMachine(AnimationStateInput::StartTimeSet, beginAnimationUpdateTime());
                         m_isAccelerated = true;
                     } else {
-                        bool started = startAnimation(beginAnimationUpdateTime() - m_startTime);
+                        bool started = startAnimation(beginAnimationUpdateTime() - m_startTime.value_or(0));
                         m_compositeAnimation->animationController().addToAnimationsWaitingForStartTimeResponse(this, started);
                         m_isAccelerated = started;
                     }
@@ -451,9 +451,9 @@
                 // We ignore the start time and just move into the paused-run state.
                 LOG(Animations, "%p AnimationState %s -> PausedRun (time is %f)", this, nameForState(m_animationState), param);
                 m_animationState = AnimationState::PausedRun;
-                ASSERT(m_startTime == 0);
+                ASSERT(!m_startTime);
                 m_startTime = param;
-                m_pauseTime += m_startTime;
+                m_pauseTime = m_pauseTime.value_or(0) + param;
                 break;
             }
 
@@ -506,7 +506,7 @@
         return;
     }
 
-    double elapsedDuration = beginAnimationUpdateTime() - m_startTime;
+    double elapsedDuration = beginAnimationUpdateTime() - m_startTime.value_or(0);
 #if ENABLE(CSS_ANIMATIONS_LEVEL_2)
     // If we are a triggered animation that depends on scroll, our elapsed
     // time is determined by the scroll position.
@@ -520,17 +520,17 @@
     elapsedDuration = std::max(elapsedDuration, 0.0);
     
     // Check for end timeout
-    if (m_totalDuration >= 0 && elapsedDuration >= m_totalDuration) {
+    if (m_totalDuration && elapsedDuration >= m_totalDuration.value()) {
         // We may still be in AnimationState::Looping if we've managed to skip a
         // whole iteration, in which case we should jump to the end state.
         LOG(Animations, "%p AnimationState %s -> Ending", this, nameForState(m_animationState));
         m_animationState = AnimationState::Ending;
 
         // Fire an end event
-        updateStateMachine(AnimationStateInput::EndTimerFired, m_totalDuration);
+        updateStateMachine(AnimationStateInput::EndTimerFired, m_totalDuration.value());
     } else {
         // Check for iteration timeout
-        if (m_nextIterationDuration < 0) {
+        if (!m_nextIterationDuration) {
             // Hasn't been set yet, set it
             double durationLeft = m_animation->duration() - fmod(elapsedDuration, m_animation->duration());
             m_nextIterationDuration = elapsedDuration + durationLeft;
@@ -538,7 +538,7 @@
         
         if (elapsedDuration >= m_nextIterationDuration) {
             // Set to the next iteration
-            double previous = m_nextIterationDuration;
+            double previous = m_nextIterationDuration.value();
             double durationLeft = m_animation->duration() - fmod(elapsedDuration, m_animation->duration());
             m_nextIterationDuration = elapsedDuration + durationLeft;
             
@@ -678,16 +678,16 @@
 void AnimationBase::getTimeToNextEvent(double& time, bool& isLooping) const
 {
     // Decide when the end or loop event needs to fire
-    const double elapsedDuration = std::max(beginAnimationUpdateTime() - m_startTime, 0.0);
+    const double elapsedDuration = std::max(beginAnimationUpdateTime() - m_startTime.value_or(0), 0.0);
     double durationLeft = 0;
-    double nextIterationTime = m_totalDuration;
+    double nextIterationTime = m_totalDuration.value_or(0);
 
-    if (m_totalDuration < 0 || elapsedDuration < m_totalDuration) {
+    if (!m_totalDuration || elapsedDuration < m_totalDuration.value()) {
         durationLeft = m_animation->duration() > 0 ? (m_animation->duration() - fmod(elapsedDuration, m_animation->duration())) : 0;
         nextIterationTime = elapsedDuration + durationLeft;
     }
     
-    if (m_totalDuration < 0 || nextIterationTime < m_totalDuration) {
+    if (!m_totalDuration || nextIterationTime < m_totalDuration.value()) {
         // We are not at the end yet
         ASSERT(nextIterationTime > 0);
         isLooping = true;
@@ -722,12 +722,12 @@
 
     ASSERT(m_startTime); // If m_startTime is zero, we haven't started yet, so we'll get a bad pause time.
     if (t <= m_animation->delay())
-        m_pauseTime = m_startTime;
+        m_pauseTime = m_startTime.value_or(0);
     else
-        m_pauseTime = m_startTime + t - m_animation->delay();
+        m_pauseTime = m_startTime.value_or(0) + t - m_animation->delay();
 
     if (m_object && m_object->isComposited())
-        downcast<RenderBoxModelObject>(*m_object).suspendAnimations(m_pauseTime);
+        downcast<RenderBoxModelObject>(*m_object).suspendAnimations(m_pauseTime.value());
 }
 
 double AnimationBase::beginAnimationUpdateTime() const
@@ -758,16 +758,16 @@
 
     if (paused()) {
         double delayOffset = (!m_startTime && m_animation->delay() < 0) ? m_animation->delay() : 0;
-        return m_pauseTime - m_startTime - delayOffset;
+        return m_pauseTime.value_or(0) - m_startTime.value_or(0) - delayOffset;
     }
 
-    if (m_startTime <= 0)
+    if (!m_startTime)
         return 0;
 
     if (postActive() || fillingForwards())
-        return m_totalDuration;
+        return m_totalDuration.value_or(0);
 
-    return beginAnimationUpdateTime() - m_startTime;
+    return beginAnimationUpdateTime() - m_startTime.value_or(0);
 }
 
 void AnimationBase::setElapsedTime(double time)
diff -Nru webkit2gtk-2.16.1/Source/WebCore/page/animation/AnimationBase.h webkit2gtk-2.16.2/Source/WebCore/page/animation/AnimationBase.h
--- webkit2gtk-2.16.1/Source/WebCore/page/animation/AnimationBase.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/page/animation/AnimationBase.h	2017-05-08 06:52:35.000000000 +0000
@@ -121,7 +121,7 @@
     bool fillingForwards() const { return m_animationState == AnimationState::FillingForwards; }
     bool active() const { return !postActive() && !preActive(); }
     bool running() const { return !isNew() && !postActive(); }
-    bool paused() const { return m_pauseTime >= 0 || m_animationState == AnimationState::PausedNew; }
+    bool paused() const { return m_pauseTime || m_animationState == AnimationState::PausedNew; }
     bool inPausedState() const { return m_animationState >= AnimationState::PausedNew && m_animationState <= AnimationState::PausedRun; }
     bool isNew() const { return m_animationState == AnimationState::New || m_animationState == AnimationState::PausedNew; }
     bool waitingForStartTime() const { return m_animationState == AnimationState::StartWaitResponse; }
@@ -244,11 +244,11 @@
     CompositeAnimation* m_compositeAnimation; // Ideally this would be a reference, but it has to be cleared if an animation is destroyed inside an event callback.
     Ref<Animation> m_animation;
 
-    double m_startTime { 0 };
-    double m_pauseTime { -1 };
+    std::optional<double> m_startTime;
+    std::optional<double> m_pauseTime;
     double m_requestedStartTime { 0 };
-    double m_totalDuration { -1 };
-    double m_nextIterationDuration { -1 };
+    std::optional<double> m_totalDuration;
+    std::optional<double> m_nextIterationDuration;
 
     AnimationState m_animationState { AnimationState::New };
     bool m_isAccelerated { false };
diff -Nru webkit2gtk-2.16.1/Source/WebCore/page/animation/CompositeAnimation.cpp webkit2gtk-2.16.2/Source/WebCore/page/animation/CompositeAnimation.cpp
--- webkit2gtk-2.16.1/Source/WebCore/page/animation/CompositeAnimation.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/page/animation/CompositeAnimation.cpp	2017-05-08 13:45:46.000000000 +0000
@@ -97,7 +97,7 @@
             bool isActiveTransition = !m_suspended && (animation.duration() || animation.delay() > 0);
 
             Animation::AnimationMode mode = animation.animationMode();
-            if (mode == Animation::AnimateNone)
+            if (mode == Animation::AnimateNone || mode == Animation::AnimateUnknownProperty)
                 continue;
 
             CSSPropertyID prop = animation.property();
diff -Nru webkit2gtk-2.16.1/Source/WebCore/page/Chrome.cpp webkit2gtk-2.16.2/Source/WebCore/page/Chrome.cpp
--- webkit2gtk-2.16.1/Source/WebCore/page/Chrome.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/page/Chrome.cpp	2017-05-07 09:25:28.000000000 +0000
@@ -192,8 +192,12 @@
     Page* newPage = m_client.createWindow(frame, request, features, action);
     if (!newPage)
         return nullptr;
+
     if (auto* oldSessionStorage = m_page.sessionStorage(false))
         newPage->setSessionStorage(oldSessionStorage->copy(newPage));
+    if (auto* oldEphemeralLocalStorage = m_page.ephemeralLocalStorage(false))
+        newPage->setEphemeralLocalStorage(oldEphemeralLocalStorage->copy(newPage));
+
     return newPage;
 }
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/page/DragController.cpp webkit2gtk-2.16.2/Source/WebCore/page/DragController.cpp
--- webkit2gtk-2.16.1/Source/WebCore/page/DragController.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/page/DragController.cpp	2017-05-08 09:05:57.000000000 +0000
@@ -658,13 +658,11 @@
         state.type = DragSourceActionNone;
 #endif
 
-    for (auto* renderer = startElement->renderer(); renderer; renderer = renderer->parent()) {
-        Element* element = renderer->nonPseudoElement();
-        if (!element) {
-            // Anonymous render blocks don't correspond to actual DOM elements, so we skip over them
-            // for the purposes of finding a draggable element.
+    for (auto* element = startElement; element; element = element->parentOrShadowHostElement()) {
+        auto* renderer = element->renderer();
+        if (!renderer)
             continue;
-        }
+
         EUserDrag dragMode = renderer->style().userDrag();
         if ((m_dragSourceAction & DragSourceActionDHTML) && dragMode == DRAG_ELEMENT) {
             state.type = static_cast<DragSourceAction>(state.type | DragSourceActionDHTML);
diff -Nru webkit2gtk-2.16.1/Source/WebCore/page/EventHandler.cpp webkit2gtk-2.16.2/Source/WebCore/page/EventHandler.cpp
--- webkit2gtk-2.16.1/Source/WebCore/page/EventHandler.cpp	2017-03-13 09:59:45.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/page/EventHandler.cpp	2017-05-08 07:38:20.000000000 +0000
@@ -3093,7 +3093,20 @@
 }
 #endif
 
-bool EventHandler::keyEvent(const PlatformKeyboardEvent& initialKeyEvent)
+bool EventHandler::keyEvent(const PlatformKeyboardEvent& keyEvent)
+{
+    Document* topDocument = m_frame.document() ? &m_frame.document()->topDocument() : nullptr;
+    bool savedUserDidInteractWithPage = topDocument ? topDocument->userDidInteractWithPage() : false;
+    bool wasHandled = internalKeyEvent(keyEvent);
+
+    // If the key event was not handled, do not treat it as user interaction with the page.
+    if (topDocument && !wasHandled)
+        topDocument->setUserDidInteractWithPage(savedUserDidInteractWithPage);
+
+    return wasHandled;
+}
+
+bool EventHandler::internalKeyEvent(const PlatformKeyboardEvent& initialKeyEvent)
 {
     Ref<Frame> protectedFrame(m_frame);
     RefPtr<FrameView> protector(m_frame.view());
diff -Nru webkit2gtk-2.16.1/Source/WebCore/page/EventHandler.h webkit2gtk-2.16.2/Source/WebCore/page/EventHandler.h
--- webkit2gtk-2.16.1/Source/WebCore/page/EventHandler.h	2017-03-13 09:59:45.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/page/EventHandler.h	2017-05-08 07:38:18.000000000 +0000
@@ -347,6 +347,8 @@
 
     WEBCORE_EXPORT bool handleMouseReleaseEvent(const MouseEventWithHitTestResults&);
 
+    bool internalKeyEvent(const PlatformKeyboardEvent&);
+
     std::optional<Cursor> selectCursor(const HitTestResult&, bool shiftKey);
     void updateCursor(FrameView&, const HitTestResult&, bool shiftKey);
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/page/FrameView.cpp webkit2gtk-2.16.2/Source/WebCore/page/FrameView.cpp
--- webkit2gtk-2.16.1/Source/WebCore/page/FrameView.cpp	2017-04-03 10:13:12.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/page/FrameView.cpp	2017-05-08 14:14:02.000000000 +0000
@@ -1284,6 +1284,8 @@
 
 void FrameView::layout(bool allowSubtree)
 {
+    ASSERT_WITH_SECURITY_IMPLICATION(!frame().document()->inRenderTreeUpdate());
+
     LOG(Layout, "FrameView %p (%dx%d) layout, main frameview %d, allowSubtree=%d", this, size().width(), size().height(), frame().isMainFrame(), allowSubtree);
     if (isInRenderTreeLayout()) {
         LOG(Layout, "  in layout, bailing");
@@ -3713,6 +3715,9 @@
         setScrollbarModes(horizonalScrollbarMode, verticalScrollbarMode, true, true);
     }
 
+    // All the resizing above may have invalidated style (for example if viewport units are being used).
+    document->updateStyleIfNeeded();
+
     m_autoSizeContentSize = contentsSize();
 
     if (m_autoSizeFixedMinimumHeight) {
@@ -4402,7 +4407,7 @@
     }
 }
 
-void FrameView::paintContents(GraphicsContext& context, const IntRect& dirtyRect)
+void FrameView::paintContents(GraphicsContext& context, const IntRect& dirtyRect, SecurityOriginPaintPolicy securityOriginPaintPolicy)
 {
 #ifndef NDEBUG
     bool fillWithRed;
@@ -4456,7 +4461,7 @@
     while (is<RenderInline>(renderer) && !downcast<RenderInline>(*renderer).firstLineBox())
         renderer = renderer->parent();
 
-    rootLayer->paint(context, dirtyRect, LayoutSize(), m_paintBehavior, renderer);
+    rootLayer->paint(context, dirtyRect, LayoutSize(), m_paintBehavior, renderer, 0, securityOriginPaintPolicy == SecurityOriginPaintPolicy::AnyOrigin ? RenderLayer::SecurityOriginPaintPolicy::AnyOrigin : RenderLayer::SecurityOriginPaintPolicy::AccessibleOriginOnly);
     if (rootLayer->containsDirtyOverlayScrollbars())
         rootLayer->paintOverlayScrollbars(context, dirtyRect, m_paintBehavior, renderer);
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/page/FrameView.h webkit2gtk-2.16.2/Source/WebCore/page/FrameView.h
--- webkit2gtk-2.16.1/Source/WebCore/page/FrameView.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/page/FrameView.h	2017-05-08 14:14:02.000000000 +0000
@@ -344,7 +344,7 @@
     void addEmbeddedObjectToUpdate(RenderEmbeddedObject&);
     void removeEmbeddedObjectToUpdate(RenderEmbeddedObject&);
 
-    WEBCORE_EXPORT void paintContents(GraphicsContext&, const IntRect& dirtyRect) final;
+    WEBCORE_EXPORT void paintContents(GraphicsContext&, const IntRect& dirtyRect, SecurityOriginPaintPolicy = SecurityOriginPaintPolicy::AnyOrigin) final;
 
     struct PaintingState {
         PaintBehavior paintBehavior;
diff -Nru webkit2gtk-2.16.1/Source/WebCore/page/Page.cpp webkit2gtk-2.16.2/Source/WebCore/page/Page.cpp
--- webkit2gtk-2.16.1/Source/WebCore/page/Page.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/page/Page.cpp	2017-05-07 09:25:30.000000000 +0000
@@ -1225,6 +1225,19 @@
     m_sessionStorage = WTFMove(newStorage);
 }
 
+StorageNamespace* Page::ephemeralLocalStorage(bool optionalCreate)
+{
+    if (!m_ephemeralLocalStorage && optionalCreate)
+        m_ephemeralLocalStorage = m_storageNamespaceProvider->createEphemeralLocalStorageNamespace(*this, m_settings->sessionStorageQuota());
+
+    return m_ephemeralLocalStorage.get();
+}
+
+void Page::setEphemeralLocalStorage(RefPtr<StorageNamespace>&& newStorage)
+{
+    m_ephemeralLocalStorage = WTFMove(newStorage);
+}
+
 bool Page::hasCustomHTMLTokenizerTimeDelay() const
 {
     return m_settings->maxParseDuration() != -1;
diff -Nru webkit2gtk-2.16.1/Source/WebCore/page/Page.h webkit2gtk-2.16.2/Source/WebCore/page/Page.h
--- webkit2gtk-2.16.1/Source/WebCore/page/Page.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/page/Page.h	2017-05-07 09:25:30.000000000 +0000
@@ -404,6 +404,9 @@
     StorageNamespace* sessionStorage(bool optionalCreate = true);
     void setSessionStorage(RefPtr<StorageNamespace>&&);
 
+    StorageNamespace* ephemeralLocalStorage(bool optionalCreate = true);
+    void setEphemeralLocalStorage(RefPtr<StorageNamespace>&&);
+
     bool hasCustomHTMLTokenizerTimeDelay() const;
     double customHTMLTokenizerTimeDelay() const;
 
@@ -697,6 +700,7 @@
     bool m_canStartMedia;
 
     RefPtr<StorageNamespace> m_sessionStorage;
+    RefPtr<StorageNamespace> m_ephemeralLocalStorage;
 
 #if ENABLE(VIEW_MODE_CSS_MEDIA)
     ViewMode m_viewMode;
diff -Nru webkit2gtk-2.16.1/Source/WebCore/page/SecurityOriginData.h webkit2gtk-2.16.2/Source/WebCore/page/SecurityOriginData.h
--- webkit2gtk-2.16.1/Source/WebCore/page/SecurityOriginData.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/page/SecurityOriginData.h	2017-05-07 09:25:28.000000000 +0000
@@ -78,7 +78,7 @@
     }
     
 #if !LOG_DISABLED
-    String debugString() const;
+    WEBCORE_EXPORT String debugString() const;
 #endif
 };
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/animation/Animation.h webkit2gtk-2.16.2/Source/WebCore/platform/animation/Animation.h
--- webkit2gtk-2.16.1/Source/WebCore/platform/animation/Animation.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/animation/Animation.h	2017-05-08 13:45:44.000000000 +0000
@@ -109,7 +109,7 @@
 
     double delay() const { return m_delay; }
 
-    enum AnimationMode { AnimateAll, AnimateNone, AnimateSingleProperty };
+    enum AnimationMode { AnimateAll, AnimateNone, AnimateSingleProperty, AnimateUnknownProperty };
 
     enum AnimationDirection {
         AnimationDirectionNormal,
@@ -130,6 +130,7 @@
     Style::ScopeOrdinal nameStyleScopeOrdinal() const { return m_nameStyleScopeOrdinal; }
     EAnimPlayState playState() const { return static_cast<EAnimPlayState>(m_playState); }
     CSSPropertyID property() const { return m_property; }
+    const String& unknownProperty() const { return m_unknownProperty; }
     TimingFunction* timingFunction() const { return m_timingFunction.get(); }
     AnimationMode animationMode() const { return m_mode; }
 #if ENABLE(CSS_ANIMATIONS_LEVEL_2)
@@ -149,6 +150,7 @@
     }
     void setPlayState(EAnimPlayState d) { m_playState = d; m_playStateSet = true; }
     void setProperty(CSSPropertyID t) { m_property = t; m_propertySet = true; }
+    void setUnknownProperty(const String& property) { m_unknownProperty = property; }
     void setTimingFunction(RefPtr<TimingFunction>&& function) { m_timingFunction = WTFMove(function); m_timingFunctionSet = true; }
     void setAnimationMode(AnimationMode mode) { m_mode = mode; }
 #if ENABLE(CSS_ANIMATIONS_LEVEL_2)
@@ -176,6 +178,7 @@
     String m_name;
     Style::ScopeOrdinal m_nameStyleScopeOrdinal { Style::ScopeOrdinal::Element };
     CSSPropertyID m_property;
+    String m_unknownProperty;
     AnimationMode m_mode;
     double m_iterationCount;
     double m_delay;
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/graphics/Color.cpp webkit2gtk-2.16.2/Source/WebCore/platform/graphics/Color.cpp
--- webkit2gtk-2.16.1/Source/WebCore/platform/graphics/Color.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/graphics/Color.cpp	2017-05-06 08:51:20.000000000 +0000
@@ -49,9 +49,9 @@
 static const RGBA32 lightenedBlack = 0xFF545454;
 static const RGBA32 darkenedWhite = 0xFFABABAB;
 
-static inline unsigned premultipliedChannel(unsigned c, unsigned a)
+static inline unsigned premultipliedChannel(unsigned c, unsigned a, bool ceiling = true)
 {
-    return fastDivideBy255(c * a + 254);
+    return fastDivideBy255(ceiling ? c * a + 254 : c * a);
 }
 
 static inline unsigned unpremultipliedChannel(unsigned c, unsigned a)
@@ -69,9 +69,9 @@
     return std::max(0, std::min(a, 255)) << 24 | std::max(0, std::min(r, 255)) << 16 | std::max(0, std::min(g, 255)) << 8 | std::max(0, std::min(b, 255));
 }
 
-RGBA32 makePremultipliedRGBA(int r, int g, int b, int a)
+RGBA32 makePremultipliedRGBA(int r, int g, int b, int a, bool ceiling)
 {
-    return makeRGBA(premultipliedChannel(r, a), premultipliedChannel(g, a), premultipliedChannel(b, a), a);
+    return makeRGBA(premultipliedChannel(r, a, ceiling), premultipliedChannel(g, a, ceiling), premultipliedChannel(b, a, ceiling), a);
 }
 
 RGBA32 makeUnPremultipliedRGBA(int r, int g, int b, int a)
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/graphics/Color.h webkit2gtk-2.16.2/Source/WebCore/platform/graphics/Color.h
--- webkit2gtk-2.16.1/Source/WebCore/platform/graphics/Color.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/graphics/Color.h	2017-05-06 08:51:20.000000000 +0000
@@ -65,7 +65,7 @@
 WEBCORE_EXPORT RGBA32 makeRGB(int r, int g, int b);
 WEBCORE_EXPORT RGBA32 makeRGBA(int r, int g, int b, int a);
 
-RGBA32 makePremultipliedRGBA(int r, int g, int b, int a);
+RGBA32 makePremultipliedRGBA(int r, int g, int b, int a, bool ceiling = true);
 RGBA32 makeUnPremultipliedRGBA(int r, int g, int b, int a);
 
 WEBCORE_EXPORT RGBA32 colorWithOverrideAlpha(RGBA32 color, float overrideAlpha);
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/graphics/ComplexTextController.cpp webkit2gtk-2.16.2/Source/WebCore/platform/graphics/ComplexTextController.cpp
--- webkit2gtk-2.16.1/Source/WebCore/platform/graphics/ComplexTextController.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/graphics/ComplexTextController.cpp	2017-05-06 08:32:24.000000000 +0000
@@ -703,7 +703,6 @@
 void ComplexTextController::adjustGlyphsAndAdvances()
 {
     bool afterExpansion = (m_run.expansionBehavior() & LeadingExpansionMask) == ForbidLeadingExpansion;
-    float widthSinceLastCommit = 0;
     size_t runCount = m_complexTextRuns.size();
     bool hasExtraSpacing = (m_font.letterSpacing() || m_font.wordSpacing() || m_expansion) && !m_run.spacingDisabled();
     bool runForcesLeadingExpansion = (m_run.expansionBehavior() & LeadingExpansionMask) == ForceLeadingExpansion;
@@ -745,7 +744,7 @@
             FloatSize advance = treatAsSpace ? FloatSize(spaceWidth, advances[i].height()) : advances[i];
 
             if (ch == '\t' && m_run.allowTabs())
-                advance.setWidth(m_font.tabWidth(font, m_run.tabSize(), m_run.xPos() + m_totalWidth + widthSinceLastCommit));
+                advance.setWidth(m_font.tabWidth(font, m_run.tabSize(), m_run.xPos() + m_totalWidth));
             else if (FontCascade::treatAsZeroWidthSpace(ch) && !treatAsSpace) {
                 advance.setWidth(0);
                 glyph = font.spaceGlyph();
@@ -788,17 +787,22 @@
                     if (m_expansion) {
                         bool expandLeft, expandRight;
                         std::tie(expandLeft, expandRight) = expansionLocation(ideograph, treatAsSpace, m_run.ltr(), afterExpansion, forbidLeadingExpansion, forbidTrailingExpansion, forceLeadingExpansion, forceTrailingExpansion);
-                        m_expansion -= m_expansionPerOpportunity;
-                        advance.expand(m_expansionPerOpportunity, 0);
                         if (expandLeft) {
+                            m_expansion -= m_expansionPerOpportunity;
                             // Increase previous width
-                            if (m_adjustedBaseAdvances.isEmpty())
+                            if (m_adjustedBaseAdvances.isEmpty()) {
+                                advance.expand(m_expansionPerOpportunity, 0);
                                 complexTextRun.growInitialAdvanceHorizontally(m_expansionPerOpportunity);
-                            else
+                            } else {
                                 m_adjustedBaseAdvances.last().expand(m_expansionPerOpportunity, 0);
+                                m_totalWidth += m_expansionPerOpportunity;
+                            }
                         }
-                        if (expandRight)
+                        if (expandRight) {
+                            m_expansion -= m_expansionPerOpportunity;
+                            advance.expand(m_expansionPerOpportunity, 0);
                             afterExpansion = true;
+                        }
                     } else
                         afterExpansion = false;
 
@@ -809,7 +813,7 @@
                     afterExpansion = false;
             }
 
-            widthSinceLastCommit += advance.width();
+            m_totalWidth += advance.width();
 
             // FIXME: Combining marks should receive a text emphasis mark if they are combine with a space.
             if (m_forTextEmphasis && (!FontCascade::canReceiveTextEmphasis(ch) || (U_GET_GC_MASK(ch) & U_GC_M_MASK)))
@@ -837,8 +841,6 @@
         if (!isMonotonic)
             complexTextRun.setIsNonMonotonic();
     }
-
-    m_totalWidth += widthSinceLastCommit;
 }
 
 // Missing glyphs run constructor. Core Text will not generate a run of missing glyphs, instead falling back on
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/graphics/filters/FEGaussianBlur.cpp webkit2gtk-2.16.2/Source/WebCore/platform/graphics/filters/FEGaussianBlur.cpp
--- webkit2gtk-2.16.1/Source/WebCore/platform/graphics/filters/FEGaussianBlur.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/graphics/filters/FEGaussianBlur.cpp	2017-05-08 12:39:41.000000000 +0000
@@ -298,6 +298,16 @@
 #if USE(ACCELERATE)
 inline void accelerateBoxBlur(const Uint8ClampedArray* src, Uint8ClampedArray* dst, unsigned kernelSize, int stride, int effectWidth, int effectHeight)
 {
+    if (!src || !src->data() || !dst || !dst->data()) {
+        ASSERT_NOT_REACHED();
+        return;
+    }
+
+    if (effectWidth <= 0 || effectHeight <= 0 || stride <= 0) {
+        ASSERT_NOT_REACHED();
+        return;
+    }
+
     // We must always use an odd radius.
     if (kernelSize % 2 != 1)
         kernelSize += 1;
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/graphics/filters/FilterOperation.h webkit2gtk-2.16.2/Source/WebCore/platform/graphics/filters/FilterOperation.h
--- webkit2gtk-2.16.1/Source/WebCore/platform/graphics/filters/FilterOperation.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/graphics/filters/FilterOperation.h	2017-05-08 14:13:59.000000000 +0000
@@ -103,6 +103,8 @@
     virtual bool affectsOpacity() const { return false; }
     // True if the the value of one pixel can affect the value of another pixel under this operation, such as blur.
     virtual bool movesPixels() const { return false; }
+    // True if the filter should not be allowed to work on content that is not available from this security origin.
+    virtual bool shouldBeRestrictedBySecurityOrigin() const { return false; }
     // True if the filter needs the size of the box in order to calculate the animations.
     virtual bool blendingNeedsRendererSize() const { return false; }
 
@@ -182,6 +184,9 @@
 
     bool affectsOpacity() const override { return true; }
     bool movesPixels() const override { return true; }
+    // FIXME: This only needs to return true for graphs that include ConvolveMatrix, DisplacementMap, Morphology and possibly Lighting.
+    // https://bugs.webkit.org/show_bug.cgi?id=171753
+    bool shouldBeRestrictedBySecurityOrigin() const override { return true; }
 
     const String& url() const { return m_url; }
     const String& fragment() const { return m_fragment; }
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/graphics/filters/FilterOperations.cpp webkit2gtk-2.16.2/Source/WebCore/platform/graphics/filters/FilterOperations.cpp
--- webkit2gtk-2.16.1/Source/WebCore/platform/graphics/filters/FilterOperations.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/graphics/filters/FilterOperations.cpp	2017-05-08 14:13:59.000000000 +0000
@@ -137,6 +137,15 @@
     return false;
 }
 
+bool FilterOperations::hasFilterThatShouldBeRestrictedBySecurityOrigin() const
+{
+    for (auto& operation : m_operations) {
+        if (operation->shouldBeRestrictedBySecurityOrigin())
+            return true;
+    }
+    return false;
+}
+
 TextStream& operator<<(TextStream& ts, const FilterOperations& filters)
 {
     for (size_t i = 0; i < filters.size(); ++i) {
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/graphics/filters/FilterOperations.h webkit2gtk-2.16.2/Source/WebCore/platform/graphics/filters/FilterOperations.h
--- webkit2gtk-2.16.1/Source/WebCore/platform/graphics/filters/FilterOperations.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/graphics/filters/FilterOperations.h	2017-05-08 14:13:59.000000000 +0000
@@ -56,6 +56,7 @@
 
     bool hasFilterThatAffectsOpacity() const;
     bool hasFilterThatMovesPixels() const;
+    bool hasFilterThatShouldBeRestrictedBySecurityOrigin() const;
 
     bool hasReferenceFilter() const;
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/graphics/GeometryUtilities.cpp webkit2gtk-2.16.2/Source/WebCore/platform/graphics/GeometryUtilities.cpp
--- webkit2gtk-2.16.1/Source/WebCore/platform/graphics/GeometryUtilities.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/graphics/GeometryUtilities.cpp	2017-05-08 09:12:11.000000000 +0000
@@ -146,4 +146,18 @@
     return destRect;
 }
 
+bool ellipseContainsPoint(const FloatPoint& center, const FloatSize& radii, const FloatPoint& point)
+{
+    FloatPoint transformedPoint(point);
+    transformedPoint.move(-center.x(), -center.y());
+    transformedPoint.scale(radii.height(), radii.width());
+    float radius = radii.width() * radii.height();
+
+    if (transformedPoint.x() > radius || transformedPoint.y() > radius)
+        return false;
+    if (transformedPoint.x() + transformedPoint.y() <= radius)
+        return true;
+    return (transformedPoint.lengthSquared() <= radius * radius);
+}
+
 }
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/graphics/GeometryUtilities.h webkit2gtk-2.16.2/Source/WebCore/platform/graphics/GeometryUtilities.h
--- webkit2gtk-2.16.1/Source/WebCore/platform/graphics/GeometryUtilities.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/graphics/GeometryUtilities.h	2017-05-08 09:12:11.000000000 +0000
@@ -23,8 +23,7 @@
  * THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef GeometryUtilities_h
-#define GeometryUtilities_h
+#pragma once
 
 #include "FloatRect.h"
 #include "IntRect.h"
@@ -51,6 +50,5 @@
 // Compute a rect that encloses all points covered by the given rect if it were rotated a full turn around (0,0).
 FloatRect boundsOfRotatingRect(const FloatRect&);
 
+bool ellipseContainsPoint(const FloatPoint& center, const FloatSize& radii, const FloatPoint&);
 }
-
-#endif // GeometryUtilities_h
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp webkit2gtk-2.16.2/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp
--- webkit2gtk-2.16.1/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp	2017-03-13 10:40:33.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp	2017-05-08 13:58:40.000000000 +0000
@@ -937,9 +937,7 @@
     GST_DEBUG("Message %s received from element %s", GST_MESSAGE_TYPE_NAME(message), GST_MESSAGE_SRC_NAME(message));
     switch (GST_MESSAGE_TYPE(message)) {
     case GST_MESSAGE_ERROR:
-        if (m_resetPipeline)
-            break;
-        if (m_missingPluginsCallback)
+        if (m_resetPipeline || m_missingPluginsCallback || m_errorOccured)
             break;
         gst_message_parse_error(message, &err.outPtr(), &debug.outPtr());
         GST_ERROR("Error %d: %s (url=%s)", err->code, err->message, m_url.string().utf8().data());
@@ -947,20 +945,19 @@
         GST_DEBUG_BIN_TO_DOT_FILE_WITH_TS(GST_BIN(m_pipeline.get()), GST_DEBUG_GRAPH_SHOW_ALL, "webkit-video.error");
 
         error = MediaPlayer::Empty;
-        if (err->code == GST_STREAM_ERROR_CODEC_NOT_FOUND
-            || err->code == GST_STREAM_ERROR_WRONG_TYPE
-            || err->code == GST_STREAM_ERROR_FAILED
-            || err->code == GST_CORE_ERROR_MISSING_PLUGIN
-            || err->code == GST_RESOURCE_ERROR_NOT_FOUND)
+        if (g_error_matches(err.get(), GST_STREAM_ERROR, GST_STREAM_ERROR_CODEC_NOT_FOUND)
+            || g_error_matches(err.get(), GST_STREAM_ERROR, GST_STREAM_ERROR_WRONG_TYPE)
+            || g_error_matches(err.get(), GST_STREAM_ERROR, GST_STREAM_ERROR_FAILED)
+            || g_error_matches(err.get(), GST_CORE_ERROR, GST_CORE_ERROR_MISSING_PLUGIN)
+            || g_error_matches(err.get(), GST_RESOURCE_ERROR, GST_RESOURCE_ERROR_NOT_FOUND))
             error = MediaPlayer::FormatError;
-        else if (err->domain == GST_STREAM_ERROR) {
+        else if (g_error_matches(err.get(), GST_STREAM_ERROR, GST_STREAM_ERROR_TYPE_NOT_FOUND)) {
             // Let the mediaPlayerClient handle the stream error, in
             // this case the HTMLMediaElement will emit a stalled
             // event.
-            if (err->code == GST_STREAM_ERROR_TYPE_NOT_FOUND) {
-                GST_ERROR("Decode error, let the Media element emit a stalled event.");
-                break;
-            }
+            GST_ERROR("Decode error, let the Media element emit a stalled event.");
+            break;
+        } else if (err->domain == GST_STREAM_ERROR) {
             error = MediaPlayer::DecodeError;
             attemptNextLocation = true;
         } else if (err->domain == GST_RESOURCE_ERROR)
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp webkit2gtk-2.16.2/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp
--- webkit2gtk-2.16.1/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp	2017-03-13 10:40:34.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp	2017-05-08 13:03:01.000000000 +0000
@@ -53,70 +53,78 @@
 using namespace WebCore;
 
 class StreamingClient {
-    public:
-        StreamingClient(WebKitWebSrc*);
-        virtual ~StreamingClient();
-
-    protected:
-        char* createReadBuffer(size_t requestedSize, size_t& actualSize);
-        void handleResponseReceived(const ResourceResponse&);
-        void handleDataReceived(const char*, int);
-        void handleNotifyFinished();
+public:
+    StreamingClient(WebKitWebSrc*, ResourceRequest&&);
+    virtual ~StreamingClient();
+
+protected:
+    char* createReadBuffer(size_t requestedSize, size_t& actualSize);
+    void handleResponseReceived(const ResourceResponse&);
+    void handleDataReceived(const char*, int);
+    void handleNotifyFinished();
 
-        GstElement* m_src;
+    GRefPtr<GstElement> m_src;
+    ResourceRequest m_request;
 };
 
 class CachedResourceStreamingClient final : public PlatformMediaResourceClient, public StreamingClient {
     WTF_MAKE_NONCOPYABLE(CachedResourceStreamingClient);
-    public:
-        CachedResourceStreamingClient(WebKitWebSrc*);
-        virtual ~CachedResourceStreamingClient();
+public:
+    CachedResourceStreamingClient(WebKitWebSrc*, ResourceRequest&&);
+    virtual ~CachedResourceStreamingClient();
 
-    private:
-        // PlatformMediaResourceClient virtual methods.
+private:
+    // PlatformMediaResourceClient virtual methods.
 #if USE(SOUP)
-        char* getOrCreateReadBuffer(PlatformMediaResource&, size_t requestedSize, size_t& actualSize) override;
+    char* getOrCreateReadBuffer(PlatformMediaResource&, size_t requestedSize, size_t& actualSize) override;
 #endif
-        void responseReceived(PlatformMediaResource&, const ResourceResponse&) override;
-        void dataReceived(PlatformMediaResource&, const char*, int) override;
-        void accessControlCheckFailed(PlatformMediaResource&, const ResourceError&) override;
-        void loadFailed(PlatformMediaResource&, const ResourceError&) override;
-        void loadFinished(PlatformMediaResource&) override;
+    void responseReceived(PlatformMediaResource&, const ResourceResponse&) override;
+    void dataReceived(PlatformMediaResource&, const char*, int) override;
+    void accessControlCheckFailed(PlatformMediaResource&, const ResourceError&) override;
+    void loadFailed(PlatformMediaResource&, const ResourceError&) override;
+    void loadFinished(PlatformMediaResource&) override;
 };
 
-class ResourceHandleStreamingClient : public ResourceHandleClient, public StreamingClient {
-    WTF_MAKE_NONCOPYABLE(ResourceHandleStreamingClient); WTF_MAKE_FAST_ALLOCATED;
-    public:
-        ResourceHandleStreamingClient(WebKitWebSrc*, ResourceRequest&&);
-        virtual ~ResourceHandleStreamingClient();
-
-        // StreamingClient virtual methods.
-        bool loadFailed() const;
-        void setDefersLoading(bool);
+class ResourceHandleStreamingClient : public ThreadSafeRefCounted<ResourceHandleStreamingClient>, public ResourceHandleClient, public StreamingClient {
+public:
+    static Ref<ResourceHandleStreamingClient> create(WebKitWebSrc* src, ResourceRequest&& request)
+    {
+        return adoptRef(*new ResourceHandleStreamingClient(src, WTFMove(request)));
+    }
+    virtual ~ResourceHandleStreamingClient();
+
+    void invalidate();
+
+    // StreamingClient virtual methods.
+    bool loadFailed() const;
+    void setDefersLoading(bool);
 
-    private:
-        // ResourceHandleClient virtual methods.
+private:
+    ResourceHandleStreamingClient(WebKitWebSrc*, ResourceRequest&&);
+    void cleanupAndStopRunLoop();
+
+    // ResourceHandleClient virtual methods.
 #if USE(SOUP)
-        char* getOrCreateReadBuffer(size_t requestedSize, size_t& actualSize) override;
+    char* getOrCreateReadBuffer(size_t requestedSize, size_t& actualSize) override;
 #endif
-        ResourceRequest willSendRequest(ResourceHandle*, ResourceRequest&&, ResourceResponse&&) override;
-        void didReceiveResponse(ResourceHandle*, ResourceResponse&&) override;
-        void didReceiveData(ResourceHandle*, const char*, unsigned, int) override;
-        void didReceiveBuffer(ResourceHandle*, Ref<SharedBuffer>&&, int encodedLength) override;
-        void didFinishLoading(ResourceHandle*, double /*finishTime*/) override;
-        void didFail(ResourceHandle*, const ResourceError&) override;
-        void wasBlocked(ResourceHandle*) override;
-        void cannotShowURL(ResourceHandle*) override;
-
-        ThreadIdentifier m_thread { 0 };
-        Lock m_initializeRunLoopConditionMutex;
-        Condition m_initializeRunLoopCondition;
-        RunLoop* m_runLoop { nullptr };
-        Lock m_terminateRunLoopConditionMutex;
-        Condition m_terminateRunLoopCondition;
-        RefPtr<ResourceHandle> m_resource;
+    ResourceRequest willSendRequest(ResourceHandle*, ResourceRequest&&, ResourceResponse&&) override;
+    void didReceiveResponse(ResourceHandle*, ResourceResponse&&) override;
+    void didReceiveData(ResourceHandle*, const char*, unsigned, int) override;
+    void didReceiveBuffer(ResourceHandle*, Ref<SharedBuffer>&&, int encodedLength) override;
+    void didFinishLoading(ResourceHandle*, double) override;
+    void didFail(ResourceHandle*, const ResourceError&) override;
+    void wasBlocked(ResourceHandle*) override;
+    void cannotShowURL(ResourceHandle*) override;
+
+    ThreadIdentifier m_thread { 0 };
+    Lock m_initializeRunLoopConditionMutex;
+    Condition m_initializeRunLoopCondition;
+    RunLoop* m_runLoop { nullptr };
+    Lock m_terminateRunLoopConditionMutex;
+    Condition m_terminateRunLoopCondition;
+    RefPtr<ResourceHandle> m_resource;
 #if USE(SOUP)
-        std::unique_ptr<SoupNetworkSession> m_session;
+    std::unique_ptr<SoupNetworkSession> m_session;
 #endif
 };
 
@@ -133,7 +141,7 @@
     GstAppSrc* appsrc;
     GstPad* srcpad;
     CString originalURI;
-    CString resolvedURI;
+    CString redirectedURI;
     bool keepAlive;
     GUniquePtr<GstStructure> extraHeaders;
     bool compress;
@@ -143,7 +151,7 @@
 
     RefPtr<PlatformMediaResourceLoader> loader;
     RefPtr<PlatformMediaResource> resource;
-    std::unique_ptr<ResourceHandleStreamingClient> client;
+    RefPtr<ResourceHandleStreamingClient> client;
 
     bool didPassAccessControlCheck;
 
@@ -310,6 +318,8 @@
     // This might need tweaking for ports not using libsoup.
     g_object_set(priv->appsrc, "min-percent", 20, nullptr);
 
+    gst_base_src_set_automatic_eos(GST_BASE_SRC(priv->appsrc), FALSE);
+
     gst_app_src_set_caps(priv->appsrc, nullptr);
     gst_app_src_set_size(priv->appsrc, -1);
 }
@@ -372,7 +382,7 @@
         g_value_set_string(value, priv->originalURI.data());
         break;
     case PROP_RESOLVED_LOCATION:
-        g_value_set_string(value, priv->resolvedURI.data());
+        g_value_set_string(value, priv->redirectedURI.isNull() ? priv->originalURI.data() : priv->redirectedURI.data());
         break;
     case PROP_KEEP_ALIVE:
         g_value_set_boolean(value, priv->keepAlive);
@@ -414,12 +424,15 @@
         });
     }
 
+    if (priv->client) {
+        priv->client->invalidate();
+        priv->client = nullptr;
+    }
+
     WTF::GMutexLocker<GMutex> locker(*GST_OBJECT_GET_LOCK(src));
 
     bool wasSeeking = std::exchange(priv->isSeeking, false);
 
-    priv->client = nullptr;
-
     if (priv->buffer) {
         unmapGstBuffer(priv->buffer.get());
         priv->buffer.clear();
@@ -567,10 +580,9 @@
     request.setHTTPHeaderField(HTTPHeaderName::IcyMetadata, "1");
 
     if (!priv->player || !priv->createdInMainThread) {
-        priv->client = std::make_unique<ResourceHandleStreamingClient>(src, WTFMove(request));
+        priv->client = ResourceHandleStreamingClient::create(src, WTFMove(request));
         if (priv->client->loadFailed()) {
             GST_ERROR_OBJECT(src, "Failed to setup streaming client");
-            priv->client = nullptr;
             locker.unlock();
             webKitWebSrcStop(src);
         } else
@@ -590,10 +602,9 @@
         PlatformMediaResourceLoader::LoadOptions loadOptions = 0;
         if (request.url().protocolIsBlob())
             loadOptions |= PlatformMediaResourceLoader::LoadOption::BufferData;
-        // FIXME: request should be moved for efficiency
         priv->resource = priv->loader->requestResource(ResourceRequest(request), loadOptions);
         if (priv->resource) {
-            priv->resource->setClient(std::make_unique<CachedResourceStreamingClient>(protector.get()));
+            priv->resource->setClient(std::make_unique<CachedResourceStreamingClient>(protector.get(), ResourceRequest(request)));
             GST_DEBUG_OBJECT(protector.get(), "Started request");
         } else {
             GST_ERROR_OBJECT(protector.get(), "Failed to setup streaming client");
@@ -671,6 +682,8 @@
     case GST_QUERY_URI: {
         WTF::GMutexLocker<GMutex> locker(*GST_OBJECT_GET_LOCK(src));
         gst_query_set_uri(query, src->priv->originalURI.data());
+        if (!src->priv->redirectedURI.isNull())
+            gst_query_set_uri_redirection(query, src->priv->redirectedURI.data());
         result = TRUE;
         break;
     }
@@ -736,6 +749,7 @@
 
     WTF::GMutexLocker<GMutex> locker(*GST_OBJECT_GET_LOCK(src));
 
+    priv->redirectedURI = CString();
     priv->originalURI = CString();
     if (!uri)
         return TRUE;
@@ -854,19 +868,19 @@
     return src->priv->didPassAccessControlCheck;
 }
 
-StreamingClient::StreamingClient(WebKitWebSrc* src)
-    : m_src(static_cast<GstElement*>(gst_object_ref(src)))
+StreamingClient::StreamingClient(WebKitWebSrc* src, ResourceRequest&& request)
+    : m_src(GST_ELEMENT(src))
+    , m_request(WTFMove(request))
 {
 }
 
 StreamingClient::~StreamingClient()
 {
-    gst_object_unref(m_src);
 }
 
 char* StreamingClient::createReadBuffer(size_t requestedSize, size_t& actualSize)
 {
-    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src);
+    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src.get());
     WebKitWebSrcPrivate* priv = src->priv;
 
     ASSERT(!priv->buffer);
@@ -885,12 +899,14 @@
 
 void StreamingClient::handleResponseReceived(const ResourceResponse& response)
 {
-    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src);
+    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src.get());
     WebKitWebSrcPrivate* priv = src->priv;
 
     GST_DEBUG_OBJECT(src, "Received response: %d", response.httpStatusCode());
 
-    priv->resolvedURI = response.url().string().utf8();
+    auto responseURI = response.url().string().utf8();
+    if (priv->originalURI != responseURI)
+        priv->redirectedURI = WTFMove(responseURI);
 
     if (response.httpStatusCode() >= 400) {
         GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Received %d HTTP error code", response.httpStatusCode()), (nullptr));
@@ -937,11 +953,26 @@
         gst_app_src_set_size(priv->appsrc, -1);
 
     gst_app_src_set_caps(priv->appsrc, nullptr);
+
+    // Emit a GST_EVENT_CUSTOM_DOWNSTREAM_STICKY event to let GStreamer know about the HTTP headers sent and received.
+    GstStructure* httpHeaders = gst_structure_new_empty("http-headers");
+    gst_structure_set(httpHeaders, "uri", G_TYPE_STRING, priv->originalURI.data(), nullptr);
+    if (!priv->redirectedURI.isNull())
+        gst_structure_set(httpHeaders, "redirection-uri", G_TYPE_STRING, priv->redirectedURI.data(), nullptr);
+    GUniquePtr<GstStructure> headers(gst_structure_new_empty("request-headers"));
+    for (const auto& header : m_request.httpHeaderFields())
+        gst_structure_set(headers.get(), header.key.utf8().data(), G_TYPE_STRING, header.value.utf8().data(), nullptr);
+    gst_structure_set(httpHeaders, "request-headers", GST_TYPE_STRUCTURE, headers.get(), nullptr);
+    headers.reset(gst_structure_new_empty("response-headers"));
+    for (const auto& header : response.httpHeaderFields())
+        gst_structure_set(headers.get(), header.key.utf8().data(), G_TYPE_STRING, header.value.utf8().data(), nullptr);
+    gst_structure_set(httpHeaders, "response-headers", GST_TYPE_STRUCTURE, headers.get(), nullptr);
+    gst_pad_push_event(GST_BASE_SRC_PAD(priv->appsrc), gst_event_new_custom(GST_EVENT_CUSTOM_DOWNSTREAM_STICKY, httpHeaders));
 }
 
 void StreamingClient::handleDataReceived(const char* data, int length)
 {
-    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src);
+    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src.get());
     WebKitWebSrcPrivate* priv = src->priv;
 
     WTF::GMutexLocker<GMutex> locker(*GST_OBJECT_GET_LOCK(src));
@@ -1008,7 +1039,7 @@
 
 void StreamingClient::handleNotifyFinished()
 {
-    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src);
+    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src.get());
     WebKitWebSrcPrivate* priv = src->priv;
 
     GST_DEBUG_OBJECT(src, "Have EOS");
@@ -1020,8 +1051,8 @@
     }
 }
 
-CachedResourceStreamingClient::CachedResourceStreamingClient(WebKitWebSrc* src)
-    : StreamingClient(src)
+CachedResourceStreamingClient::CachedResourceStreamingClient(WebKitWebSrc* src, ResourceRequest&& request)
+    : StreamingClient(src, WTFMove(request))
 {
 }
 
@@ -1038,7 +1069,7 @@
 
 void CachedResourceStreamingClient::responseReceived(PlatformMediaResource&, const ResourceResponse& response)
 {
-    WebKitWebSrcPrivate* priv = WEBKIT_WEB_SRC(m_src)->priv;
+    WebKitWebSrcPrivate* priv = WEBKIT_WEB_SRC(m_src.get())->priv;
     priv->didPassAccessControlCheck = priv->resource->didPassAccessControlCheck();
     handleResponseReceived(response);
 }
@@ -1050,7 +1081,7 @@
 
 void CachedResourceStreamingClient::accessControlCheckFailed(PlatformMediaResource&, const ResourceError& error)
 {
-    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src);
+    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src.get());
     GST_ELEMENT_ERROR(src, RESOURCE, READ, ("%s", error.localizedDescription().utf8().data()), (nullptr));
     gst_app_src_end_of_stream(src->priv->appsrc);
     webKitWebSrcStop(src);
@@ -1058,7 +1089,7 @@
 
 void CachedResourceStreamingClient::loadFailed(PlatformMediaResource&, const ResourceError& error)
 {
-    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src);
+    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src.get());
 
     if (!error.isCancellation()) {
         GST_ERROR_OBJECT(src, "Have failure: %s", error.localizedDescription().utf8().data());
@@ -1074,19 +1105,19 @@
 }
 
 ResourceHandleStreamingClient::ResourceHandleStreamingClient(WebKitWebSrc* src, ResourceRequest&& request)
-    : StreamingClient(src)
+    : StreamingClient(src, WTFMove(request))
 {
     LockHolder locker(m_initializeRunLoopConditionMutex);
-    m_thread = createThread("ResourceHandleStreamingClient", [this, request = WTFMove(request)] {
+    m_thread = createThread("ResourceHandleStreamingClient", [this] {
         {
             LockHolder locker(m_initializeRunLoopConditionMutex);
             m_runLoop = &RunLoop::current();
 #if USE(SOUP)
             m_session = std::make_unique<SoupNetworkSession>();
-            m_resource = ResourceHandle::create(*m_session, request, this, true, false);
+            m_resource = ResourceHandle::create(*m_session, m_request, this, true, false);
 #else
             // FIXME: This create will hit an assert in debug builds. See https://bugs.webkit.org/show_bug.cgi?id=167003.
-            m_resource = ResourceHandle::create(nullptr /*context*/, request, this, true, false);
+            m_resource = ResourceHandle::create(nullptr, m_request, this, true, false);
 #endif
             m_initializeRunLoopCondition.notifyOne();
         }
@@ -1095,17 +1126,6 @@
 
         m_runLoop->dispatch([this] { m_resource->setDefersLoading(false); });
         m_runLoop->run();
-        {
-            LockHolder locker(m_terminateRunLoopConditionMutex);
-            m_runLoop = nullptr;
-            m_resource->clearClient();
-            m_resource->cancel();
-            m_resource = nullptr;
-#if USE(SOUP)
-            m_session = nullptr;
-#endif
-            m_terminateRunLoopCondition.notifyOne();
-        }
     });
     m_initializeRunLoopCondition.wait(m_initializeRunLoopConditionMutex);
 }
@@ -1116,14 +1136,33 @@
         detachThread(m_thread);
         m_thread = 0;
     }
+}
+
+void ResourceHandleStreamingClient::cleanupAndStopRunLoop()
+{
+    m_resource->clearClient();
+    m_resource->cancel();
+    m_resource = nullptr;
+#if USE(SOUP)
+    m_session = nullptr;
+#endif
+    m_runLoop->stop();
+}
+
+void ResourceHandleStreamingClient::invalidate()
+{
+    if (m_runLoop == &RunLoop::current()) {
+        cleanupAndStopRunLoop();
+        return;
+    }
 
-    if (m_runLoop == &RunLoop::current())
-        m_runLoop->stop();
-    else {
+    LockHolder locker(m_terminateRunLoopConditionMutex);
+    m_runLoop->dispatch([this, protectedThis = makeRef(*this)] {
+        cleanupAndStopRunLoop();
         LockHolder locker(m_terminateRunLoopConditionMutex);
-        m_runLoop->stop();
-        m_terminateRunLoopCondition.wait(m_terminateRunLoopConditionMutex);
-    }
+        m_terminateRunLoopCondition.notifyOne();
+    });
+    m_terminateRunLoopCondition.wait(m_terminateRunLoopConditionMutex);
 }
 
 bool ResourceHandleStreamingClient::loadFailed() const
@@ -1133,7 +1172,7 @@
 
 void ResourceHandleStreamingClient::setDefersLoading(bool defers)
 {
-    m_runLoop->dispatch([this, defers] {
+    m_runLoop->dispatch([this, protectedThis = makeRef(*this), defers] {
         if (m_resource)
             m_resource->setDefersLoading(defers);
     });
@@ -1153,7 +1192,8 @@
 
 void ResourceHandleStreamingClient::didReceiveResponse(ResourceHandle*, ResourceResponse&& response)
 {
-    handleResponseReceived(response);
+    if (m_resource)
+        handleResponseReceived(response);
 }
 
 void ResourceHandleStreamingClient::didReceiveData(ResourceHandle*, const char* /* data */, unsigned /* length */, int)
@@ -1163,6 +1203,9 @@
 
 void ResourceHandleStreamingClient::didReceiveBuffer(ResourceHandle*, Ref<SharedBuffer>&& buffer, int /* encodedLength */)
 {
+    if (!m_resource)
+        return;
+
     // This pattern is suggested by SharedBuffer.h.
     const char* segment;
     unsigned position = 0;
@@ -1174,12 +1217,13 @@
 
 void ResourceHandleStreamingClient::didFinishLoading(ResourceHandle*, double)
 {
-    handleNotifyFinished();
+    if (m_resource)
+        handleNotifyFinished();
 }
 
 void ResourceHandleStreamingClient::didFail(ResourceHandle*, const ResourceError& error)
 {
-    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src);
+    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src.get());
 
     GST_ERROR_OBJECT(src, "Have failure: %s", error.localizedDescription().utf8().data());
     GST_ELEMENT_ERROR(src, RESOURCE, FAILED, ("%s", error.localizedDescription().utf8().data()), (nullptr));
@@ -1188,7 +1232,7 @@
 
 void ResourceHandleStreamingClient::wasBlocked(ResourceHandle*)
 {
-    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src);
+    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src.get());
     GUniquePtr<gchar> uri;
 
     GST_ERROR_OBJECT(src, "Request was blocked");
@@ -1202,7 +1246,7 @@
 
 void ResourceHandleStreamingClient::cannotShowURL(ResourceHandle*)
 {
-    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src);
+    WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src.get());
     GUniquePtr<gchar> uri;
 
     GST_ERROR_OBJECT(src, "Cannot show URL");
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/graphics/ImageBackingStore.h webkit2gtk-2.16.2/Source/WebCore/platform/graphics/ImageBackingStore.h
--- webkit2gtk-2.16.1/Source/WebCore/platform/graphics/ImageBackingStore.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/graphics/ImageBackingStore.h	2017-05-06 08:51:20.000000000 +0000
@@ -151,7 +151,7 @@
         }
 
         if (!m_premultiplyAlpha)
-            *dest = makePremultipliedRGBA(redChannel(*dest), greenChannel(*dest), blueChannel(*dest), alphaChannel(*dest));
+            *dest = makePremultipliedRGBA(redChannel(*dest), greenChannel(*dest), blueChannel(*dest), alphaChannel(*dest), false);
 
         unsigned d = 255 - a;
 
@@ -207,7 +207,7 @@
             return 0;
 
         if (m_premultiplyAlpha && a < 255)
-            return makePremultipliedRGBA(r, g, b, a);
+            return makePremultipliedRGBA(r, g, b, a, false);
 
         return makeRGBA(r, g, b, a);
     }
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/graphics/RoundedRect.cpp webkit2gtk-2.16.2/Source/WebCore/platform/graphics/RoundedRect.cpp
--- webkit2gtk-2.16.1/Source/WebCore/platform/graphics/RoundedRect.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/graphics/RoundedRect.cpp	2017-05-08 09:12:11.000000000 +0000
@@ -29,6 +29,7 @@
 #include "RoundedRect.h"
 
 #include "FloatRoundedRect.h"
+#include "GeometryUtilities.h"
 #include "LayoutRect.h"
 #include "LayoutUnit.h"
 
@@ -232,6 +233,50 @@
                 return false;
         }
     }
+
+    return true;
+}
+
+bool RoundedRect::contains(const LayoutRect& otherRect) const
+{
+    if (!rect().contains(otherRect))
+        return false;
+
+    const LayoutSize& topLeft = m_radii.topLeft();
+    if (!topLeft.isEmpty()) {
+        FloatPoint center = { m_rect.x() + topLeft.width(), m_rect.y() + topLeft.height() };
+        if (otherRect.x() <= center.x() && otherRect.y() <= center.y()) {
+            if (!ellipseContainsPoint(center, topLeft, otherRect.location()))
+                return false;
+        }
+    }
+
+    const LayoutSize& topRight = m_radii.topRight();
+    if (!topRight.isEmpty()) {
+        FloatPoint center = { m_rect.maxX() - topRight.width(), m_rect.y() + topRight.height() };
+        if (otherRect.maxX() >= center.x() && otherRect.y() <= center.y()) {
+            if (!ellipseContainsPoint(center, topRight, otherRect.location()))
+                return false;
+        }
+    }
+
+    const LayoutSize& bottomLeft = m_radii.bottomLeft();
+    if (!bottomLeft.isEmpty()) {
+        FloatPoint center = { m_rect.x() + bottomLeft.width(), m_rect.maxY() - bottomLeft.height() };
+        if (otherRect.maxX() >= center.x() && otherRect.maxY() >= center.y()) {
+            if (!ellipseContainsPoint(center, bottomLeft, otherRect.location()))
+                return false;
+        }
+    }
+
+    const LayoutSize& bottomRight = m_radii.bottomRight();
+    if (!bottomRight.isEmpty()) {
+        FloatPoint center = { m_rect.maxX() - bottomRight.width(), m_rect.maxY() - bottomRight.height() };
+        if (otherRect.x() <= center.x() && otherRect.maxY() >= center.y()) {
+            if (!ellipseContainsPoint(center, bottomRight, otherRect.location()))
+                return false;
+        }
+    }
 
     return true;
 }
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/graphics/RoundedRect.h webkit2gtk-2.16.2/Source/WebCore/platform/graphics/RoundedRect.h
--- webkit2gtk-2.16.1/Source/WebCore/platform/graphics/RoundedRect.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/graphics/RoundedRect.h	2017-05-08 09:12:11.000000000 +0000
@@ -106,6 +106,7 @@
     // Tests whether the quad intersects any part of this rounded rectangle.
     // This only works for convex quads.
     bool intersectsQuad(const FloatQuad&) const;
+    bool contains(const LayoutRect&) const;
 
     FloatRoundedRect pixelSnappedRoundedRectForPainting(float deviceScaleFactor) const;
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/graphics/texmap/TextureMapperGC3DPlatformLayer.cpp webkit2gtk-2.16.2/Source/WebCore/platform/graphics/texmap/TextureMapperGC3DPlatformLayer.cpp
--- webkit2gtk-2.16.1/Source/WebCore/platform/graphics/texmap/TextureMapperGC3DPlatformLayer.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/graphics/texmap/TextureMapperGC3DPlatformLayer.cpp	2017-05-09 07:46:11.000000000 +0000
@@ -20,7 +20,7 @@
 #include "config.h"
 #include "TextureMapperGC3DPlatformLayer.h"
 
-#if USE(TEXTURE_MAPPER)
+#if ENABLE(GRAPHICS_CONTEXT_3D) && USE(TEXTURE_MAPPER)
 
 #if USE(OPENGL_ES_2)
 #include <GLES2/gl2.h>
@@ -128,4 +128,4 @@
 
 } // namespace WebCore
 
-#endif // USE(TEXTURE_MAPPER)
+#endif // ENABLE(GRAPHICS_CONTEXT_3D) && USE(TEXTURE_MAPPER)
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/graphics/texmap/TextureMapperGC3DPlatformLayer.h webkit2gtk-2.16.2/Source/WebCore/platform/graphics/texmap/TextureMapperGC3DPlatformLayer.h
--- webkit2gtk-2.16.1/Source/WebCore/platform/graphics/texmap/TextureMapperGC3DPlatformLayer.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/graphics/texmap/TextureMapperGC3DPlatformLayer.h	2017-05-09 07:46:08.000000000 +0000
@@ -19,7 +19,7 @@
 
 #pragma once
 
-#if USE(TEXTURE_MAPPER)
+#if ENABLE(GRAPHICS_CONTEXT_3D) && USE(TEXTURE_MAPPER)
 
 #include "GraphicsContext3D.h"
 #include "PlatformLayer.h"
@@ -61,4 +61,4 @@
 
 } // namespace WebCore
 
-#endif // USE(TEXTURE_MAPPER)
+#endif // ENABLE(GRAPHICS_CONTEXT_3D) && USE(TEXTURE_MAPPER)
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/graphics/texmap/TextureMapperPlatformLayerBuffer.h webkit2gtk-2.16.2/Source/WebCore/platform/graphics/texmap/TextureMapperPlatformLayerBuffer.h
--- webkit2gtk-2.16.1/Source/WebCore/platform/graphics/texmap/TextureMapperPlatformLayerBuffer.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/graphics/texmap/TextureMapperPlatformLayerBuffer.h	2017-05-09 07:46:08.000000000 +0000
@@ -23,14 +23,15 @@
  * THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef TextureMapperPlatformLayerBuffer_h
-#define TextureMapperPlatformLayerBuffer_h
+#pragma once
 
 #include "BitmapTextureGL.h"
 #include "GraphicsTypes3D.h"
 #include "TextureMapperPlatformLayer.h"
 #include <wtf/CurrentTime.h>
 
+#if USE(COORDINATED_GRAPHICS_THREADED)
+
 namespace WebCore {
 
 class TextureMapperPlatformLayerBuffer : public TextureMapperPlatformLayer {
@@ -76,4 +77,4 @@
 
 } // namespace WebCore
 
-#endif // TextureMapperPlatformLayerBuffer_h
+#endif // COORDINATED_GRAPHICS_THREADED
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/gtk/WidgetGtk.cpp webkit2gtk-2.16.2/Source/WebCore/platform/gtk/WidgetGtk.cpp
--- webkit2gtk-2.16.1/Source/WebCore/platform/gtk/WidgetGtk.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/gtk/WidgetGtk.cpp	2017-05-08 14:22:46.000000000 +0000
@@ -80,7 +80,7 @@
         gtk_widget_hide(platformWidget());
 }
 
-void Widget::paint(GraphicsContext&, const IntRect&)
+void Widget::paint(GraphicsContext&, const IntRect&, SecurityOriginPaintPolicy)
 {
 }
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/image-decoders/png/PNGImageDecoder.cpp webkit2gtk-2.16.2/Source/WebCore/platform/image-decoders/png/PNGImageDecoder.cpp
--- webkit2gtk-2.16.1/Source/WebCore/platform/image-decoders/png/PNGImageDecoder.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/image-decoders/png/PNGImageDecoder.cpp	2017-05-08 07:32:25.000000000 +0000
@@ -227,6 +227,18 @@
 {
 }
 
+#if ENABLE(APNG)
+RepetitionCount PNGImageDecoder::repetitionCount() const
+{
+    // APNG format uses 0 to indicate that an animation must play indefinitely. But
+    // the RepetitionCount enumeration uses RepetitionCountInfinite, so we need to adapt this.
+    if (!m_playCount)
+        return RepetitionCountInfinite;
+
+    return m_playCount;
+}
+#endif
+
 bool PNGImageDecoder::isSizeAvailable()
 {
     if (!ImageDecoder::isSizeAvailable())
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/image-decoders/png/PNGImageDecoder.h webkit2gtk-2.16.2/Source/WebCore/platform/image-decoders/png/PNGImageDecoder.h
--- webkit2gtk-2.16.1/Source/WebCore/platform/image-decoders/png/PNGImageDecoder.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/image-decoders/png/PNGImageDecoder.h	2017-05-08 07:32:25.000000000 +0000
@@ -44,7 +44,7 @@
         String filenameExtension() const override { return "png"; }
 #if ENABLE(APNG)
         size_t frameCount() const override { return m_frameCount; }
-        RepetitionCount repetitionCount() const override { return m_playCount-1; }
+        RepetitionCount repetitionCount() const override;
 #endif
         bool isSizeAvailable() override;
         bool setSize(const IntSize&) override;
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/network/ResourceResponseBase.cpp webkit2gtk-2.16.2/Source/WebCore/platform/network/ResourceResponseBase.cpp
--- webkit2gtk-2.16.1/Source/WebCore/platform/network/ResourceResponseBase.cpp	2017-02-28 09:31:30.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/network/ResourceResponseBase.cpp	2017-05-08 10:31:38.000000000 +0000
@@ -545,6 +545,21 @@
     return equalLettersIgnoringASCIICase(value.left(value.find(';')).stripWhiteSpace(), "attachment");
 }
 
+bool ResourceResponseBase::isAttachmentWithFilename() const
+{
+    lazyInit(AllFields);
+
+    String contentDisposition = m_httpHeaderFields.get(HTTPHeaderName::ContentDisposition);
+    if (contentDisposition.isNull())
+        return false;
+
+    if (!equalLettersIgnoringASCIICase(contentDisposition.left(contentDisposition.find(';')).stripWhiteSpace(), "attachment"))
+        return false;
+
+    String filename = filenameFromHTTPContentDisposition(contentDisposition);
+    return !filename.isNull();
+}
+
 ResourceResponseBase::Source ResourceResponseBase::source() const
 {
     lazyInit(AllFields);
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/network/ResourceResponseBase.h webkit2gtk-2.16.2/Source/WebCore/platform/network/ResourceResponseBase.h
--- webkit2gtk-2.16.1/Source/WebCore/platform/network/ResourceResponseBase.h	2017-02-28 09:31:30.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/network/ResourceResponseBase.h	2017-05-08 10:31:38.000000000 +0000
@@ -113,6 +113,7 @@
     bool isMultipart() const { return mimeType() == "multipart/x-mixed-replace"; }
 
     WEBCORE_EXPORT bool isAttachment() const;
+    WEBCORE_EXPORT bool isAttachmentWithFilename() const;
     WEBCORE_EXPORT String suggestedFilename() const;
 
     WEBCORE_EXPORT void includeCertificateInfo() const;
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp webkit2gtk-2.16.2/Source/WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp
--- webkit2gtk-2.16.1/Source/WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp	2017-05-06 08:25:40.000000000 +0000
@@ -193,7 +193,7 @@
 {
     LOG(Network, "SocketStreamHandle %p platformSend", this);
     if (!m_outputStream || !data)
-        return std::nullopt;
+        return 0;
 
     GUniqueOutPtr<GError> error;
     gssize written = g_pollable_output_stream_write_nonblocking(m_outputStream.get(), data, length, m_cancellable.get(), &error.outPtr());
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/Scrollbar.cpp webkit2gtk-2.16.2/Source/WebCore/platform/Scrollbar.cpp
--- webkit2gtk-2.16.1/Source/WebCore/platform/Scrollbar.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/Scrollbar.cpp	2017-05-08 14:14:02.000000000 +0000
@@ -157,7 +157,7 @@
     updateThumb();
 }
 
-void Scrollbar::paint(GraphicsContext& context, const IntRect& damageRect)
+void Scrollbar::paint(GraphicsContext& context, const IntRect& damageRect, Widget::SecurityOriginPaintPolicy)
 {
     if (context.updatingControlTints() && theme().supportsControlTints()) {
         invalidate();
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/Scrollbar.h webkit2gtk-2.16.2/Source/WebCore/platform/Scrollbar.h
--- webkit2gtk-2.16.1/Source/WebCore/platform/Scrollbar.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/Scrollbar.h	2017-05-08 14:14:02.000000000 +0000
@@ -85,7 +85,7 @@
     WEBCORE_EXPORT void setProportion(int visibleSize, int totalSize);
     void setPressedPos(int p) { m_pressedPos = p; }
 
-    void paint(GraphicsContext&, const IntRect& damageRect) override;
+    void paint(GraphicsContext&, const IntRect& damageRect, Widget::SecurityOriginPaintPolicy = SecurityOriginPaintPolicy::AnyOrigin) override;
 
     bool enabled() const { return m_enabled; }
     virtual void setEnabled(bool);
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/ScrollView.cpp webkit2gtk-2.16.2/Source/WebCore/platform/ScrollView.cpp
--- webkit2gtk-2.16.1/Source/WebCore/platform/ScrollView.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/ScrollView.cpp	2017-05-08 14:13:59.000000000 +0000
@@ -1166,7 +1166,7 @@
     context.drawImage(*panScrollIcon, iconGCPoint);
 }
 
-void ScrollView::paint(GraphicsContext& context, const IntRect& rect)
+void ScrollView::paint(GraphicsContext& context, const IntRect& rect, SecurityOriginPaintPolicy securityOriginPaintPolicy)
 {
     if (platformWidget()) {
         Widget::paint(context, rect);
@@ -1198,7 +1198,7 @@
             context.clip(visibleContentRect(LegacyIOSDocumentVisibleRect));
         }
 
-        paintContents(context, documentDirtyRect);
+        paintContents(context, documentDirtyRect, securityOriginPaintPolicy);
     }
 
 #if ENABLE(RUBBER_BANDING)
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/ScrollView.h webkit2gtk-2.16.2/Source/WebCore/platform/ScrollView.h
--- webkit2gtk-2.16.1/Source/WebCore/platform/ScrollView.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/ScrollView.h	2017-05-08 14:14:02.000000000 +0000
@@ -344,7 +344,7 @@
     }
 
     // Widget override. Handles painting of the contents of the view as well as the scrollbars.
-    WEBCORE_EXPORT void paint(GraphicsContext&, const IntRect&) final;
+    WEBCORE_EXPORT void paint(GraphicsContext&, const IntRect&, Widget::SecurityOriginPaintPolicy = SecurityOriginPaintPolicy::AnyOrigin) final;
     void paintScrollbars(GraphicsContext&, const IntRect&);
 
     // Widget overrides to ensure that our children's visibility status is kept up to date when we get shown and hidden.
@@ -380,7 +380,7 @@
     ScrollView();
 
     virtual void repaintContentRectangle(const IntRect&);
-    virtual void paintContents(GraphicsContext&, const IntRect& damageRect) = 0;
+    virtual void paintContents(GraphicsContext&, const IntRect& damageRect, SecurityOriginPaintPolicy = SecurityOriginPaintPolicy::AnyOrigin) = 0;
 
     virtual void paintOverhangAreas(GraphicsContext&, const IntRect& horizontalOverhangArea, const IntRect& verticalOverhangArea, const IntRect& dirtyRect);
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/text/StringWithDirection.h webkit2gtk-2.16.2/Source/WebCore/platform/text/StringWithDirection.h
--- webkit2gtk-2.16.1/Source/WebCore/platform/text/StringWithDirection.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/text/StringWithDirection.h	2017-05-08 10:41:11.000000000 +0000
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2011 Google Inc. All rights reserved.
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
@@ -62,4 +63,11 @@
     return !(a == b);
 }
 
+inline StringWithDirection truncateFromEnd(const StringWithDirection& string, unsigned maxLength)
+{
+    if (string.direction == LTR)
+        return StringWithDirection(string.string.left(maxLength), LTR);
+    return StringWithDirection(string.string.right(maxLength), RTL);
+}
+
 }
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/URLParser.cpp webkit2gtk-2.16.2/Source/WebCore/platform/URLParser.cpp
--- webkit2gtk-2.16.1/Source/WebCore/platform/URLParser.cpp	2017-03-13 11:39:58.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/URLParser.cpp	2017-05-08 12:37:57.000000000 +0000
@@ -191,7 +191,7 @@
     0, // '$'
     ForbiddenHost, // '%'
     0, // '&'
-    0, // '''
+    QueryPercent, // '''
     0, // '('
     0, // ')'
     0, // '*'
@@ -2787,19 +2787,21 @@
     return String::fromUTF8(percentDecoded.data(), percentDecoded.size());
 }
 
+// https://url.spec.whatwg.org/#concept-urlencoded-parser
 auto URLParser::parseURLEncodedForm(StringView input) -> URLEncodedForm
 {
     URLEncodedForm output;
     for (StringView bytes : input.split('&')) {
-        auto valueStart = bytes.find('=');
-        if (valueStart == notFound) {
-            if (auto name = formURLDecode(bytes))
-                output.append({name.value().replace('+', 0x20), emptyString()});
+        auto equalIndex = bytes.find('=');
+        if (equalIndex == notFound) {
+            auto name = formURLDecode(bytes.toString().replace('+', 0x20));
+            if (name)
+                output.append({ name.value(), emptyString() });
         } else {
-            auto name = formURLDecode(bytes.substring(0, valueStart));
-            auto value = formURLDecode(bytes.substring(valueStart + 1));
+            auto name = formURLDecode(bytes.substring(0, equalIndex).toString().replace('+', 0x20));
+            auto value = formURLDecode(bytes.substring(equalIndex + 1).toString().replace('+', 0x20));
             if (name && value)
-                output.append({name.value().replace('+', 0x20), value.value().replace('+', 0x20)});
+                output.append({ name.value(), value.value() });
         }
     }
     return output;
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/UserAgentQuirks.cpp webkit2gtk-2.16.2/Source/WebCore/platform/UserAgentQuirks.cpp
--- webkit2gtk-2.16.1/Source/WebCore/platform/UserAgentQuirks.cpp	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/UserAgentQuirks.cpp	2017-05-08 13:23:18.000000000 +0000
@@ -41,8 +41,9 @@
     // Our Google UA is *very* complicated to get right. Read
     // https://webkit.org/b/142074 carefully before changing. Test that Earth
     // view is available in Google Maps. Test Google Calendar. Test downloading
-    // the Hangouts browser plugin. Change platformVersionForUAString() to
-    // return "FreeBSD amd64" and test Maps and Calendar again.
+    // the Hangouts browser plugin. Test logging out and logging in to a Google
+    // account. Change platformVersionForUAString() to return "FreeBSD amd64"
+    // and test everything again.
     if (baseDomain.startsWith("google."))
         return true;
     if (baseDomain == "gstatic.com")
@@ -66,10 +67,6 @@
     if (baseDomain == "typekit.net" || baseDomain == "typekit.com")
         return true;
 
-    // Needed for YouTube 360 with WebKitGTK+ and WPE (requires ENABLE_MEDIA_SOURCE).
-    if (baseDomain == "youtube.com")
-        return true;
-
     // Slack completely blocks users with WebKitGTK+'s standard user agent.
     if (baseDomain == "slack.com")
         return true;
@@ -79,7 +76,7 @@
 
 static bool urlRequiresFirefoxBrowser(const URL& url)
 {
-    return isGoogle(url);
+    return isGoogle(url) && url.host() != "accounts.google.com";
 }
 
 static bool urlRequiresMacintoshPlatform(const URL& url)
diff -Nru webkit2gtk-2.16.1/Source/WebCore/platform/Widget.h webkit2gtk-2.16.2/Source/WebCore/platform/Widget.h
--- webkit2gtk-2.16.1/Source/WebCore/platform/Widget.h	2017-02-20 16:20:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/platform/Widget.h	2017-05-08 14:13:59.000000000 +0000
@@ -114,7 +114,9 @@
     void move(int x, int y) { setFrameRect(IntRect(x, y, width(), height())); }
     void move(const IntPoint& p) { setFrameRect(IntRect(p, size())); }
 
-    WEBCORE_EXPORT virtual void paint(GraphicsContext&, const IntRect&);
+    enum class SecurityOriginPaintPolicy { AnyOrigin, AccessibleOriginOnly };
+
+    WEBCORE_EXPORT virtual void paint(GraphicsContext&, const IntRect&, SecurityOriginPaintPolicy = SecurityOriginPaintPolicy::AnyOrigin);
     void invalidate() { invalidateRect(boundsRect()); }
     virtual void invalidateRect(const IntRect&) = 0;
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/FilterEffectRenderer.cpp webkit2gtk-2.16.2/Source/WebCore/rendering/FilterEffectRenderer.cpp
--- webkit2gtk-2.16.1/Source/WebCore/rendering/FilterEffectRenderer.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/FilterEffectRenderer.cpp	2017-05-08 14:13:59.000000000 +0000
@@ -128,6 +128,7 @@
 bool FilterEffectRenderer::build(RenderElement& renderer, const FilterOperations& operations, FilterConsumer consumer)
 {
     m_hasFilterThatMovesPixels = operations.hasFilterThatMovesPixels();
+    m_hasFilterThatShouldBeRestrictedBySecurityOrigin = operations.hasFilterThatShouldBeRestrictedBySecurityOrigin();
     if (m_hasFilterThatMovesPixels)
         m_outsets = operations.outsets();
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/FilterEffectRenderer.h webkit2gtk-2.16.2/Source/WebCore/rendering/FilterEffectRenderer.h
--- webkit2gtk-2.16.1/Source/WebCore/rendering/FilterEffectRenderer.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/FilterEffectRenderer.h	2017-05-08 14:13:59.000000000 +0000
@@ -84,6 +84,7 @@
     void apply();
 
     bool hasFilterThatMovesPixels() const { return m_hasFilterThatMovesPixels; }
+    bool hasFilterThatShouldBeRestrictedBySecurityOrigin() const { return m_hasFilterThatShouldBeRestrictedBySecurityOrigin; }
 
 private:
     FilterEffectRenderer();
@@ -115,6 +116,7 @@
 
     bool m_graphicsBufferAttached { false };
     bool m_hasFilterThatMovesPixels { false };
+    bool m_hasFilterThatShouldBeRestrictedBySecurityOrigin { false };
 };
 
 inline FilterEffectRendererHelper::FilterEffectRendererHelper(bool haveFilterEffect, GraphicsContext& targetContext)
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/InlineBox.h webkit2gtk-2.16.2/Source/WebCore/rendering/InlineBox.h
--- webkit2gtk-2.16.1/Source/WebCore/rendering/InlineBox.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/InlineBox.h	2017-05-06 08:32:22.000000000 +0000
@@ -280,16 +280,16 @@
     float expansion() const { return m_expansion; }
 
 private:
-    InlineBox* m_next; // The next element on the same line as us.
-    InlineBox* m_prev; // The previous element on the same line as us.
+    InlineBox* m_next { nullptr }; // The next element on the same line as us.
+    InlineBox* m_prev { nullptr }; // The previous element on the same line as us.
 
-    InlineFlowBox* m_parent; // The box that contains us.
+    InlineFlowBox* m_parent { nullptr }; // The box that contains us.
 
     RenderObject& m_renderer;
 
 public:
     FloatPoint m_topLeft;
-    float m_logicalWidth;
+    float m_logicalWidth { 0 };
 
 #define ADD_BOOLEAN_BITFIELD(name, Name) \
     private:\
@@ -368,21 +368,12 @@
 #undef ADD_BOOLEAN_BITFIELD
 
 private:
-    float m_expansion;
+    float m_expansion { 0 };
     InlineBoxBitfields m_bitfields;
 
 protected:
     explicit InlineBox(RenderObject& renderer)
-        : m_next(nullptr)
-        , m_prev(nullptr)
-        , m_parent(nullptr)
-        , m_renderer(renderer)
-        , m_logicalWidth(0)
-        , m_expansion(0)
-#if !ASSERT_WITH_SECURITY_IMPLICATION_DISABLED
-        , m_deletionSentinel(deletionSentinelNotDeletedValue)
-        , m_hasBadParent(false)
-#endif
+        : m_renderer(renderer)
     {
     }
 
@@ -393,12 +384,7 @@
         , m_renderer(renderer)
         , m_topLeft(topLeft)
         , m_logicalWidth(logicalWidth)
-        , m_expansion(0)
         , m_bitfields(firstLine, constructed, dirty, extracted, isHorizontal)
-#if !ASSERT_WITH_SECURITY_IMPLICATION_DISABLED
-        , m_deletionSentinel(deletionSentinelNotDeletedValue)
-        , m_hasBadParent(false)
-#endif
     {
     }
 
@@ -427,10 +413,10 @@
 
 #if !ASSERT_WITH_SECURITY_IMPLICATION_DISABLED
 private:
-    static const unsigned deletionSentinelNotDeletedValue = 0xF0F0F0F0U;
-    static const unsigned deletionSentinelDeletedValue = 0xF0DEADF0U;
-    unsigned m_deletionSentinel;
-    bool m_hasBadParent;
+    static constexpr unsigned deletionSentinelNotDeletedValue = 0xF0F0F0F0U;
+    static constexpr unsigned deletionSentinelDeletedValue = 0xF0DEADF0U;
+    unsigned m_deletionSentinel { deletionSentinelNotDeletedValue };
+    bool m_hasBadParent { false };
 #endif
 };
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/line/BreakingContext.h webkit2gtk-2.16.2/Source/WebCore/rendering/line/BreakingContext.h
--- webkit2gtk-2.16.1/Source/WebCore/rendering/line/BreakingContext.h	2017-04-03 17:31:44.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/line/BreakingContext.h	2017-05-08 10:17:57.000000000 +0000
@@ -581,9 +581,9 @@
             m_ignoringSpaces = true;
         }
         if (downcast<RenderListMarker>(*m_current.renderer()).isInside())
-            m_width.addUncommittedWidth(replacedLogicalWidth);
+            m_width.addUncommittedReplacedWidth(replacedLogicalWidth);
     } else
-        m_width.addUncommittedWidth(replacedLogicalWidth);
+        m_width.addUncommittedReplacedWidth(replacedLogicalWidth);
     if (is<RenderRubyRun>(*m_current.renderer())) {
         m_width.applyOverhang(downcast<RenderRubyRun>(m_current.renderer()), m_lastObject, m_nextObject);
         downcast<RenderRubyRun>(m_current.renderer())->updatePriorContextFromCachedBreakIterator(m_renderTextInfo.lineBreakIterator);
@@ -800,7 +800,7 @@
     bool breakNBSP = m_autoWrap && m_currentStyle->nbspMode() == SPACE;
     // Auto-wrapping text should wrap in the middle of a word only if it could not wrap before the word,
     // which is only possible if the word is the first thing on the line.
-    bool breakWords = m_currentStyle->breakWords() && ((m_autoWrap && !m_width.hasCommitted()) || m_currWS == PRE);
+    bool breakWords = m_currentStyle->breakWords() && ((m_autoWrap && (!m_width.committedWidth() && !m_width.hasCommittedReplaced())) || m_currWS == PRE);
     bool midWordBreak = false;
     bool breakAll = m_currentStyle->wordBreak() == BreakAllWordBreak && m_autoWrap;
     bool keepAllWords = m_currentStyle->wordBreak() == KeepAllWordBreak;
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/line/LineWidth.cpp webkit2gtk-2.16.2/Source/WebCore/rendering/line/LineWidth.cpp
--- webkit2gtk-2.16.1/Source/WebCore/rendering/line/LineWidth.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/line/LineWidth.cpp	2017-05-08 10:17:55.000000000 +0000
@@ -122,6 +122,10 @@
 {
     m_committedWidth += m_uncommittedWidth;
     m_uncommittedWidth = 0;
+    if (m_hasUncommittedReplaced) {
+        m_hasCommittedReplaced = true;
+        m_hasUncommittedReplaced = false;
+    }
     m_hasCommitted = true;
 }
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/line/LineWidth.h webkit2gtk-2.16.2/Source/WebCore/rendering/line/LineWidth.h
--- webkit2gtk-2.16.1/Source/WebCore/rendering/line/LineWidth.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/line/LineWidth.h	2017-05-08 10:17:55.000000000 +0000
@@ -59,6 +59,7 @@
     float logicalLeftOffset() const { return m_left; }
     
     bool hasCommitted() const { return m_hasCommitted; }
+    bool hasCommittedReplaced() const { return m_hasCommittedReplaced; }
 
     void updateAvailableWidth(LayoutUnit minimumHeight = 0);
     void shrinkAvailableWidthForNewFloatIfNeeded(const FloatingObject&);
@@ -66,6 +67,11 @@
     {
         m_uncommittedWidth += delta;
     }
+    void addUncommittedReplacedWidth(float delta)
+    {
+        addUncommittedWidth(delta);
+        m_hasUncommittedReplaced = true;
+    }
     void commit();
     void applyOverhang(RenderRubyRun*, RenderObject* startRenderer, RenderObject* endRenderer);
     void fitBelowFloats(bool isFirstLine = false);
@@ -91,6 +97,8 @@
     float m_availableWidth { 0 };
     bool m_isFirstLine { true };
     bool m_hasCommitted { false };
+    bool m_hasCommittedReplaced { false };
+    bool m_hasUncommittedReplaced { false };
     IndentTextOrNot m_shouldIndentText;
 };
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/PaintInfo.h webkit2gtk-2.16.2/Source/WebCore/rendering/PaintInfo.h
--- webkit2gtk-2.16.1/Source/WebCore/rendering/PaintInfo.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/PaintInfo.h	2017-05-08 14:13:59.000000000 +0000
@@ -50,7 +50,8 @@
 struct PaintInfo {
     PaintInfo(GraphicsContext& newContext, const LayoutRect& newRect, PaintPhase newPhase, PaintBehavior newPaintBehavior,
         RenderObject* newSubtreePaintRoot = nullptr, ListHashSet<RenderInline*>* newOutlineObjects = nullptr,
-        OverlapTestRequestMap* overlapTestRequests = nullptr, const RenderLayerModelObject* newPaintContainer = nullptr)
+        OverlapTestRequestMap* overlapTestRequests = nullptr, const RenderLayerModelObject* newPaintContainer = nullptr,
+        bool newRequireSecurityOriginAccessForWidgets = false)
             : rect(newRect)
             , phase(newPhase)
             , paintBehavior(newPaintBehavior)
@@ -58,6 +59,7 @@
             , outlineObjects(newOutlineObjects)
             , overlapTestRequests(overlapTestRequests)
             , paintContainer(newPaintContainer)
+            , requireSecurityOriginAccessForWidgets(newRequireSecurityOriginAccessForWidgets)
             , m_context(&newContext)
     {
     }
@@ -120,6 +122,7 @@
     ListHashSet<RenderInline*>* outlineObjects; // used to list outlines that should be painted by a block with inline children
     OverlapTestRequestMap* overlapTestRequests;
     const RenderLayerModelObject* paintContainer; // the layer object that originates the current painting
+    bool requireSecurityOriginAccessForWidgets { false };
 
 private:
     GraphicsContext* m_context;
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/RenderBlockFlow.cpp webkit2gtk-2.16.2/Source/WebCore/rendering/RenderBlockFlow.cpp
--- webkit2gtk-2.16.1/Source/WebCore/rendering/RenderBlockFlow.cpp	2017-04-03 17:09:37.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/RenderBlockFlow.cpp	2017-05-08 12:47:36.000000000 +0000
@@ -3727,6 +3727,9 @@
     if (isPaginated) {
         view().pushLayoutStateForPagination(*this);
         layoutLineBoxes(relayoutChildren, repaintLogicalTop, repaintLogicalBottom);
+        // This matches relayoutToAvoidWidows.
+        if (shouldBreakAtLineToAvoidWidow())
+            layoutLineBoxes(relayoutChildren, repaintLogicalTop, repaintLogicalBottom);
         view().popLayoutState(*this);
     } else
         layoutLineBoxes(relayoutChildren, repaintLogicalTop, repaintLogicalBottom);
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/RenderBoxModelObject.cpp webkit2gtk-2.16.2/Source/WebCore/rendering/RenderBoxModelObject.cpp
--- webkit2gtk-2.16.1/Source/WebCore/rendering/RenderBoxModelObject.cpp	2017-04-03 11:14:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/RenderBoxModelObject.cpp	2017-05-08 09:12:14.000000000 +0000
@@ -1693,6 +1693,10 @@
     RoundedRect outerBorder = style.getRoundedBorderFor(rect, includeLogicalLeftEdge, includeLogicalRightEdge);
     RoundedRect innerBorder = style.getRoundedInnerBorderFor(borderInnerRectAdjustedForBleedAvoidance(graphicsContext, rect, bleedAvoidance), includeLogicalLeftEdge, includeLogicalRightEdge);
 
+    // If no borders intersects with the dirty area, we can skip the border painting.
+    if (innerBorder.contains(info.rect))
+        return;
+
     bool haveAlphaColor = false;
     bool haveAllSolidEdges = true;
     bool haveAllDoubleEdges = true;
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/RenderElement.h webkit2gtk-2.16.2/Source/WebCore/rendering/RenderElement.h
--- webkit2gtk-2.16.1/Source/WebCore/rendering/RenderElement.h	2017-04-03 07:51:29.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/RenderElement.h	2017-05-07 09:50:21.000000000 +0000
@@ -139,7 +139,8 @@
     bool mayCauseRepaintInsideViewport(const IntRect* visibleRect = nullptr) const;
 
     // Returns true if this renderer requires a new stacking context.
-    bool createsGroup() const { return isTransparent() || hasMask() || hasClipPath() || hasFilter() || hasBackdropFilter() || hasBlendMode(); }
+    static bool createsGroupForStyle(const RenderStyle&);
+    bool createsGroup() const { return createsGroupForStyle(style()); }
 
     bool isTransparent() const { return style().opacity() < 1.0f; }
     float opacity() const { return style().opacity(); }
@@ -428,6 +429,11 @@
         || isRenderView();
 }
 
+inline bool RenderElement::createsGroupForStyle(const RenderStyle& style)
+{
+    return style.opacity() < 1.0f || style.hasMask() || style.clipPath() || style.hasFilter() || style.hasBackdropFilter() || style.hasBlendMode();
+}
+
 inline bool RenderObject::isRenderLayerModelObject() const
 {
     return is<RenderElement>(*this) && downcast<RenderElement>(*this).isRenderLayerModelObject();
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/RenderLayerCompositor.cpp webkit2gtk-2.16.2/Source/WebCore/rendering/RenderLayerCompositor.cpp
--- webkit2gtk-2.16.1/Source/WebCore/rendering/RenderLayerCompositor.cpp	2017-04-03 10:13:11.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/RenderLayerCompositor.cpp	2017-05-07 09:50:21.000000000 +0000
@@ -918,15 +918,30 @@
     if (diff == StyleDifferenceEqual)
         return;
 
-    m_layerNeedsCompositingUpdate = true;
-
     const RenderStyle& newStyle = layer.renderer().style();
-    if (updateLayerCompositingState(layer) || (oldStyle && styleChangeRequiresLayerRebuild(layer, *oldStyle, newStyle)))
+    if (updateLayerCompositingState(layer) || (oldStyle && styleChangeRequiresLayerRebuild(layer, *oldStyle, newStyle))) {
         setCompositingLayersNeedRebuild();
-    else if (layer.isComposited()) {
+        m_layerNeedsCompositingUpdate = true;
+        return;
+    }
+
+    if (layer.isComposited()) {
         // FIXME: updating geometry here is potentially harmful, because layout is not up-to-date.
         layer.backing()->updateGeometry();
         layer.backing()->updateAfterDescendants();
+        m_layerNeedsCompositingUpdate = true;
+        return;
+    }
+
+    // We don't have any direct reasons for this style change to affect layer composition. Test if it might affect things indirectly.
+    if (oldStyle && styleChangeMayAffectIndirectCompositingReasons(layer.renderer(), *oldStyle)) {
+        m_layerNeedsCompositingUpdate = true;
+        return;
+    }
+
+    if (layer.isRootLayer()) {
+        // Needed for scroll bars.
+        m_layerNeedsCompositingUpdate = true;
     }
 }
 
@@ -2594,6 +2609,28 @@
     return false;
 }
 
+bool RenderLayerCompositor::styleChangeMayAffectIndirectCompositingReasons(const RenderLayerModelObject& renderer, const RenderStyle& oldStyle)
+{
+    if (renderer.isRenderNamedFlowFragmentContainer())
+        return true;
+
+    auto& style = renderer.style();
+    if (RenderElement::createsGroupForStyle(style) != RenderElement::createsGroupForStyle(oldStyle))
+        return true;
+    if (style.isolation() != oldStyle.isolation())
+        return true;
+    if (style.hasTransform() != oldStyle.hasTransform())
+        return true;
+    if (style.boxReflect() != oldStyle.boxReflect())
+        return true;
+    if (style.transformStyle3D() != oldStyle.transformStyle3D())
+        return true;
+    if (style.hasPerspective() != oldStyle.hasPerspective())
+        return true;
+
+    return false;
+}
+
 bool RenderLayerCompositor::requiresCompositingForFilters(RenderLayerModelObject& renderer) const
 {
 #if ENABLE(FILTERS_LEVEL_2)
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/RenderLayerCompositor.h webkit2gtk-2.16.2/Source/WebCore/rendering/RenderLayerCompositor.h
--- webkit2gtk-2.16.1/Source/WebCore/rendering/RenderLayerCompositor.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/RenderLayerCompositor.h	2017-05-07 09:50:21.000000000 +0000
@@ -431,6 +431,7 @@
     bool requiresCompositingForPosition(RenderLayerModelObject&, const RenderLayer&, RenderLayer::ViewportConstrainedNotCompositedReason* = nullptr) const;
     bool requiresCompositingForOverflowScrolling(const RenderLayer&) const;
     bool requiresCompositingForIndirectReason(RenderLayerModelObject&, bool hasCompositedDescendants, bool has3DTransformedDescendants, RenderLayer::IndirectCompositingReason&) const;
+    static bool styleChangeMayAffectIndirectCompositingReasons(const RenderLayerModelObject& renderer, const RenderStyle& oldStyle);
 
 #if PLATFORM(IOS)
     bool requiresCompositingForScrolling(const RenderLayer&) const;
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/RenderLayer.cpp webkit2gtk-2.16.2/Source/WebCore/rendering/RenderLayer.cpp
--- webkit2gtk-2.16.1/Source/WebCore/rendering/RenderLayer.cpp	2017-04-03 10:13:11.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/RenderLayer.cpp	2017-05-08 14:14:02.000000000 +0000
@@ -3837,11 +3837,11 @@
     return ScrollableArea::scroll(direction, granularity, multiplier);
 }
 
-void RenderLayer::paint(GraphicsContext& context, const LayoutRect& damageRect, const LayoutSize& subpixelOffset, PaintBehavior paintBehavior, RenderObject* subtreePaintRoot, PaintLayerFlags paintFlags)
+void RenderLayer::paint(GraphicsContext& context, const LayoutRect& damageRect, const LayoutSize& subpixelOffset, PaintBehavior paintBehavior, RenderObject* subtreePaintRoot, PaintLayerFlags paintFlags, SecurityOriginPaintPolicy paintPolicy)
 {
     OverlapTestRequestMap overlapTestRequests;
 
-    LayerPaintingInfo paintingInfo(this, enclosingIntRect(damageRect), paintBehavior, subpixelOffset, subtreePaintRoot, &overlapTestRequests);
+    LayerPaintingInfo paintingInfo(this, enclosingIntRect(damageRect), paintBehavior, subpixelOffset, subtreePaintRoot, &overlapTestRequests, paintPolicy == SecurityOriginPaintPolicy::AccessibleOriginOnly);
     paintLayer(context, paintingInfo, paintFlags);
 
     for (auto& widget : overlapTestRequests.keys())
@@ -4239,6 +4239,8 @@
     // Note that we will still apply the clipping on the final rendering of the filter.
     paintingInfo.clipToDirtyRect = !filterInfo.renderer()->hasFilterThatMovesPixels();
 
+    paintingInfo.requireSecurityOriginAccessForWidgets = filterInfo.renderer()->hasFilterThatShouldBeRestrictedBySecurityOrigin();
+
     return WTFMove(painter.second);
 }
 
@@ -4800,7 +4802,7 @@
         if (shouldClip)
             clipToRect(context, localPaintingInfo, fragment.foregroundRect);
     
-        PaintInfo paintInfo(context, fragment.foregroundRect.rect(), phase, paintBehavior, subtreePaintRootForRenderer, nullptr, nullptr, &localPaintingInfo.rootLayer->renderer());
+        PaintInfo paintInfo(context, fragment.foregroundRect.rect(), phase, paintBehavior, subtreePaintRootForRenderer, nullptr, nullptr, &localPaintingInfo.rootLayer->renderer(), localPaintingInfo.requireSecurityOriginAccessForWidgets);
         if (phase == PaintPhaseForeground)
             paintInfo.overlapTestRequests = localPaintingInfo.overlapTestRequests;
         renderer().paint(paintInfo, toLayoutPoint(fragment.layerBounds.location() - renderBoxLocation() + localPaintingInfo.subpixelOffset));
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/RenderLayer.h webkit2gtk-2.16.2/Source/WebCore/rendering/RenderLayer.h
--- webkit2gtk-2.16.1/Source/WebCore/rendering/RenderLayer.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/RenderLayer.h	2017-05-08 14:14:02.000000000 +0000
@@ -462,12 +462,14 @@
     
     typedef unsigned PaintLayerFlags;
 
+    enum class SecurityOriginPaintPolicy { AnyOrigin, AccessibleOriginOnly };
+
     // The two main functions that use the layer system.  The paint method
     // paints the layers that intersect the damage rect from back to
     // front.  The hitTest method looks for mouse events by walking
     // layers that intersect the point from front to back.
     void paint(GraphicsContext&, const LayoutRect& damageRect, const LayoutSize& subpixelOffset = LayoutSize(), PaintBehavior = PaintBehaviorNormal,
-        RenderObject* subtreePaintRoot = nullptr, PaintLayerFlags = 0);
+        RenderObject* subtreePaintRoot = nullptr, PaintLayerFlags = 0, SecurityOriginPaintPolicy = SecurityOriginPaintPolicy::AnyOrigin);
     bool hitTest(const HitTestRequest&, HitTestResult&);
     bool hitTest(const HitTestRequest&, const HitTestLocation&, HitTestResult&);
     void paintOverlayScrollbars(GraphicsContext&, const LayoutRect& damageRect, PaintBehavior, RenderObject* subtreePaintRoot = nullptr);
@@ -678,14 +680,14 @@
     enum CollectLayersBehavior { StopAtStackingContexts, StopAtStackingContainers };
 
     struct LayerPaintingInfo {
-        LayerPaintingInfo(RenderLayer* inRootLayer, const LayoutRect& inDirtyRect, PaintBehavior inPaintBehavior, const LayoutSize& inSupixelOffset, RenderObject* inSubtreePaintRoot = nullptr, OverlapTestRequestMap* inOverlapTestRequests = nullptr)
+        LayerPaintingInfo(RenderLayer* inRootLayer, const LayoutRect& inDirtyRect, PaintBehavior inPaintBehavior, const LayoutSize& inSupixelOffset, RenderObject* inSubtreePaintRoot = nullptr, OverlapTestRequestMap* inOverlapTestRequests = nullptr, bool inRequireSecurityOriginAccessForWidgets = false)
             : rootLayer(inRootLayer)
             , subtreePaintRoot(inSubtreePaintRoot)
             , paintDirtyRect(inDirtyRect)
             , subpixelOffset(inSupixelOffset)
             , overlapTestRequests(inOverlapTestRequests)
             , paintBehavior(inPaintBehavior)
-            , clipToDirtyRect(true)
+            , requireSecurityOriginAccessForWidgets(inRequireSecurityOriginAccessForWidgets)
         { }
         RenderLayer* rootLayer;
         RenderObject* subtreePaintRoot; // only paint descendants of this object
@@ -693,7 +695,8 @@
         LayoutSize subpixelOffset;
         OverlapTestRequestMap* overlapTestRequests; // May be null.
         PaintBehavior paintBehavior;
-        bool clipToDirtyRect;
+        bool requireSecurityOriginAccessForWidgets;
+        bool clipToDirtyRect { true };
     };
 
     // Compute, cache and return clip rects computed with the given layer as the root.
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/RenderMultiColumnSet.cpp webkit2gtk-2.16.2/Source/WebCore/rendering/RenderMultiColumnSet.cpp
--- webkit2gtk-2.16.1/Source/WebCore/rendering/RenderMultiColumnSet.cpp	2017-03-13 11:45:02.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/RenderMultiColumnSet.cpp	2017-05-08 11:06:19.000000000 +0000
@@ -234,7 +234,7 @@
         return m_computedColumnHeight;
     }
 
-    if (forcedBreaksCount() > 1 && forcedBreaksCount() >= computedColumnCount()) {
+    if (forcedBreaksCount() >= computedColumnCount()) {
         // Too many forced breaks to allow any implicit breaks. Initial balancing should already
         // have set a good height. There's nothing more we should do.
         return m_computedColumnHeight;
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/RenderObject.h webkit2gtk-2.16.2/Source/WebCore/rendering/RenderObject.h
--- webkit2gtk-2.16.1/Source/WebCore/rendering/RenderObject.h	2017-04-03 10:13:11.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/RenderObject.h	2017-05-08 13:16:03.000000000 +0000
@@ -266,6 +266,7 @@
     virtual bool isTextControl() const { return false; }
     virtual bool isTextArea() const { return false; }
     virtual bool isTextField() const { return false; }
+    virtual bool isSearchField() const { return false; }
     virtual bool isTextControlInnerBlock() const { return false; }
     virtual bool isVideo() const { return false; }
     virtual bool isWidget() const { return false; }
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/RenderScrollbar.cpp webkit2gtk-2.16.2/Source/WebCore/rendering/RenderScrollbar.cpp
--- webkit2gtk-2.16.1/Source/WebCore/rendering/RenderScrollbar.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/RenderScrollbar.cpp	2017-05-08 14:13:59.000000000 +0000
@@ -102,7 +102,7 @@
     updateScrollbarParts();
 }
 
-void RenderScrollbar::paint(GraphicsContext& context, const IntRect& damageRect)
+void RenderScrollbar::paint(GraphicsContext& context, const IntRect& damageRect, Widget::SecurityOriginPaintPolicy)
 {
     if (context.updatingControlTints()) {
         updateScrollbarParts();
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/RenderScrollbar.h webkit2gtk-2.16.2/Source/WebCore/rendering/RenderScrollbar.h
--- webkit2gtk-2.16.1/Source/WebCore/rendering/RenderScrollbar.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/RenderScrollbar.h	2017-05-08 14:13:59.000000000 +0000
@@ -66,7 +66,7 @@
     void setParent(ScrollView*) override;
     void setEnabled(bool) override;
 
-    void paint(GraphicsContext&, const IntRect& damageRect) override;
+    void paint(GraphicsContext&, const IntRect& damageRect, Widget::SecurityOriginPaintPolicy) override;
 
     void setHoveredPart(ScrollbarPart) override;
     void setPressedPart(ScrollbarPart) override;
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/RenderSearchField.h webkit2gtk-2.16.2/Source/WebCore/rendering/RenderSearchField.h
--- webkit2gtk-2.16.1/Source/WebCore/rendering/RenderSearchField.h	2017-04-03 11:14:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/RenderSearchField.h	2017-05-08 13:16:01.000000000 +0000
@@ -45,6 +45,8 @@
     void hidePopup();
 
 private:
+    bool isSearchField() const final { return true; }
+
     void willBeDestroyed() override;
     void centerContainerIfNeeded(RenderBox*) const override;
     LayoutUnit computeControlLogicalHeight(LayoutUnit lineHeight, LayoutUnit nonContentHeight) const override;
@@ -92,4 +94,4 @@
 
 } // namespace WebCore
 
-SPECIALIZE_TYPE_TRAITS_RENDER_OBJECT(RenderSearchField, isTextField())
+SPECIALIZE_TYPE_TRAITS_RENDER_OBJECT(RenderSearchField, isSearchField())
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/RenderText.cpp webkit2gtk-2.16.2/Source/WebCore/rendering/RenderText.cpp
--- webkit2gtk-2.16.1/Source/WebCore/rendering/RenderText.cpp	2017-04-03 11:14:16.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/RenderText.cpp	2017-05-06 08:09:45.000000000 +0000
@@ -443,8 +443,8 @@
 
 Position RenderText::positionForPoint(const LayoutPoint& point)
 {
-    if (auto* layout = simpleLineLayout()) {
-        auto position = Position(textNode(), SimpleLineLayout::textOffsetForPoint(point, *this, *layout));
+    if (simpleLineLayout() && parent()->firstChild() == parent()->lastChild()) {
+        auto position = Position(textNode(), SimpleLineLayout::textOffsetForPoint(point, *this, *simpleLineLayout()));
         ASSERT(position == positionForPoint(point, nullptr).deepEquivalent());
         return position;
     }
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/RenderWidget.cpp webkit2gtk-2.16.2/Source/WebCore/rendering/RenderWidget.cpp
--- webkit2gtk-2.16.1/Source/WebCore/rendering/RenderWidget.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/RenderWidget.cpp	2017-05-08 14:13:59.000000000 +0000
@@ -31,6 +31,7 @@
 #include "RenderLayer.h"
 #include "RenderLayerBacking.h"
 #include "RenderView.h"
+#include "SecurityOrigin.h"
 #include <wtf/StackStats.h>
 #include <wtf/Ref.h>
 
@@ -216,6 +217,13 @@
 
 void RenderWidget::paintContents(PaintInfo& paintInfo, const LayoutPoint& paintOffset)
 {
+    if (paintInfo.requireSecurityOriginAccessForWidgets) {
+        if (auto contentDocument = frameOwnerElement().contentDocument()) {
+            if (!document().securityOrigin().canAccess(contentDocument->securityOrigin()))
+                return;
+        }
+    }
+
     IntPoint contentPaintOffset = roundedIntPoint(paintOffset + location() + contentBoxRect().location());
     // Tell the widget to paint now. This is the only time the widget is allowed
     // to paint itself. That way it will composite properly with z-indexed layers.
@@ -229,8 +237,8 @@
         paintInfo.context().translate(widgetPaintOffset);
         paintRect.move(-widgetPaintOffset);
     }
-    // FIXME: Remove repaintrect encolsing/integral snapping when RenderWidget becomes device pixel snapped.
-    m_widget->paint(paintInfo.context(), snappedIntRect(paintRect));
+    // FIXME: Remove repaintrect enclosing/integral snapping when RenderWidget becomes device pixel snapped.
+    m_widget->paint(paintInfo.context(), snappedIntRect(paintRect), paintInfo.requireSecurityOriginAccessForWidgets ? Widget::SecurityOriginPaintPolicy::AccessibleOriginOnly : Widget::SecurityOriginPaintPolicy::AnyOrigin);
 
     if (!widgetPaintOffset.isZero())
         paintInfo.context().translate(-widgetPaintOffset);
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/SimpleLineLayout.cpp webkit2gtk-2.16.2/Source/WebCore/rendering/SimpleLineLayout.cpp
--- webkit2gtk-2.16.1/Source/WebCore/rendering/SimpleLineLayout.cpp	2017-04-03 07:14:36.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/SimpleLineLayout.cpp	2017-05-08 12:44:37.000000000 +0000
@@ -106,6 +106,15 @@
 {
     AvoidanceReasonFlags reasons = { };
     auto& primaryFont = fontCascade.primaryFont();
+    auto& fontMetrics = primaryFont.fontMetrics();
+    auto availableSpaceForGlyphAscent = fontMetrics.ascent();
+    auto availableSpaceForGlyphDescent = fontMetrics.descent();
+    if (lineHeightConstraint) {
+        auto lineHeightPadding = *lineHeightConstraint - fontMetrics.height();
+        availableSpaceForGlyphAscent += lineHeightPadding / 2;
+        availableSpaceForGlyphDescent += lineHeightPadding / 2;
+    }
+
     for (unsigned i = 0; i < length; ++i) {
         auto character = text[i];
         if (FontCascade::treatAsSpace(character))
@@ -122,8 +131,11 @@
         if (!glyphData.isValid() || glyphData.font != &primaryFont)
             SET_REASON_AND_RETURN_IF_NEEDED(FlowPrimaryFontIsInsufficient, reasons, includeReasons);
 
-        if (lineHeightConstraint && primaryFont.boundsForGlyph(glyphData.glyph).height() > *lineHeightConstraint)
-            SET_REASON_AND_RETURN_IF_NEEDED(FlowFontHasOverflowGlyph, reasons, includeReasons);
+        if (lineHeightConstraint) {
+            auto bounds = primaryFont.boundsForGlyph(glyphData.glyph);
+            if (ceilf(-bounds.y()) > availableSpaceForGlyphAscent || ceilf(bounds.maxY()) > availableSpaceForGlyphDescent)
+                SET_REASON_AND_RETURN_IF_NEEDED(FlowFontHasOverflowGlyph, reasons, includeReasons);
+        }
     }
     return reasons;
 }
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/SimpleLineLayoutFlowContents.cpp webkit2gtk-2.16.2/Source/WebCore/rendering/SimpleLineLayoutFlowContents.cpp
--- webkit2gtk-2.16.1/Source/WebCore/rendering/SimpleLineLayoutFlowContents.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/SimpleLineLayoutFlowContents.cpp	2017-05-06 08:45:17.000000000 +0000
@@ -68,14 +68,15 @@
 
 unsigned FlowContents::segmentIndexForRunSlow(unsigned start, unsigned end) const
 {
-    auto it = std::lower_bound(m_segments.begin(), m_segments.end(), start, [](const Segment& segment, unsigned start) {
-        return segment.end <= start;
+    auto isEmptyRange = start == end;
+    auto it = std::lower_bound(m_segments.begin(), m_segments.end(), start, [isEmptyRange](const Segment& segment, unsigned start) {
+        // FIXME: This always find the first empty run (.vs subsequent <br> elements)
+        return (isEmptyRange && segment.start == segment.end) ? segment.start < start : segment.end <= start;
     });
     ASSERT(it != m_segments.end());
-    ASSERT_UNUSED(end, end <= it->end);
-    auto index = it - m_segments.begin();
-    m_lastSegmentIndex = index;
-    return index;
+    ASSERT(end <= it->end);
+    m_lastSegmentIndex = it - m_segments.begin();
+    return m_lastSegmentIndex;
 }
 
 }
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/SimpleLineLayoutFlowContents.h webkit2gtk-2.16.2/Source/WebCore/rendering/SimpleLineLayoutFlowContents.h
--- webkit2gtk-2.16.1/Source/WebCore/rendering/SimpleLineLayoutFlowContents.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/SimpleLineLayoutFlowContents.h	2017-05-06 08:09:43.000000000 +0000
@@ -63,7 +63,7 @@
 
 inline const FlowContents::Segment& FlowContents::segmentForRun(unsigned start, unsigned end) const
 {
-    ASSERT(start < end);
+    ASSERT(start <= end);
     auto& lastSegment = m_segments[m_lastSegmentIndex];
     if (lastSegment.start <= start && end <= lastSegment.end)
         return m_segments[m_lastSegmentIndex];
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/SimpleLineLayoutFunctions.cpp webkit2gtk-2.16.2/Source/WebCore/rendering/SimpleLineLayoutFunctions.cpp
--- webkit2gtk-2.16.1/Source/WebCore/rendering/SimpleLineLayoutFunctions.cpp	2017-03-13 12:57:50.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/SimpleLineLayoutFunctions.cpp	2017-05-06 08:45:19.000000000 +0000
@@ -147,20 +147,20 @@
     if (style.visibility() != VISIBLE || style.pointerEvents() == PE_NONE)
         return false;
 
-    RenderObject& renderer = *flow.firstChild();
     LayoutRect rangeRect = locationInContainer.boundingBox();
     rangeRect.moveBy(-accumulatedOffset);
-
     auto resolver = lineResolver(flow, layout);
-    for (FloatRect lineRect : resolver.rangeForRect(rangeRect)) {
+    auto range = resolver.rangeForRect(rangeRect);
+    for (auto it = range.begin(), end = range.end(); it != end; ++it) {
+        auto lineRect = *it;
         lineRect.moveBy(accumulatedOffset);
+        auto& renderer = const_cast<RenderObject&>(it.renderer());
         if (!locationInContainer.intersects(lineRect))
             continue;
         renderer.updateHitTestResult(result, locationInContainer.point() - toLayoutSize(accumulatedOffset));
         if (!result.addNodeToRectBasedTestResult(renderer.node(), request, locationInContainer, lineRect))
             return true;
     }
-
     return false;
 }
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/SimpleLineLayoutResolver.cpp webkit2gtk-2.16.2/Source/WebCore/rendering/SimpleLineLayoutResolver.cpp
--- webkit2gtk-2.16.1/Source/WebCore/rendering/SimpleLineLayoutResolver.cpp	2017-02-28 09:12:45.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/SimpleLineLayoutResolver.cpp	2017-05-06 08:09:45.000000000 +0000
@@ -267,7 +267,7 @@
 {
 }
 
-const FloatRect LineResolver::Iterator::operator*() const
+FloatRect LineResolver::Iterator::operator*() const
 {
     unsigned currentLine = m_runIterator.lineIndex();
     auto it = m_runIterator;
@@ -277,6 +277,13 @@
     return rect;
 }
 
+const RenderObject& LineResolver::Iterator::renderer() const
+{
+    // FIXME: This works as long as we've got only one renderer per line.
+    auto run = *m_runIterator;
+    return m_runIterator.resolver().flowContents().segmentForRun(run.start(), run.end()).renderer;
+}
+
 LineResolver::LineResolver(const RenderBlockFlow& flow, const Layout& layout)
     : m_runResolver(flow, layout)
 {
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/SimpleLineLayoutResolver.h webkit2gtk-2.16.2/Source/WebCore/rendering/SimpleLineLayoutResolver.h
--- webkit2gtk-2.16.1/Source/WebCore/rendering/SimpleLineLayoutResolver.h	2017-02-28 09:12:45.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/SimpleLineLayoutResolver.h	2017-05-06 08:09:45.000000000 +0000
@@ -98,6 +98,7 @@
     RunResolver(const RenderBlockFlow&, const Layout&);
 
     const RenderBlockFlow& flow() const { return m_flowRenderer; }
+    const FlowContents& flowContents() const { return m_flowContents; }
     Iterator begin() const;
     Iterator end() const;
 
@@ -125,8 +126,6 @@
 
 class LineResolver {
 public:
-    class Iterator;
-
     class Iterator {
     public:
         explicit Iterator(RunResolver::Iterator);
@@ -135,11 +134,12 @@
         bool operator==(const Iterator&) const;
         bool operator!=(const Iterator&) const;
 
-        const FloatRect operator*() const;
+        FloatRect operator*() const;
+        // FIXME: Use a list to support multiple renderers per line.
+        const RenderObject& renderer() const;
 
     private:
         RunResolver::Iterator m_runIterator;
-        LayoutRect m_rect;
     };
 
     LineResolver(const RenderBlockFlow&, const Layout&);
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/style/RenderStyle.cpp webkit2gtk-2.16.2/Source/WebCore/rendering/style/RenderStyle.cpp
--- webkit2gtk-2.16.1/Source/WebCore/rendering/style/RenderStyle.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/style/RenderStyle.cpp	2017-05-08 08:53:28.000000000 +0000
@@ -837,8 +837,20 @@
     return false;
 }
 
+static bool requiresPainting(const RenderStyle& style)
+{
+    if (style.visibility() == HIDDEN)
+        return false;
+    if (!style.opacity())
+        return false;
+    return true;
+}
+
 bool RenderStyle::changeRequiresRepaint(const RenderStyle& other, unsigned& changedContextSensitiveProperties) const
 {
+    if (!requiresPainting(*this) && !requiresPainting(other))
+        return false;
+
     if (m_inheritedFlags.visibility != other.m_inheritedFlags.visibility
         || m_inheritedFlags.printColorAdjust != other.m_inheritedFlags.printColorAdjust
         || m_inheritedFlags.insideLink != other.m_inheritedFlags.insideLink
diff -Nru webkit2gtk-2.16.1/Source/WebCore/rendering/style/RenderStyle.h webkit2gtk-2.16.2/Source/WebCore/rendering/style/RenderStyle.h
--- webkit2gtk-2.16.1/Source/WebCore/rendering/style/RenderStyle.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/rendering/style/RenderStyle.h	2017-05-08 07:09:11.000000000 +0000
@@ -1370,6 +1370,9 @@
     bool hasExplicitlySetWritingMode() const { return m_nonInheritedFlags.hasExplicitlySetWritingMode(); }
     void setHasExplicitlySetWritingMode(bool v) { m_nonInheritedFlags.setHasExplicitlySetWritingMode(v); }
 
+    bool hasExplicitlySetTextAlign() const { return m_nonInheritedFlags.hasExplicitlySetTextAlign(); }
+    void setHasExplicitlySetTextAlign(bool value) { m_nonInheritedFlags.setHasExplicitlySetTextAlign(value); }
+
     // A unique style is one that has matches something that makes it impossible to share.
     bool unique() const { return m_nonInheritedFlags.isUnique(); }
     void setUnique() { m_nonInheritedFlags.setIsUnique(); }
@@ -1782,6 +1785,9 @@
         bool hasExplicitlySetWritingMode() const { return getBoolean(hasExplicitlySetWritingModeOffset); }
         void setHasExplicitlySetWritingMode(bool value) { updateBoolean(value, hasExplicitlySetWritingModeOffset); }
 
+        bool hasExplicitlySetTextAlign() const { return getBoolean(hasExplicitlySetTextAlignOffset); }
+        void setHasExplicitlySetTextAlign(bool value) { updateBoolean(value, hasExplicitlySetTextAlignOffset); }
+
         static ptrdiff_t flagsMemoryOffset() { return OBJECT_OFFSETOF(NonInheritedFlags, m_flags); }
         static uint64_t flagIsaffectedByActive() { return oneBitMask << affectedByActiveOffset; }
         static uint64_t flagIsaffectedByHover() { return oneBitMask << affectedByHoverOffset; }
@@ -1856,11 +1862,13 @@
         static const unsigned hasViewportUnitsOffset = pseudoBitsOffset + pseudoBitsBitCount;
 
         // Byte 7.
+        static const unsigned hasExplicitlySetTextAlignBitCount = 1;
+        static const unsigned hasExplicitlySetTextAlignOffset = hasViewportUnitsOffset + hasViewportUnitsBitCount;
         static const unsigned styleTypeBitCount = 6;
-        static const unsigned styleTypePadding = 2;
+        static const unsigned styleTypePadding = 1;
         static const unsigned styleTypeAndPaddingBitCount = styleTypeBitCount + styleTypePadding;
         static const uint64_t styleTypeMask = (oneBitMask << styleTypeAndPaddingBitCount) - 1;
-        static const unsigned styleTypeOffset = hasViewportUnitsBitCount + hasViewportUnitsOffset;
+        static const unsigned styleTypeOffset = hasExplicitlySetTextAlignOffset + hasExplicitlySetTextAlignBitCount;
 
         // Byte 8.
         static const unsigned isUniqueOffset = styleTypeOffset + styleTypeAndPaddingBitCount;
diff -Nru webkit2gtk-2.16.1/Source/WebCore/storage/StorageArea.h webkit2gtk-2.16.2/Source/WebCore/storage/StorageArea.h
--- webkit2gtk-2.16.1/Source/WebCore/storage/StorageArea.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/storage/StorageArea.h	2017-05-07 09:24:48.000000000 +0000
@@ -35,7 +35,8 @@
 class SecurityOrigin;
 class StorageSyncManager;
 
-enum StorageType { LocalStorage, SessionStorage };
+enum class StorageType;
+
 struct SecurityOriginData;
 
 class StorageArea : public RefCounted<StorageArea> {
diff -Nru webkit2gtk-2.16.1/Source/WebCore/storage/Storage.cpp webkit2gtk-2.16.2/Source/WebCore/storage/Storage.cpp
--- webkit2gtk-2.16.1/Source/WebCore/storage/Storage.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/storage/Storage.cpp	2017-05-07 09:25:28.000000000 +0000
@@ -33,6 +33,7 @@
 #include "SchemeRegistry.h"
 #include "SecurityOrigin.h"
 #include "StorageArea.h"
+#include "StorageType.h"
 #include <wtf/text/WTFString.h>
 
 namespace WebCore {
@@ -62,9 +63,6 @@
     if (!m_storageArea->canAccessStorage(m_frame))
         return Exception { SECURITY_ERR };
 
-    if (isDisabledByPrivateBrowsing())
-        return 0;
-
     return m_storageArea->length();
 }
 
@@ -73,9 +71,6 @@
     if (!m_storageArea->canAccessStorage(m_frame))
         return Exception { SECURITY_ERR };
 
-    if (isDisabledByPrivateBrowsing())
-        return String();
-
     return m_storageArea->key(index);
 }
 
@@ -84,9 +79,6 @@
     if (!m_storageArea->canAccessStorage(m_frame))
         return Exception { SECURITY_ERR };
 
-    if (isDisabledByPrivateBrowsing())
-        return String();
-
     return m_storageArea->item(key);
 }
 
@@ -95,9 +87,6 @@
     if (!m_storageArea->canAccessStorage(m_frame))
         return Exception { SECURITY_ERR };
 
-    if (isDisabledByPrivateBrowsing())
-        return Exception { QUOTA_EXCEEDED_ERR };
-
     bool quotaException = false;
     m_storageArea->setItem(m_frame, key, value, quotaException);
     if (quotaException)
@@ -110,9 +99,6 @@
     if (!m_storageArea->canAccessStorage(m_frame))
         return Exception { SECURITY_ERR };
 
-    if (isDisabledByPrivateBrowsing())
-        return { };
-
     m_storageArea->removeItem(m_frame, key);
     return { };
 }
@@ -122,9 +108,6 @@
     if (!m_storageArea->canAccessStorage(m_frame))
         return Exception { SECURITY_ERR };
 
-    if (isDisabledByPrivateBrowsing())
-        return { };
-
     m_storageArea->clear(m_frame);
     return { };
 }
@@ -134,23 +117,7 @@
     if (!m_storageArea->canAccessStorage(m_frame))
         return Exception { SECURITY_ERR };
 
-    if (isDisabledByPrivateBrowsing())
-        return false;
-
     return m_storageArea->contains(key);
 }
 
-bool Storage::isDisabledByPrivateBrowsing() const
-{
-    if (!m_frame->page()->usesEphemeralSession())
-        return false;
-
-    if (m_storageArea->storageType() == LocalStorage) {
-        if (SchemeRegistry::allowsLocalStorageAccessInPrivateBrowsing(m_frame->document()->securityOrigin().protocol()))
-            return false;
-    }
-
-    return true;
-}
-
 } // namespace WebCore
diff -Nru webkit2gtk-2.16.1/Source/WebCore/storage/StorageEventDispatcher.cpp webkit2gtk-2.16.2/Source/WebCore/storage/StorageEventDispatcher.cpp
--- webkit2gtk-2.16.1/Source/WebCore/storage/StorageEventDispatcher.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/storage/StorageEventDispatcher.cpp	2017-05-07 09:24:48.000000000 +0000
@@ -36,6 +36,7 @@
 #include "SecurityOrigin.h"
 #include "SecurityOriginData.h"
 #include "StorageEvent.h"
+#include "StorageType.h"
 
 namespace WebCore {
 
@@ -77,7 +78,7 @@
 
 void StorageEventDispatcher::dispatchSessionStorageEventsToFrames(Page& page, const Vector<RefPtr<Frame>>& frames, const String& key, const String& oldValue, const String& newValue, const String& url, const SecurityOriginData& securityOrigin)
 {
-    InspectorInstrumentation::didDispatchDOMStorageEvent(page, key, oldValue, newValue, SessionStorage, securityOrigin.securityOrigin().ptr());
+    InspectorInstrumentation::didDispatchDOMStorageEvent(page, key, oldValue, newValue, StorageType::Session, securityOrigin.securityOrigin().ptr());
 
     for (auto& frame : frames) {
         auto result = frame->document()->domWindow()->sessionStorage();
@@ -89,7 +90,7 @@
 void StorageEventDispatcher::dispatchLocalStorageEventsToFrames(PageGroup& pageGroup, const Vector<RefPtr<Frame>>& frames, const String& key, const String& oldValue, const String& newValue, const String& url, const SecurityOriginData& securityOrigin)
 {
     for (auto& page : pageGroup.pages())
-        InspectorInstrumentation::didDispatchDOMStorageEvent(*page, key, oldValue, newValue, LocalStorage, securityOrigin.securityOrigin().ptr());
+        InspectorInstrumentation::didDispatchDOMStorageEvent(*page, key, oldValue, newValue, StorageType::Local, securityOrigin.securityOrigin().ptr());
 
     for (auto& frame : frames) {
         auto result = frame->document()->domWindow()->localStorage();
diff -Nru webkit2gtk-2.16.1/Source/WebCore/storage/StorageMap.h webkit2gtk-2.16.2/Source/WebCore/storage/StorageMap.h
--- webkit2gtk-2.16.1/Source/WebCore/storage/StorageMap.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/storage/StorageMap.h	2017-05-07 09:25:28.000000000 +0000
@@ -51,11 +51,12 @@
 
     unsigned quota() const { return m_quotaSize; }
 
+    WEBCORE_EXPORT Ref<StorageMap> copy();
+
     static const constexpr unsigned noQuota = UINT_MAX;
 
 private:
     explicit StorageMap(unsigned quota);
-    Ref<StorageMap> copy();
     void invalidateIterator();
     void setIteratorToIndex(unsigned);
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/storage/StorageNamespaceProvider.cpp webkit2gtk-2.16.2/Source/WebCore/storage/StorageNamespaceProvider.cpp
--- webkit2gtk-2.16.1/Source/WebCore/storage/StorageNamespaceProvider.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/storage/StorageNamespaceProvider.cpp	2017-05-07 09:25:28.000000000 +0000
@@ -27,6 +27,7 @@
 #include "StorageNamespaceProvider.h"
 
 #include "Document.h"
+#include "Page.h"
 #include "SecurityOriginData.h"
 #include "StorageArea.h"
 #include "StorageNamespace.h"
@@ -61,9 +62,23 @@
 
 RefPtr<StorageArea> StorageNamespaceProvider::localStorageArea(Document& document)
 {
-    auto& storageNamespace = document.securityOrigin().canAccessLocalStorage(&document.topOrigin()) ? localStorageNamespace() : transientLocalStorageNamespace(document.topOrigin());
+    // This StorageNamespaceProvider was retrieved from the Document's Page,
+    // so the Document had better still actually have a Page.
+    ASSERT(document.page());
+
+    bool ephemeral = document.page()->usesEphemeralSession();
+    bool transient = !document.securityOrigin().canAccessLocalStorage(&document.topOrigin());
+
+    RefPtr<StorageNamespace> storageNamespace;
+
+    if (transient)
+        storageNamespace = &transientLocalStorageNamespace(document.topOrigin());
+    else if (ephemeral)
+        storageNamespace = document.page()->ephemeralLocalStorage();
+    else
+        storageNamespace = &localStorageNamespace();
 
-    return storageNamespace.storageArea(SecurityOriginData::fromSecurityOrigin(document.securityOrigin()));
+    return storageNamespace->storageArea(SecurityOriginData::fromSecurityOrigin(document.securityOrigin()));
 }
 
 StorageNamespace& StorageNamespaceProvider::localStorageNamespace()
diff -Nru webkit2gtk-2.16.1/Source/WebCore/storage/StorageNamespaceProvider.h webkit2gtk-2.16.2/Source/WebCore/storage/StorageNamespaceProvider.h
--- webkit2gtk-2.16.1/Source/WebCore/storage/StorageNamespaceProvider.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/storage/StorageNamespaceProvider.h	2017-05-07 09:25:28.000000000 +0000
@@ -45,6 +45,8 @@
     WEBCORE_EXPORT virtual ~StorageNamespaceProvider();
 
     virtual RefPtr<StorageNamespace> createSessionStorageNamespace(Page&, unsigned quota) = 0;
+    virtual RefPtr<StorageNamespace> createEphemeralLocalStorageNamespace(Page&, unsigned quota) = 0;
+
     RefPtr<StorageArea> localStorageArea(Document&);
 
     void addPage(Page&);
diff -Nru webkit2gtk-2.16.1/Source/WebCore/storage/StorageType.h webkit2gtk-2.16.2/Source/WebCore/storage/StorageType.h
--- webkit2gtk-2.16.1/Source/WebCore/storage/StorageType.h	1970-01-01 00:00:00.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/storage/StorageType.h	2017-05-07 09:25:28.000000000 +0000
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+namespace WebCore {
+
+enum class StorageType {
+    Session,
+    Local,
+    EphemeralLocal,
+    TransientLocal,
+};
+
+inline bool isLocalStorage(StorageType storageType)
+{
+    return storageType == StorageType::Local || storageType == StorageType::TransientLocal || storageType == StorageType::EphemeralLocal;
+}
+
+inline bool isPersistentLocalStorage(StorageType storageType)
+{
+    return storageType == StorageType::Local || storageType == StorageType::TransientLocal;
+}
+
+} // namespace WebCore
diff -Nru webkit2gtk-2.16.1/Source/WebCore/svg/SVGSVGElement.cpp webkit2gtk-2.16.2/Source/WebCore/svg/SVGSVGElement.cpp
--- webkit2gtk-2.16.1/Source/WebCore/svg/SVGSVGElement.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/svg/SVGSVGElement.cpp	2017-05-08 08:25:45.000000000 +0000
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2004, 2005, 2006 Nikolas Zimmermann <zimmermann@kde.org>
  * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2010 Rob Buis <buis@kde.org>
- * Copyright (C) 2007, 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2007-2017 Apple Inc. All rights reserved.
  * Copyright (C) 2014 Adobe Systems Incorporated. All rights reserved.
  *
  * This library is free software; you can redistribute it and/or
@@ -24,6 +24,7 @@
 #include "SVGSVGElement.h"
 
 #include "CSSHelper.h"
+#include "DOMWrapperWorld.h"
 #include "ElementIterator.h"
 #include "EventNames.h"
 #include "FrameSelection.h"
@@ -215,19 +216,19 @@
         // For these events, the outermost <svg> element works like a <body> element does,
         // setting certain event handlers directly on the window object.
         if (name == HTMLNames::onunloadAttr) {
-            document().setWindowAttributeEventListener(eventNames().unloadEvent, name, value);
+            document().setWindowAttributeEventListener(eventNames().unloadEvent, name, value, mainThreadNormalWorld());
             return;
         }
         if (name == HTMLNames::onresizeAttr) {
-            document().setWindowAttributeEventListener(eventNames().resizeEvent, name, value);
+            document().setWindowAttributeEventListener(eventNames().resizeEvent, name, value, mainThreadNormalWorld());
             return;
         }
         if (name == HTMLNames::onscrollAttr) {
-            document().setWindowAttributeEventListener(eventNames().scrollEvent, name, value);
+            document().setWindowAttributeEventListener(eventNames().scrollEvent, name, value, mainThreadNormalWorld());
             return;
         }
         if (name == SVGNames::onzoomAttr) {
-            document().setWindowAttributeEventListener(eventNames().zoomEvent, name, value);
+            document().setWindowAttributeEventListener(eventNames().zoomEvent, name, value, mainThreadNormalWorld());
             return;
         }
     }
@@ -236,11 +237,11 @@
     // setting certain event handlers directly on the window object.
     // FIXME: Why different from the events above that work only on the outermost <svg> element?
     if (name == HTMLNames::onabortAttr) {
-        document().setWindowAttributeEventListener(eventNames().abortEvent, name, value);
+        document().setWindowAttributeEventListener(eventNames().abortEvent, name, value, mainThreadNormalWorld());
         return;
     }
     if (name == HTMLNames::onerrorAttr) {
-        document().setWindowAttributeEventListener(eventNames().errorEvent, name, value);
+        document().setWindowAttributeEventListener(eventNames().errorEvent, name, value, mainThreadNormalWorld());
         return;
     }
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/workers/WorkerMessagingProxy.cpp webkit2gtk-2.16.2/Source/WebCore/workers/WorkerMessagingProxy.cpp
--- webkit2gtk-2.16.1/Source/WebCore/workers/WorkerMessagingProxy.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/workers/WorkerMessagingProxy.cpp	2017-05-08 08:57:36.000000000 +0000
@@ -58,6 +58,9 @@
 {
     ASSERT((is<Document>(*m_scriptExecutionContext) && isMainThread())
         || (is<WorkerGlobalScope>(*m_scriptExecutionContext) && currentThread() == downcast<WorkerGlobalScope>(*m_scriptExecutionContext).thread().threadID()));
+
+    // Nobody outside this class ref counts this object. The original ref
+    // is balanced by the deref in workerGlobalScopeDestroyedInternal.
 }
 
 WorkerMessagingProxy::~WorkerMessagingProxy()
@@ -162,8 +165,9 @@
 
 void WorkerMessagingProxy::postMessageToPageInspector(const String& message)
 {
-    RunLoop::main().dispatch([this, message = message.isolatedCopy()] {
-        m_inspectorProxy->sendMessageFromWorkerToFrontend(message);
+    RunLoop::main().dispatch([this, protectedThis = makeRef(*this), message = message.isolatedCopy()] {
+        if (!m_mayBeDestroyed)
+            m_inspectorProxy->sendMessageFromWorkerToFrontend(message);
     });
 }
 
@@ -233,8 +237,9 @@
 
     m_inspectorProxy->workerTerminated();
 
+    // This balances the original ref in construction.
     if (m_mayBeDestroyed)
-        delete this;
+        deref();
 }
 
 void WorkerMessagingProxy::terminateWorkerGlobalScope()
diff -Nru webkit2gtk-2.16.1/Source/WebCore/workers/WorkerMessagingProxy.h webkit2gtk-2.16.2/Source/WebCore/workers/WorkerMessagingProxy.h
--- webkit2gtk-2.16.1/Source/WebCore/workers/WorkerMessagingProxy.h	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/workers/WorkerMessagingProxy.h	2017-05-08 08:57:36.000000000 +0000
@@ -28,20 +28,20 @@
 #include "WorkerGlobalScopeProxy.h"
 #include "WorkerLoaderProxy.h"
 #include "WorkerObjectProxy.h"
+#include <wtf/ThreadSafeRefCounted.h>
 
 namespace WebCore {
 
 class DedicatedWorkerThread;
 class WorkerInspectorProxy;
 
-class WorkerMessagingProxy final : public WorkerGlobalScopeProxy, public WorkerObjectProxy, public WorkerLoaderProxy {
+class WorkerMessagingProxy final : public ThreadSafeRefCounted<WorkerMessagingProxy>, public WorkerGlobalScopeProxy, public WorkerObjectProxy, public WorkerLoaderProxy {
     WTF_MAKE_FAST_ALLOCATED;
 public:
     explicit WorkerMessagingProxy(Worker&);
-
-private:
     virtual ~WorkerMessagingProxy();
 
+private:
     // Implementations of WorkerGlobalScopeProxy.
     // (Only use these functions in the worker object thread.)
     void startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, MonotonicTime timeOrigin, JSC::RuntimeFlags) final;
diff -Nru webkit2gtk-2.16.1/Source/WebCore/xml/DOMParser.cpp webkit2gtk-2.16.2/Source/WebCore/xml/DOMParser.cpp
--- webkit2gtk-2.16.1/Source/WebCore/xml/DOMParser.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/xml/DOMParser.cpp	2017-05-08 12:55:17.000000000 +0000
@@ -21,6 +21,7 @@
 
 #include "DOMImplementation.h"
 #include "ExceptionCode.h"
+#include "SecurityOriginPolicy.h"
 
 namespace WebCore {
 
@@ -42,6 +43,10 @@
     if (m_contextDocument)
         document->setContextDocument(*m_contextDocument.get());
     document->setContent(string);
+    if (m_contextDocument) {
+        document->setURL(m_contextDocument->url());
+        document->setSecurityOriginPolicy(m_contextDocument->securityOriginPolicy());
+    }
     return WTFMove(document);
 }
 
diff -Nru webkit2gtk-2.16.1/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp webkit2gtk-2.16.2/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp
--- webkit2gtk-2.16.1/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp	2017-05-08 08:59:01.000000000 +0000
@@ -511,7 +511,7 @@
     parser->_private = userData;
 
     // Substitute entities.
-    xmlCtxtUseOptions(parser, XML_PARSE_NOENT);
+    xmlCtxtUseOptions(parser, XML_PARSE_NOENT | XML_PARSE_HUGE);
 
     switchToUTF16(parser);
 
@@ -540,7 +540,7 @@
 
     // Substitute entities.
     // FIXME: Why is XML_PARSE_NODICT needed? This is different from what createStringParser does.
-    xmlCtxtUseOptions(parser, XML_PARSE_NODICT | XML_PARSE_NOENT);
+    xmlCtxtUseOptions(parser, XML_PARSE_NODICT | XML_PARSE_NOENT | XML_PARSE_HUGE);
 
     // Internal initialization
     parser->sax2 = 1;
diff -Nru webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/BreakpointActionAdd.svg webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/BreakpointActionAdd.svg
--- webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/BreakpointActionAdd.svg	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/BreakpointActionAdd.svg	1970-01-01 00:00:00.000000000 +0000
@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Licensed under the Creative Commons Attribution-Share Alike 3.0 United States License (http://creativecommons.org/licenses/by-sa/3.0/) -->
-<svg xmlns="http://www.w3.org/2000/svg" id="root" version="1.1" viewBox="0 0 16 16">
- <path fill="#bebebe" d="m7 3v4h-4v2h4v4h2v-4h4v-2h-4v-4h-2z"/>
-</svg>
diff -Nru webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/BreakpointActionRemove.svg webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/BreakpointActionRemove.svg
--- webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/BreakpointActionRemove.svg	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/BreakpointActionRemove.svg	1970-01-01 00:00:00.000000000 +0000
@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Licensed under the Creative Commons Attribution-Share Alike 3.0 United States License (http://creativecommons.org/licenses/by-sa/3.0/) -->
-<svg xmlns="http://www.w3.org/2000/svg" id="root" version="1.1" viewBox="0 0 16 16">
- <rect width="9.9996" height="2.0002" x="3.0002" y="6.9998" fill="#bebebe"/>
-</svg>
Binary files /tmp/tmpvQ_4OX/OZ9TMoblAX/webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/Colors@2x.png and /tmp/tmpvQ_4OX/T7kyix0iWG/webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/Colors@2x.png differ
Binary files /tmp/tmpvQ_4OX/OZ9TMoblAX/webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/ColorsLarge@2x.png and /tmp/tmpvQ_4OX/T7kyix0iWG/webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/ColorsLarge@2x.png differ
Binary files /tmp/tmpvQ_4OX/OZ9TMoblAX/webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/ColorsLarge.png and /tmp/tmpvQ_4OX/T7kyix0iWG/webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/ColorsLarge.png differ
Binary files /tmp/tmpvQ_4OX/OZ9TMoblAX/webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/Colors.png and /tmp/tmpvQ_4OX/T7kyix0iWG/webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/Colors.png differ
diff -Nru webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/FontVariantSmallCaps.svg webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/FontVariantSmallCaps.svg
--- webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/FontVariantSmallCaps.svg	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/FontVariantSmallCaps.svg	1970-01-01 00:00:00.000000000 +0000
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Licensed under the Creative Commons Attribution-Share Alike 3.0 United States License (http://creativecommons.org/licenses/by-sa/3.0/) -->
-<svg xmlns="http://www.w3.org/2000/svg" id="root" version="1.1" viewBox="0 0 16 16">
- <path d="m4.0883 3.5-3.2143 9h1.9286c0.95538-2.5714 0.01422 0 0.96959-2.5714h3.2037l0.96958 2.5714h1.9286l-3.2143-9zm1.2857 1.9286 1.2999 3.2143h-2.5714z"/>
- <path d="m9.9413 5.5v7h3.0406c0.65735 0 1.2479-0.26693 1.6188-0.67812 0.37082-0.4112 0.53191-0.93246 0.525-1.4438-0.007-0.51129-0.20014-1.0172-0.56875-1.4219-0.14324-0.15727-0.32798-0.28606-0.525-0.39375 0.16764-0.3207 0.3536-0.63549 0.35-0.98437-0.0052-0.50368-0.16425-1.0199-0.525-1.4219-0.361-0.4019-0.94-0.6561-1.575-0.6561zm1.4 1.4h0.94062c0.28177 0 0.41831 0.077986 0.525 0.19687 0.10669 0.11889 0.17303 0.31227 0.175 0.50313 0.0018 0.19085-0.05171 0.36738-0.15312 0.48125-0.1014 0.11387-0.24544 0.19688-0.54688 0.19688h-0.94062zm0 2.7781h1.6406c0.29488 0 0.43357 0.09436 0.54688 0.21875 0.1133 0.12439 0.19425 0.30895 0.19688 0.50312 0.0027 0.19418-0.06869 0.36335-0.175 0.48125-0.107 0.118-0.248 0.219-0.569 0.219h-1.6406z"/>
-</svg>
Binary files /tmp/tmpvQ_4OX/OZ9TMoblAX/webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/Frames@2x.png and /tmp/tmpvQ_4OX/T7kyix0iWG/webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/Frames@2x.png differ
Binary files /tmp/tmpvQ_4OX/OZ9TMoblAX/webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/Frames.png and /tmp/tmpvQ_4OX/T7kyix0iWG/webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/Frames.png differ
diff -Nru webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/HeapAllocationsInstrument.svg webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/HeapAllocationsInstrument.svg
--- webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/HeapAllocationsInstrument.svg	1970-01-01 00:00:00.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/HeapAllocationsInstrument.svg	2017-05-08 11:51:29.000000000 +0000
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed under the Creative Commons Attribution-Share Alike 3.0 United States License (http://creativecommons.org/licenses/by-sa/3.0/) -->
+<svg xmlns="http://www.w3.org/2000/svg" id="root" version="1.1" viewBox="0 0 16 16">
+ <rect width="9.9437" height="1" x="5.5849" y="5" fill="#e0a685"/>
+ <rect width="9.9437" height=".97577" x="5.5276" y="14" fill="#e0a685"/>
+ <rect width="1" height="10" x="5.5286" y="5" fill="#e0a685"/>
+ <rect width="1" height="9.8951" x="14.529" y="5.1049" fill="#e0a685"/>
+ <rect width="9.9437" height="1" x=".52864" y="1" fill="#e0a685"/>
+ <rect width="9.9437" height=".97577" x=".52763" y="10" fill="#e0a685"/>
+ <rect width="1" height="10" x=".52864" y="1" fill="#e0a685"/>
+ <rect width="1" height="10" x="9.5286" y="1" fill="#e0a685"/>
+ <path fill="#e0a685" d="m0.52864 2 5 4 1-1-5-4z"/>
+ <path fill="#e0a685" d="m9.5286 2 5 4 1-1-5-4z"/>
+ <path fill="#e0a685" d="m0.52864 11 5 4 1-1-5-4z"/>
+ <path fill="#e0a685" d="m9.5286 11 5 4 1-1-5-4z"/>
+</svg>
diff -Nru webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/LayoutInstrument.svg webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/LayoutInstrument.svg
--- webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/LayoutInstrument.svg	1970-01-01 00:00:00.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/LayoutInstrument.svg	2017-05-08 11:51:29.000000000 +0000
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed under the Creative Commons Attribution-Share Alike 3.0 United States License (http://creativecommons.org/licenses/by-sa/3.0/) -->
+<svg xmlns="http://www.w3.org/2000/svg" id="root" version="1.1" viewBox="0 0 16 16">
+ <rect width="13.952" height="1" x="1.0242" y="9.9982" fill="#b0cb67" rx=".62308" ry="0.5" display="block"/>
+ <path fill="#b0cb67" d="m12.263 6.5471-2.7128-1.5489-0.77509 0.77447 1.5502 1.9362 0.77509 4.6468 0.92382 1.6425v2l1-1 0.0139-3.8042z" display="block"/>
+ <path fill="#b0cb67" d="m3.788 6.5471 2.6732-1.5489 0.76377 0.77447-1.5275 1.9362-0.76377 4.6468-0.90942 1.6425v2l-1-1v-3.8042z" display="block"/>
+ <rect width="2" height="1.9963" x="7.0242" y=".0018385" fill="#b0cb67" rx=".75" ry="0.6" display="block"/>
+ <rect width="2" height="3" x="7.0242" y="8.9982" fill="#b0cb67" rx="1.0556" ry="1.1061" display="block"/>
+ <path fill="#b0cb67" d="m8.0242 0.99816c-1.6568 0-3 1.3431-3 3 0 1.6568 1.3432 3 3 3s3-1.3432 3-3-1.3432-3-3-3zm0 1.4687c0.84518 0 1.5312 0.68607 1.5312 1.5312 0 0.84518-0.68607 1.5312-1.5312 1.5312-0.84518 0-1.5312-0.68607-1.5312-1.5312 0-0.84518 0.68607-1.5312 1.5312-1.5312z"/>
+</svg>
diff -Nru webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/MemoryInstrument.svg webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/MemoryInstrument.svg
--- webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/MemoryInstrument.svg	1970-01-01 00:00:00.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/MemoryInstrument.svg	2017-05-08 11:51:29.000000000 +0000
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed under the Creative Commons Attribution-Share Alike 3.0 United States License (http://creativecommons.org/licenses/by-sa/3.0/) -->
+<svg xmlns="http://www.w3.org/2000/svg" id="root" version="1.1" viewBox="0 0 16 16">
+ <path fill="#e0a685" d="m5.4687 3.6207c-1.108 0-2 0.892-2 2v5c0 1.108 0.892 2 2 2h5c1.108 0 2-0.892 2-2v-5c0-1.108-0.892-2-2-2z"/>
+ <rect width="1" height="2" x="4.4687" y=".53861" fill="#e0a685" rx="2" ry="2"/>
+ <rect width="1" height="2" x="6.4687" y=".53861" fill="#e0a685" rx="2" ry="2"/>
+ <rect width="1" height="2" x="8.4687" y=".53861" fill="#e0a685" rx="2" ry="2"/>
+ <rect width="1" height="2" x="10.469" y=".53861" fill="#e0a685" rx="2" ry="2"/>
+ <rect width="1" height="2" x="4.4687" y="13.539" fill="#e0a685" rx="2" ry="2"/>
+ <rect width="1" height="2" x="6.4687" y="13.539" fill="#e0a685" rx="2" ry="2"/>
+ <rect width="1" height="2" x="8.4687" y="13.539" fill="#e0a685" rx="2" ry="2"/>
+ <rect width="1" height="2" x="10.469" y="13.539" fill="#e0a685" rx="2" ry="2"/>
+ <rect width="2" height="1" x=".46867" y="4.3768" fill="#e0a685" rx="2" ry="2"/>
+ <rect width="2" height="1" x=".46867" y="6.3768" fill="#e0a685" rx="2" ry="2"/>
+ <rect width="2" height="1" x=".46867" y="8.3768" fill="#e0a685" rx="2" ry="2"/>
+ <rect width="2" height="1" x=".46867" y="10.377" fill="#e0a685" rx="2" ry="2"/>
+ <rect width="2" height="1" x="13.469" y="4.3768" fill="#e0a685" rx="2" ry="2"/>
+ <rect width="2" height="1" x="13.469" y="6.3768" fill="#e0a685" rx="2" ry="2"/>
+ <rect width="2" height="1" x="13.469" y="8.3768" fill="#e0a685" rx="2" ry="2"/>
+ <rect width="2" height="1" x="13.469" y="10.377" fill="#e0a685" rx="2" ry="2"/>
+</svg>
diff -Nru webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/NavigationItemCurleyBraces.svg webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/NavigationItemCurleyBraces.svg
--- webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/NavigationItemCurleyBraces.svg	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/NavigationItemCurleyBraces.svg	2017-05-08 11:49:43.000000000 +0000
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Licensed under the Creative Commons Attribution-Share Alike 3.0 United States License (http://creativecommons.org/licenses/by-sa/3.0/) -->
 <svg xmlns="http://www.w3.org/2000/svg" id="root" version="1.1" viewBox="0 0 16 16">
- <path stroke="currentColor" d="m3.4301 5.4599c-0.1536 1.1724-0.7677 1.6887-1.4236 1.8004l-0.23726 0.027913v1.4236l0.23726 0.027913c0.23726 0.04187 0.46057 0.13957 0.65596 0.27913 0.86531 0.62805 0.75366 1.7585 0.85135 2.7076 0.26518 2.6099 2.1074 3.0565 2.7495 3.0984l0.23726 0.02791 0.33496-1.4236-0.30705-0.04187c-0.4606-0.056-0.8514-0.349-1.0747-0.684-0.7537-1.158 0.0558-3.3911-1.4934-4.703 1.5352-1.3119 0.7257-3.531 1.4934-4.7034 0.2233-0.3349 0.6141-0.642 1.0746-0.6978l0.3071-0.0419-0.335-1.4096-0.2373 0.014c-0.7397 0.0558-2.4982 0.5443-2.7494 3.196-0.0279 0.3769-0.0419 0.7537-0.0837 1.1026"/>
- <path stroke="currentColor" d="m12.486 4.3573c-0.251-2.6378-1.996-3.1402-2.7492-3.196l-0.2373-0.014-0.321 1.4096 0.307 0.0419c0.46057 0.055826 0.8374 0.36287 1.0607 0.69783 0.76761 1.1724-0.04187 3.3915 1.4934 4.7034-1.5492 1.3119-0.7397 3.545-1.4934 4.7034-0.2233 0.33496-0.60013 0.62805-1.0607 0.68387l-0.30705 0.04187 0.321 1.4236 0.23726-0.02791c0.642-0.04187 2.4843-0.48848 2.7495-3.0984 0.0977-0.94905-0.01396-2.0795 0.85135-2.7076 0.19539-0.13957 0.43266-0.23726 0.66992-0.27913l0.2233-0.027913v-1.4236l-0.2233-0.027913c-0.655-0.1129-1.27-0.6292-1.423-1.8016-0.042-0.3489-0.07-0.7257-0.098-1.1026"/>
+ <path fill="none" stroke="currentColor" stroke-width="1.7919" d="m8.8266 14.775c2.4332-0.39123 3.2093-1.2357 3.3288-3.1057 0.08782-1.3739-0.01793-2.6805 1.5146-3.6732-1.533-0.9927-1.427-2.2992-1.515-3.6731-0.119-1.8701-0.895-2.7145-3.3284-3.1057"/>
+ <path fill="none" stroke="currentColor" stroke-width="1.7919" d="m7.253 14.775c-2.4332-0.391-3.2092-1.236-3.3288-3.106-0.0878-1.374 0.018-2.6801-1.5145-3.6729 1.5325-0.9927 1.4267-2.2992 1.5145-3.6731 0.1196-1.8701 0.8956-2.7145 3.3288-3.1057"/>
 </svg>
diff -Nru webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/NavigationItemTypes.svg webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/NavigationItemTypes.svg
--- webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/NavigationItemTypes.svg	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/NavigationItemTypes.svg	2017-05-08 11:49:09.000000000 +0000
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Licensed under the Creative Commons Attribution-Share Alike 3.0 United States License (http://creativecommons.org/licenses/by-sa/3.0/) -->
 <svg xmlns="http://www.w3.org/2000/svg" id="root" version="1.1" viewBox="0 0 13 14">
- <rect stroke="currentColor" width="12" height="12" x=".49998" y="1.0001" fill="none" stroke-width=".99996" stroke-miterlimit="10" stroke-linejoin="bevel" rx="1.2112" ry="1.2111"/>
- <path stroke="currentColor" d="m3.0938 2.75c-0.02216 0.00743-0.04326 0.017981-0.0625 0.03125-0.03888 0.02211-0.07164 0.054868-0.09375 0.09375-0.01327 0.019236-0.02385 0.040343-0.03125 0.0625-0.0026 0.020724-0.0026 0.041776 0 0.0625v1.2813a0.25002 0.25002 0 0 0 0 0.0625 0.25002 0.25002 0 0 0 0.09375 0.125 0.25002 0.25002 0 0 0 0.03125 0.03125 0.25002 0.25002 0 0 0 0.09375 0.03125 0.25002 0.25002 0 0 0 0.03125 0h2.375v6.4687a0.25002 0.25002 0 0 0 0.03125 0.09375 0.25002 0.25002 0 0 0 0.0625 0.09375 0.25002 0.25002 0 0 0 0.0625 0.03125 0.25002 0.25002 0 0 0 0.09375 0.03125h1.4062a0.25002 0.25002 0 0 0 0.0625 0 0.25002 0.25002 0 0 0 0.0625 -0.03125 0.25002 0.25002 0 0 0 0.09375 -0.09375 0.25002 0.25002 0 0 0 0.03125 -0.0625 0.25002 0.25002 0 0 0 0 -0.0625v-6.4687h2.4063a0.25002 0.25002 0 0 0 0.0625 0 0.25002 0.25002 0 0 0 0.09375 -0.0625 0.25002 0.25002 0 0 0 0.03125 -0.03125 0.25002 0.25002 0 0 0 0.03125 -0.09375 0.25002 0.25002 0 0 0 0.03125 -0.0625v-1.2813a0.25002 0.25002 0 0 0 0 -0.0625 0.25002 0.25002 0 0 0 -0.032 -0.0625 0.25002 0.25002 0 0 0 -0.0933 -0.0938 0.25002 0.25002 0 0 0 -0.0625 -0.0312 0.25002 0.25002 0 0 0 -0.0625 0h-6.6875c-0.02072-0.00261-0.04178-0.00261-0.0625 0z" display="block"/>
+ <rect width="12" height="12" x=".49998" y="1.0001" fill="none" stroke="currentColor" stroke-width=".99996" stroke-miterlimit="10" ry="1.2111" rx="1.2112" stroke-linejoin="bevel"/>
+ <path fill="currentColor" d="m3.0938 2.75c-0.02216 0.00743-0.04326 0.017981-0.0625 0.03125-0.03888 0.02211-0.07164 0.054868-0.09375 0.09375-0.01327 0.019236-0.02385 0.040343-0.03125 0.0625-0.0026 0.020724-0.0026 0.041776 0 0.0625v1.2813a0.25002 0.25002 0 0 0 0 0.0625 0.25002 0.25002 0 0 0 0.09375 0.125 0.25002 0.25002 0 0 0 0.03125 0.03125 0.25002 0.25002 0 0 0 0.09375 0.03125 0.25002 0.25002 0 0 0 0.03125 0h2.375v6.4687a0.25002 0.25002 0 0 0 0.03125 0.09375 0.25002 0.25002 0 0 0 0.0625 0.09375 0.25002 0.25002 0 0 0 0.0625 0.03125 0.25002 0.25002 0 0 0 0.09375 0.03125h1.4062a0.25002 0.25002 0 0 0 0.0625 0 0.25002 0.25002 0 0 0 0.0625 -0.03125 0.25002 0.25002 0 0 0 0.09375 -0.09375 0.25002 0.25002 0 0 0 0.03125 -0.0625 0.25002 0.25002 0 0 0 0 -0.0625v-6.4687h2.4063a0.25002 0.25002 0 0 0 0.0625 0 0.25002 0.25002 0 0 0 0.09375 -0.0625 0.25002 0.25002 0 0 0 0.03125 -0.03125 0.25002 0.25002 0 0 0 0.03125 -0.09375 0.25002 0.25002 0 0 0 0.03125 -0.0625v-1.2813a0.25002 0.25002 0 0 0 0 -0.0625 0.25002 0.25002 0 0 0 -0.032 -0.0625 0.25002 0.25002 0 0 0 -0.0933 -0.0938 0.25002 0.25002 0 0 0 -0.0625 -0.0312 0.25002 0.25002 0 0 0 -0.0625 0h-6.6875c-0.02072-0.00261-0.04178-0.00261-0.0625 0z" display="block"/>
 </svg>
Binary files /tmp/tmpvQ_4OX/OZ9TMoblAX/webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/Network@2x.png and /tmp/tmpvQ_4OX/T7kyix0iWG/webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/Network@2x.png differ
diff -Nru webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/NetworkInstrument.svg webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/NetworkInstrument.svg
--- webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/NetworkInstrument.svg	1970-01-01 00:00:00.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/NetworkInstrument.svg	2017-05-08 11:51:29.000000000 +0000
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed under the Creative Commons Attribution-Share Alike 3.0 United States License (http://creativecommons.org/licenses/by-sa/3.0/) -->
+<svg xmlns="http://www.w3.org/2000/svg" id="root" version="1.1" viewBox="0 0 16 16">
+ <path fill="#77b1c7" d="m8 0c-4.4047 0-8 3.5953-8 8s3.5953 8 8 8 8-3.5953 8-8-3.5953-8-8-8zm0 2.1875c3.2218 0 5.8125 2.5908 5.8125 5.8125 0 3.2218-2.5908 5.8125-5.8125 5.8125-3.2218 0-5.8125-2.5907-5.8125-5.8125s2.5908-5.8125 5.8125-5.8125z"/>
+ <path fill="#77b1c7" d="m8.1504 2.9609l-0.5762 0.0664-0.707 0.1993-0.1328 0.1328 0.4433 0.2871v0.1758l-0.1777 0.1777 0.2207 0.4648 0.1543-0.0898 0.1992-0.3086c0.2957-0.0914 0.5608-0.202 0.8418-0.332l0.2207-0.5742-0.4863-0.1993zm1.5996 0.2891l-0.2812 0.0625-0.2813 0.1875v0.125l-0.375 0.2812 0.0625 0.3438 0.25-0.1562 0.1562 0.1562 0.1563 0.0938 0.0937-0.2813-0.0624-0.1563 0.0624-0.0937 0.25-0.2187h0.0938l-0.0938 0.2187v0.2187c0.0954-0.026 0.1837-0.0504 0.2808-0.0624l-0.2808 0.1874v0.125l-0.3124 0.25-0.3126-0.0624v-0.1876l-0.1562 0.0938 0.0625 0.1562h-0.2187l-0.1563 0.2188-0.1563 0.1875-0.2812 0.0625 0.1875 0.1562 0.0313 0.1563h-0.2188l-0.25 0.1563v0.4062h0.125l0.125 0.125 0.25-0.125 0.0938-0.25 0.1874-0.125 0.0626-0.0938 0.3124-0.0624 0.1563 0.1874 0.1563 0.0938-0.0938 0.2188 0.1875-0.0626 0.0625-0.2187-0.1875-0.2187h0.0625l0.2188 0.1562 0.0624 0.25 0.1563 0.2188 0.0625-0.3126 0.094-0.0624c0.102 0.1065 0.194 0.255 0.281 0.375h0.313l0.218 0.75c-0.096 0.088-0.183 0.1644-0.281 0.25h-0.25l-0.375-0.0938h-0.1562l-0.1563 0.1875-0.375-0.4063-0.25-0.0624-0.4063 0.0624-0.5 0.1876c-0.198 0.2244-0.25 0.3293-0.4374 0.5624l0.0312 0.3438 0.0938 0.0938-0.1876 0.2812 0.1876 0.5c0.1765 0.1997 0.3549 0.3939 0.5312 0.5938l0.2812-0.2188 0.125 0.125 0.25-0.1875 0.0938 0.125h0.2812l0.1876 0.1563-0.125 0.3437 0.2187 0.2187-0.0313 0.3748 0.1563 0.282-0.0937 0.25c-0.0102 0.172-0.0313 0.358-0.0313 0.531 0.0851 0.234 0.1383 0.451 0.2187 0.687l0.0938 0.406v0.157h0.125l0.25-0.125h0.25c0.004-0.003-0.004-0.029 0-0.032l0.437-0.437-0.062-0.156 0.25-0.25-0.188-0.188 0.25-0.219 0.219-0.124 0.094-0.126-0.063-0.25v-0.6558l0.219-0.4062 0.188-0.2812 0.281-0.5938v-0.1562c-0.117 0.014-0.26 0.0222-0.375 0.0312l0.25-0.25 0.344-0.25 0.187-0.2188v-0.2187c-0.041-0.0784-0.083-0.1405-0.125-0.2187l-0.156 0.1874-0.125-0.1562-0.188-0.125v-0.3125l0.219 0.2187h0.219c0.109 0.0988 0.217 0.2001 0.312 0.3126l0.188-0.2188c-0.356-1.3262-0.827-2.1357-1.406-2.8438-0.011-0.0104-0.021-0.0209-0.032-0.0312-0.27-0.2659-0.581-0.4871-0.906-0.6875l-0.156 0.1563-0.281-0.2813h0.219c-0.22-0.1212-0.4501-0.2243-0.688-0.3125zm-4.7188 0.6562l-0.0937 0.2188s-0.1463 0.0525-0.1875 0.0625c-0.2645 0.2402-0.6941 0.6225-1.0625 1.1875-0.0921 0.1412-0.1647 0.2722-0.25 0.4375-0.0363 0.0752-0.0924 0.1416-0.125 0.2187-0.0462 0.1008-0.0832 0.2033-0.125 0.3126-0.0174 0.0502-0.0153 0.1053-0.0313 0.1562-0.1251 0.4024-0.1977 0.8116-0.2187 1.25 0.0563 0.0907 0.125 0.2188 0.125 0.2188l0.375 0.25 0.4375 0.125 0.125 0.1874 0.2812 0.1876 0.1563-0.0313 0.125 0.0625v0.0312l-0.1563 0.4376-0.125 0.1874 0.0313 0.0626-0.0625 0.3124 0.3125 0.6568 0.3437 0.312 0.1563 0.188-0.0313 0.468 0.0938 0.282-0.0938 0.437c0.2211 0.159 0.4731 0.283 0.7188 0.406l-0.0312-0.125 0.1562-0.156 0.0625-0.156 0.25-0.063 0.2187-0.5-0.0937-0.125 0.125-0.187 0.2813-0.063 0.1874-0.344-0.0624-0.437 0.25-0.313 0.0312-0.312c-0.313-0.1581-0.5956-0.3373-0.9062-0.5l-0.1876-0.3125-0.25-0.0625-0.1874-0.4062-0.375 0.0312-0.3126-0.25-0.3437 0.3125v0.0313c-0.104-0.031-0.2513-0.005-0.3437-0.0626l-0.0626-0.25v-0.2187l-0.2187 0.0313c0.0202-0.1516 0.0422-0.3173 0.0625-0.4688l-0.125 0.0312-0.1562 0.1563-0.125 0.0313-0.1876-0.0938v-0.2188l0.0313-0.2812 0.2813-0.1875 0.2187-0.0313 0.0625-0.125 0.2812 0.0626 0.1876 0.2812 0.0312-0.4375 0.375-0.2813 0.1562-0.3437 0.2813-0.0937 0.125-0.25 0.3437-0.0626 0.1876-0.25h-0.5l0.2812-0.125h0.25l0.3125-0.125 0.0625-0.125-0.125-0.125-0.125-0.0312 0.0312-0.125-0.0937-0.1875-0.2187 0.0625 0.0312-0.1875-0.2812-0.125-0.1876 0.3437v0.1563l-0.2187 0.0937-0.125 0.2813-0.0313-0.2813-0.4062-0.1562-0.0312-0.1875 0.4687-0.25 0.2187-0.2187 0.0313-0.25-0.125-0.0626h-0.1563z"/>
+</svg>
Binary files /tmp/tmpvQ_4OX/OZ9TMoblAX/webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/NetworkLarge@2x.png and /tmp/tmpvQ_4OX/T7kyix0iWG/webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/NetworkLarge@2x.png differ
Binary files /tmp/tmpvQ_4OX/OZ9TMoblAX/webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/NetworkLarge.png and /tmp/tmpvQ_4OX/T7kyix0iWG/webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/NetworkLarge.png differ
Binary files /tmp/tmpvQ_4OX/OZ9TMoblAX/webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/Network.png and /tmp/tmpvQ_4OX/T7kyix0iWG/webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/Network.png differ
diff -Nru webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/RenderingFramesInstrument.svg webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/RenderingFramesInstrument.svg
--- webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/RenderingFramesInstrument.svg	1970-01-01 00:00:00.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/RenderingFramesInstrument.svg	2017-05-08 11:51:29.000000000 +0000
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed under the Creative Commons Attribution-Share Alike 3.0 United States License (http://creativecommons.org/licenses/by-sa/3.0/) -->
+<svg xmlns="http://www.w3.org/2000/svg" id="root" version="1.1" viewBox="0 0 16 16">
+ <path fill="#e89595" d="m-2.1137 15.165c2.7211 0.000981 2.4433-2.9637 3.7645-3.7892 1.531-0.95655 2.8727 0.22872 3.1406 1.2042 0.33799 1.2308-0.29547 2.2372-1.1373 2.7814-1.6149 1.044-5.5102 0.80146-5.7678-0.19643z"/>
+ <path fill="#e89595" d="m12.303 1.3725c0.308-0.66585-0.164-0.92118-0.733-0.3567-3.9986 3.9688-4.6837 4-8.4236 9.1492 1.0036 0.0377 1.8651 0.68644 2.3125 1.6228 4.4274-4.7722 4.9261-7.3331 6.8441-10.416z"/>
+ <rect width="16" height="15.978" x="-3.1137" y=".037515" fill="none" rx="1" ry="1"/>
+</svg>
Binary files /tmp/tmpvQ_4OX/OZ9TMoblAX/webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/Script@2x.png and /tmp/tmpvQ_4OX/T7kyix0iWG/webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/Script@2x.png differ
Binary files /tmp/tmpvQ_4OX/OZ9TMoblAX/webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/ScriptLarge@2x.png and /tmp/tmpvQ_4OX/T7kyix0iWG/webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/ScriptLarge@2x.png differ
Binary files /tmp/tmpvQ_4OX/OZ9TMoblAX/webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/ScriptLarge.png and /tmp/tmpvQ_4OX/T7kyix0iWG/webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/ScriptLarge.png differ
Binary files /tmp/tmpvQ_4OX/OZ9TMoblAX/webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/Script.png and /tmp/tmpvQ_4OX/T7kyix0iWG/webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/Script.png differ
diff -Nru webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/ScriptsInstrument.svg webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/ScriptsInstrument.svg
--- webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/ScriptsInstrument.svg	1970-01-01 00:00:00.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/ScriptsInstrument.svg	2017-05-08 11:51:29.000000000 +0000
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed under the Creative Commons Attribution-Share Alike 3.0 United States License (http://creativecommons.org/licenses/by-sa/3.0/) -->
+<svg xmlns="http://www.w3.org/2000/svg" id="root" version="1.1" viewBox="0 0 16 16">
+ <path fill="#bb92e8" d="m14.378 1.4871h-1.3247c-0.0046 4.4457-0.02153 6.6976 0 11.143h1.3247c-0.06826-4.4442-0.009-6.6965 0-11.143z"/>
+ <path fill="#bb92e8" d="m13.716 13.8-1.9871-2.3397h3.9742z"/>
+ <rect width="9.4188" height="3.2151" x="1.3747" y="5.7849" fill="#bb92e8" rx="1.3878e-16" ry="1.3878e-16"/>
+ <rect width="6.0742" height="6.1219" x="18.551" y="11.956" fill="#bb92e8" transform="matrix(.93173 .36316 -.93428 .35655 0 0)" rx="1.1729e-16" ry="1.1773e-16"/>
+ <rect width="10.969" height="3.1686" x=".59965" y=".20940" fill="#bb92e8" rx="0.8" ry="0.8"/>
+</svg>
Binary files /tmp/tmpvQ_4OX/OZ9TMoblAX/webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/Stopwatch@2x.png and /tmp/tmpvQ_4OX/T7kyix0iWG/webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/Stopwatch@2x.png differ
Binary files /tmp/tmpvQ_4OX/OZ9TMoblAX/webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/Stopwatch.png and /tmp/tmpvQ_4OX/T7kyix0iWG/webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/Stopwatch.png differ
diff -Nru webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/Stopwatch.svg webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/Stopwatch.svg
--- webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/Stopwatch.svg	1970-01-01 00:00:00.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/Stopwatch.svg	2017-05-08 11:55:48.000000000 +0000
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed under the Creative Commons Attribution-Share Alike 3.0 United States License (http://creativecommons.org/licenses/by-sa/3.0/) -->
+<svg xmlns="http://www.w3.org/2000/svg" id="root" version="1.1" viewBox="0 0 16 16">
+ <defs>
+  <linearGradient id="a" x1="4.8318" x2="7.3147" y1="2.981" y2="8.4838" gradientUnits="userSpaceOnUse" gradientTransform="translate(7.2292e-7 .00010801)">
+   <stop stop-color="#c0c0c0" offset="0"/>
+   <stop stop-color="#4d4d4d" offset="1"/>
+  </linearGradient>
+ </defs>
+ <rect width="1.0468" height="1.4734" x="10.537" y="-5.9769" fill="#696969" rx="0" transform="matrix(.77454 .63252 -.63252 .77454 0 0)"/>
+ <rect width="1.3537" height=".80834" x="10.384" y="-6.393" fill="#696969" transform="matrix(.77454 .63252 -.63252 .77454 0 0)" rx=".31377" ry=".43142"/>
+ <rect width="1.0468" height="1.4734" x="-1.783" y="4.0841" fill="#696969" rx="0" transform="matrix(-.77454 .63252 .63252 .77454 0 0)"/>
+ <rect width="1.3537" height=".80834" x="-1.9364" y="3.668" fill="#696969" transform="matrix(-.77454 .63252 .63252 .77454 0 0)" rx=".31377" ry=".43142"/>
+ <rect width="1.7382" height="2" x="7.084" y=".67643" fill="#696969" rx="0"/>
+ <rect width="2.2479" height="1.0972" x="6.8292" y=".11162" fill="#696969" rx=".31377" ry=".43142"/>
+ <circle cx="7.9531" cy="8.9622" r="6.1575" fill="#fff" stroke="url(#a)" stroke-width="1.5"/>
+ <path fill="#f00" fill-rule="evenodd" d="m10.759 5.1131-3.2397 3.5863 0.8486 0.6138z"/>
+ <circle cx="7.9531" cy="8.9622" r=".72222" fill="#fff" stroke="#000" stroke-width=".2"/>
+</svg>
diff -Nru webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/UpDownArrows.svg webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/UpDownArrows.svg
--- webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Images/gtk/UpDownArrows.svg	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Images/gtk/UpDownArrows.svg	2017-05-08 11:49:09.000000000 +0000
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Licensed under the Creative Commons Attribution-Share Alike 3.0 United States License (http://creativecommons.org/licenses/by-sa/3.0/) -->
 <svg xmlns="http://www.w3.org/2000/svg" id="root" version="1.1" viewBox="0 0 5 12">
- <path stroke="currentColor" d="m4.75 4.4276c-0.017-0.0714-0.0556-0.1375-0.1094-0.1875l-1.875-1.875-0.26562-0.25-0.26562 0.25-1.875 1.875c-0.06894 0.07-0.10908 0.1675-0.1094 0.2657v0.015625 0.03125 0.32812h0.28125 0.046875c0.11834 0.017935 0.24422-0.024025 0.32812-0.10938l1.5938-1.5938 1.6094 1.5938c0.069545 0.069441 0.16735 0.10971 0.26562 0.10938h0.078125 0.29688v-0.29688-0.046875-0.03125-0.046875z"/>
- <path stroke="currentColor" d="m4.75 7.5724c-0.017 0.0714-0.0556 0.1375-0.1094 0.1875l-1.875 1.875-0.26562 0.25-0.26562-0.25-1.875-1.875c-0.06894-0.07-0.10908-0.1675-0.1094-0.2657v-0.015625-0.03125-0.32812h0.28125 0.04687c0.11834-0.0179 0.24422 0.0241 0.32812 0.1094l1.5938 1.5938 1.6094-1.5938c0.0695-0.0694 0.1673-0.1097 0.2656-0.1094h0.07813 0.29688v0.29688 0.046875 0.03125 0.046875z"/>
+ <path fill="currentColor" d="m4.75 4.4276c-0.017-0.0714-0.0556-0.1375-0.1094-0.1875l-1.875-1.875-0.26562-0.25-0.26562 0.25-1.875 1.875c-0.06894 0.07-0.10908 0.1675-0.1094 0.2657v0.015625 0.03125 0.32812h0.28125 0.046875c0.11834 0.017935 0.24422-0.024025 0.32812-0.10938l1.5938-1.5938 1.6094 1.5938c0.069545 0.069441 0.16735 0.10971 0.26562 0.10938h0.078125 0.29688v-0.29688-0.046875-0.03125-0.046875z"/>
+ <path fill="currentColor" d="m4.75 7.5724c-0.017 0.0714-0.0556 0.1375-0.1094 0.1875l-1.875 1.875-0.26562 0.25-0.26562-0.25-1.875-1.875c-0.06894-0.07-0.10908-0.1675-0.1094-0.2657v-0.015625-0.03125-0.32812h0.28125 0.04687c0.11834-0.0179 0.24422 0.0241 0.32812 0.1094l1.5938 1.5938 1.6094-1.5938c0.0695-0.0694 0.1673-0.1097 0.2656-0.1094h0.07813 0.29688v0.29688 0.046875 0.03125 0.046875z"/>
 </svg>
diff -Nru webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Views/TimelineIcons.css webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Views/TimelineIcons.css
--- webkit2gtk-2.16.1/Source/WebInspectorUI/UserInterface/Views/TimelineIcons.css	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebInspectorUI/UserInterface/Views/TimelineIcons.css	2017-05-08 11:55:48.000000000 +0000
@@ -47,52 +47,10 @@
     content: url(../Images/RenderingFramesInstrument.svg);
 }
 
-/* FIXME: <https://webkit.org/b/153892> [GTK] Web Inspector: Add new GTK+ icons for instrument icons */
-body:not(.mac-platform, .windows-platform) .network-icon .icon {
-    content: image-set(url(../Images/Network.png) 1x, url(../Images/Network@2x.png) 2x);
-}
-
-body:not(.mac-platform, .windows-platform) .network-icon.large .icon {
-    content: image-set(url(../Images/NetworkLarge.png) 1x, url(../Images/NetworkLarge@2x.png) 2x);
-}
-
-body:not(.mac-platform, .windows-platform) .layout-icon .icon {
-    content: image-set(url(../Images/Colors.png) 1x, url(../Images/Colors@2x.png) 2x);
-}
-
-body:not(.mac-platform, .windows-platform) .layout-icon.large .icon {
-    content: image-set(url(../Images/ColorsLarge.png) 1x, url(../Images/ColorsLarge@2x.png) 2x);
-}
- 
-body:not(.mac-platform, .windows-platform) .script-icon .icon {
-    content: image-set(url(../Images/Script.png) 1x, url(../Images/Script@2x.png) 2x);
-}
- 
-body:not(.mac-platform, .windows-platform) .script-icon.large .icon {
-    content: image-set(url(../Images/ScriptLarge.png) 1x, url(../Images/ScriptLarge@2x.png) 2x);
-}
- 
-body:not(.mac-platform, .windows-platform) .rendering-frame-icon .icon {
-    content: image-set(url(../Images/Frames.png) 1x, url(../Images/Frames@2x.png) 2x);
-}
-
-body:not(.mac-platform, .windows-platform) .memory-icon .icon {
-    content: image-set(url(../Images/ScriptLarge.png) 1x, url(../Images/ScriptLarge@2x.png) 2x);
-}
-
-body:not(.mac-platform, .windows-platform) .heap-allocations-icon .icon {
-    content: image-set(url(../Images/ScriptLarge.png) 1x, url(../Images/ScriptLarge@2x.png) 2x);
-}
-
 .stopwatch-icon .icon {
     content: url(../Images/Stopwatch.svg);
 }
 
-/* FIXME: <https://webkit.org/b/154088> [GTK] Web Inspector: Add new GTK+ icon for timeline recording stopwatch */
-body:not(.mac-platform, .windows-platform) .stopwatch-icon .icon {
-    content: image-set(url(../Images/Stopwatch.png) 1x, url(../Images/Stopwatch@2x.png) 2x);
-}
-
 .time-icon .icon {
     content: url(../Images/Timeline.svg);
     width: 13px;
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/NetworkProcess/NetworkProcess.cpp webkit2gtk-2.16.2/Source/WebKit2/NetworkProcess/NetworkProcess.cpp
--- webkit2gtk-2.16.1/Source/WebKit2/NetworkProcess/NetworkProcess.cpp	2017-04-03 07:10:40.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/NetworkProcess/NetworkProcess.cpp	2017-05-08 10:31:38.000000000 +0000
@@ -511,7 +511,12 @@
     downloadProxyConnection()->send(Messages::DownloadProxy::DidReceiveResponse(response), destinationID);
 
     downloadManager().willDecidePendingDownloadDestination(networkDataTask, WTFMove(completionHandler));
-    String suggestedFilename = MIMETypeRegistry::appendFileExtensionIfNecessary(networkDataTask.suggestedFilename(), response.mimeType());
+
+    // As per https://html.spec.whatwg.org/#as-a-download (step 2), the filename from the Content-Disposition header
+    // should override the suggested filename from the download attribute.
+    String suggestedFilename = response.isAttachmentWithFilename() ? response.suggestedFilename() : networkDataTask.suggestedFilename();
+    suggestedFilename = MIMETypeRegistry::appendFileExtensionIfNecessary(suggestedFilename, response.mimeType());
+
     downloadProxyConnection()->send(Messages::DownloadProxy::DecideDestinationWithSuggestedFilenameAsync(networkDataTask.pendingDownloadID(), suggestedFilename), destinationID);
 }
 #endif
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/PluginProcess/unix/PluginControllerProxyUnix.cpp webkit2gtk-2.16.2/Source/WebKit2/PluginProcess/unix/PluginControllerProxyUnix.cpp
--- webkit2gtk-2.16.1/Source/WebKit2/PluginProcess/unix/PluginControllerProxyUnix.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/PluginProcess/unix/PluginControllerProxyUnix.cpp	2017-05-06 08:29:12.000000000 +0000
@@ -26,7 +26,7 @@
 #include "config.h"
 #include "PluginControllerProxy.h"
 
-#if ENABLE(PLUGIN_PROCESS)
+#if ENABLE(NETSCAPE_PLUGIN_API)
 
 #include <WebCore/NotImplemented.h>
 
@@ -51,4 +51,4 @@
 
 } // namespace WebKit
 
-#endif // ENABLE(PLUGIN_PROCESS)
+#endif // ENABLE(NETSCAPE_PLUGIN_API)
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/Shared/API/c/WKString.cpp webkit2gtk-2.16.2/Source/WebKit2/Shared/API/c/WKString.cpp
--- webkit2gtk-2.16.1/Source/WebKit2/Shared/API/c/WKString.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/Shared/API/c/WKString.cpp	2017-05-08 13:38:20.000000000 +0000
@@ -61,7 +61,7 @@
     unsigned unsignedBufferLength = std::min<size_t>(bufferLength, std::numeric_limits<unsigned>::max());
     auto substring = toImpl(stringRef)->stringView().substring(0, unsignedBufferLength);
 
-    substring.getCharactersWithUpconvert(static_cast<UChar*>(buffer));
+    substring.getCharactersWithUpconvert(reinterpret_cast<UChar*>(buffer));
     return substring.length();
 }
 
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/Shared/ChildProcess.cpp webkit2gtk-2.16.2/Source/WebKit2/Shared/ChildProcess.cpp
--- webkit2gtk-2.16.1/Source/WebKit2/Shared/ChildProcess.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/Shared/ChildProcess.cpp	2017-05-04 07:35:09.000000000 +0000
@@ -197,8 +197,9 @@
 {
 }
 
-void ChildProcess::didReceiveInvalidMessage(IPC::Connection&, IPC::StringReference, IPC::StringReference)
+void ChildProcess::didReceiveInvalidMessage(IPC::Connection&, IPC::StringReference messageReceiverName, IPC::StringReference messageName)
 {
+    WTFLogAlways("Received invalid message: '%s::%s'", messageReceiverName.toString().data(), messageName.toString().data());
     CRASH();
 }
 #endif
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/Shared/WebEventConversion.cpp webkit2gtk-2.16.2/Source/WebKit2/Shared/WebEventConversion.cpp
--- webkit2gtk-2.16.1/Source/WebKit2/Shared/WebEventConversion.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/Shared/WebEventConversion.cpp	2017-05-08 11:02:42.000000000 +0000
@@ -109,6 +109,15 @@
         m_eventNumber = webEvent.eventNumber();
         m_menuTypeForEvent = webEvent.menuTypeForEvent();
 #endif
+        m_modifierFlags = 0;
+        if (webEvent.shiftKey())
+            m_modifierFlags |= WebEvent::ShiftKey;
+        if (webEvent.controlKey())
+            m_modifierFlags |= WebEvent::ControlKey;
+        if (webEvent.altKey())
+            m_modifierFlags |= WebEvent::AltKey;
+        if (webEvent.metaKey())
+            m_modifierFlags |= WebEvent::MetaKey;
     }
 };
 
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/UIProcess/API/gtk/WebKitAutocleanups.h webkit2gtk-2.16.2/Source/WebKit2/UIProcess/API/gtk/WebKitAutocleanups.h
--- webkit2gtk-2.16.1/Source/WebKit2/UIProcess/API/gtk/WebKitAutocleanups.h	2017-03-20 09:15:39.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/UIProcess/API/gtk/WebKitAutocleanups.h	2017-05-08 08:54:28.000000000 +0000
@@ -80,7 +80,7 @@
 G_DEFINE_AUTOPTR_CLEANUP_FUNC (WebKitSecurityOrigin, webkit_security_origin_unref)
 G_DEFINE_AUTOPTR_CLEANUP_FUNC (WebKitUserScript, webkit_user_script_unref)
 G_DEFINE_AUTOPTR_CLEANUP_FUNC (WebKitUserStyleSheet, webkit_user_style_sheet_unref)
-G_DEFINE_AUTOPTR_CLEANUP_FUNC (WebKitWebsiteData, webkit_website_data_unref);
+G_DEFINE_AUTOPTR_CLEANUP_FUNC (WebKitWebsiteData, webkit_website_data_unref)
 G_DEFINE_AUTOPTR_CLEANUP_FUNC (WebKitWebViewSessionState, webkit_web_view_session_state_unref)
 
 #endif // __GI_SCANNER__
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/UIProcess/API/gtk/WebKitWebsiteData.cpp webkit2gtk-2.16.2/Source/WebKit2/UIProcess/API/gtk/WebKitWebsiteData.cpp
--- webkit2gtk-2.16.1/Source/WebKit2/UIProcess/API/gtk/WebKitWebsiteData.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/UIProcess/API/gtk/WebKitWebsiteData.cpp	2017-05-06 08:29:12.000000000 +0000
@@ -73,7 +73,9 @@
         WebsiteDataType::LocalStorage,
         WebsiteDataType::WebSQLDatabases,
         WebsiteDataType::IndexedDBDatabases,
+#if ENABLE(NETSCAPE_PLUGIN_API)
         WebsiteDataType::PlugInData,
+#endif
         WebsiteDataType::Cookies
     };
     return record.types.contains(typesSupported);
@@ -96,8 +98,10 @@
         returnValue |= WEBKIT_WEBSITE_DATA_WEBSQL_DATABASES;
     if (types.contains(WebsiteDataType::IndexedDBDatabases))
         returnValue |= WEBKIT_WEBSITE_DATA_INDEXEDDB_DATABASES;
+#if ENABLE(NETSCAPE_PLUGIN_API)
     if (types.contains(WebsiteDataType::PlugInData))
         returnValue |= WEBKIT_WEBSITE_DATA_PLUGIN_DATA;
+#endif
     if (types.contains(WebsiteDataType::Cookies))
         returnValue |= WEBKIT_WEBSITE_DATA_COOKIES;
     return static_cast<WebKitWebsiteDataTypes>(returnValue);
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/UIProcess/API/gtk/WebKitWebsiteDataManager.cpp webkit2gtk-2.16.2/Source/WebKit2/UIProcess/API/gtk/WebKitWebsiteDataManager.cpp
--- webkit2gtk-2.16.1/Source/WebKit2/UIProcess/API/gtk/WebKitWebsiteDataManager.cpp	2017-02-28 09:45:57.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/UIProcess/API/gtk/WebKitWebsiteDataManager.cpp	2017-05-06 08:29:14.000000000 +0000
@@ -641,8 +641,10 @@
         returnValue |= WebsiteDataType::WebSQLDatabases;
     if (types & WEBKIT_WEBSITE_DATA_INDEXEDDB_DATABASES)
         returnValue |= WebsiteDataType::IndexedDBDatabases;
+#if ENABLE(NETSCAPE_PLUGIN_API)
     if (types & WEBKIT_WEBSITE_DATA_PLUGIN_DATA)
         returnValue |= WebsiteDataType::PlugInData;
+#endif
     if (types & WEBKIT_WEBSITE_DATA_COOKIES)
         returnValue |= WebsiteDataType::Cookies;
     return returnValue;
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/UIProcess/Downloads/DownloadProxy.cpp webkit2gtk-2.16.2/Source/WebKit2/UIProcess/Downloads/DownloadProxy.cpp
--- webkit2gtk-2.16.1/Source/WebKit2/UIProcess/Downloads/DownloadProxy.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/UIProcess/Downloads/DownloadProxy.cpp	2017-05-08 10:31:38.000000000 +0000
@@ -154,6 +154,13 @@
     if (!m_processPool)
         return;
 
+#if !USE(NETWORK_SESSION)
+    // As per https://html.spec.whatwg.org/#as-a-download (step 2), the filename from the Content-Disposition header
+    // should override the suggested filename from the download attribute.
+    if (!m_suggestedFilename.isNull() && response.isAttachmentWithFilename())
+        m_suggestedFilename = String();
+#endif
+
     m_processPool->downloadClient().didReceiveResponse(m_processPool.get(), this, response);
 }
 
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/UIProcess/gtk/HardwareAccelerationManager.cpp webkit2gtk-2.16.2/Source/WebKit2/UIProcess/gtk/HardwareAccelerationManager.cpp
--- webkit2gtk-2.16.1/Source/WebKit2/UIProcess/gtk/HardwareAccelerationManager.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/UIProcess/gtk/HardwareAccelerationManager.cpp	2017-05-09 07:46:08.000000000 +0000
@@ -70,7 +70,7 @@
     }
 #endif
 
-#if PLATFORM(WAYLAND)
+#if PLATFORM(WAYLAND) && USE(EGL)
     if (PlatformDisplay::sharedDisplay().type() == PlatformDisplay::Type::Wayland) {
         if (!WaylandCompositor::singleton().isRunning()) {
             m_canUseHardwareAcceleration = false;
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/UIProcess/WebProcessPool.cpp webkit2gtk-2.16.2/Source/WebKit2/UIProcess/WebProcessPool.cpp
--- webkit2gtk-2.16.1/Source/WebKit2/UIProcess/WebProcessPool.cpp	2017-04-03 07:10:40.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/UIProcess/WebProcessPool.cpp	2017-05-08 09:04:16.000000000 +0000
@@ -1221,11 +1221,11 @@
 static WebProcessProxy* webProcessProxyFromConnection(IPC::Connection& connection, const Vector<RefPtr<WebProcessProxy>>& processes)
 {
     for (auto& process : processes) {
-        if (process->connection() == &connection)
+        if (process->hasConnection(connection))
             return process.get();
     }
 
-    // FIXME: Can this ever return null?
+    ASSERT_NOT_REACHED();
     return nullptr;
 }
 
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDeprecated.cpp webkit2gtk-2.16.2/Source/WebKit2/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDeprecated.cpp
--- webkit2gtk-2.16.1/Source/WebKit2/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDeprecated.cpp	2017-02-20 16:20:17.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDeprecated.cpp	2017-05-06 08:05:47.000000000 +0000
@@ -165,7 +165,7 @@
 #if ENABLE(MEDIA_CAPTURE)
     WebCore::JSMainThreadNullState state;
     WebCore::HTMLInputElement* item = WebKit::core(self);
-    return item->mediaCaptureType() != MediaCaptureTypeNone;
+    return item->mediaCaptureType() != WebCore::MediaCaptureTypeNone;
 #else
     UNUSED_PARAM(self);
     WEBKIT_WARN_FEATURE_NOT_PRESENT("Media Capture")
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/WebProcess/Plugins/PluginView.cpp webkit2gtk-2.16.2/Source/WebKit2/WebProcess/Plugins/PluginView.cpp
--- webkit2gtk-2.16.1/Source/WebKit2/WebProcess/Plugins/PluginView.cpp	2017-02-28 09:08:26.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/WebProcess/Plugins/PluginView.cpp	2017-05-08 14:14:02.000000000 +0000
@@ -775,7 +775,7 @@
     viewGeometryDidChange();
 }
 
-void PluginView::paint(GraphicsContext& context, const IntRect& /*dirtyRect*/)
+void PluginView::paint(GraphicsContext& context, const IntRect& /*dirtyRect*/, Widget::SecurityOriginPaintPolicy)
 {
     if (!m_plugin || !m_isInitialized || m_pluginElement->displayState() < HTMLPlugInElement::Restarting)
         return;
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/WebProcess/Plugins/PluginView.h webkit2gtk-2.16.2/Source/WebKit2/WebProcess/Plugins/PluginView.h
--- webkit2gtk-2.16.1/Source/WebKit2/WebProcess/Plugins/PluginView.h	2017-02-20 16:20:18.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/WebProcess/Plugins/PluginView.h	2017-05-08 14:14:02.000000000 +0000
@@ -170,7 +170,7 @@
 
     // WebCore::Widget
     void setFrameRect(const WebCore::IntRect&) override;
-    void paint(WebCore::GraphicsContext&, const WebCore::IntRect&) override;
+    void paint(WebCore::GraphicsContext&, const WebCore::IntRect&, WebCore::Widget::SecurityOriginPaintPolicy) override;
     void invalidateRect(const WebCore::IntRect&) override;
     void setFocus(bool) override;
     void frameRectsChanged() override;
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/WebProcess/Storage/StorageAreaMap.cpp webkit2gtk-2.16.2/Source/WebKit2/WebProcess/Storage/StorageAreaMap.cpp
--- webkit2gtk-2.16.1/Source/WebKit2/WebProcess/Storage/StorageAreaMap.cpp	2017-02-20 16:20:18.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/WebProcess/Storage/StorageAreaMap.cpp	2017-05-07 09:25:28.000000000 +0000
@@ -42,6 +42,7 @@
 #include <WebCore/Storage.h>
 #include <WebCore/StorageEventDispatcher.h>
 #include <WebCore/StorageMap.h>
+#include <WebCore/StorageType.h>
 
 using namespace WebCore;
 
@@ -70,7 +71,8 @@
     , m_hasPendingGetValues(false)
 {
     switch (m_storageType) {
-    case WebCore::LocalStorage:
+    case StorageType::Local:
+    case StorageType::TransientLocal:
         if (SecurityOrigin* topLevelOrigin = storageNamespace->topLevelOrigin())
             WebProcess::singleton().parentProcessConnection()->send(Messages::StorageManager::CreateTransientLocalStorageMap(m_storageMapID, storageNamespace->storageNamespaceID(), SecurityOriginData::fromSecurityOrigin(*topLevelOrigin), SecurityOriginData::fromSecurityOrigin(m_securityOrigin)), 0);
         else
@@ -78,9 +80,13 @@
 
         break;
 
-    case WebCore::SessionStorage:
+    case StorageType::Session:
         WebProcess::singleton().parentProcessConnection()->send(Messages::StorageManager::CreateSessionStorageMap(m_storageMapID, storageNamespace->storageNamespaceID(), SecurityOriginData::fromSecurityOrigin(m_securityOrigin)), 0);
         break;
+
+    case StorageType::EphemeralLocal:
+        // The UI process is not involved for EphemeralLocal storages.
+        return;
     }
 
     WebProcess::singleton().addMessageReceiver(Messages::StorageAreaMap::messageReceiverName(), m_storageMapID, *this);
@@ -88,8 +94,10 @@
 
 StorageAreaMap::~StorageAreaMap()
 {
-    WebProcess::singleton().parentProcessConnection()->send(Messages::StorageManager::DestroyStorageMap(m_storageMapID), 0);
-    WebProcess::singleton().removeMessageReceiver(Messages::StorageAreaMap::messageReceiverName(), m_storageMapID);
+    if (m_storageType != StorageType::EphemeralLocal) {
+        WebProcess::singleton().parentProcessConnection()->send(Messages::StorageManager::DestroyStorageMap(m_storageMapID), 0);
+        WebProcess::singleton().removeMessageReceiver(Messages::StorageAreaMap::messageReceiverName(), m_storageMapID);
+    }
 
     m_storageNamespace->didDestroyStorageAreaMap(*this);
 }
@@ -302,7 +310,7 @@
         applyChange(key, newValue);
     }
 
-    if (storageType() == SessionStorage)
+    if (storageType() == StorageType::Session)
         dispatchSessionStorageEvent(sourceStorageAreaID, key, oldValue, newValue, urlString);
     else
         dispatchLocalStorageEvent(sourceStorageAreaID, key, oldValue, newValue, urlString);
@@ -315,7 +323,7 @@
 
 void StorageAreaMap::dispatchSessionStorageEvent(uint64_t sourceStorageAreaID, const String& key, const String& oldValue, const String& newValue, const String& urlString)
 {
-    ASSERT(storageType() == SessionStorage);
+    ASSERT(storageType() == StorageType::Session);
 
     // Namespace IDs for session storage namespaces are equivalent to web page IDs
     // so we can get the right page here.
@@ -349,7 +357,7 @@
 
 void StorageAreaMap::dispatchLocalStorageEvent(uint64_t sourceStorageAreaID, const String& key, const String& oldValue, const String& newValue, const String& urlString)
 {
-    ASSERT(storageType() == LocalStorage);
+    ASSERT(isLocalStorage(storageType()));
 
     Vector<RefPtr<Frame>> frames;
 
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/WebProcess/Storage/StorageNamespaceImpl.cpp webkit2gtk-2.16.2/Source/WebKit2/WebProcess/Storage/StorageNamespaceImpl.cpp
--- webkit2gtk-2.16.1/Source/WebKit2/WebProcess/Storage/StorageNamespaceImpl.cpp	2017-02-20 16:20:18.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/WebProcess/Storage/StorageNamespaceImpl.cpp	2017-05-07 09:25:28.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,9 +31,11 @@
 #include "WebPage.h"
 #include "WebPageGroupProxy.h"
 #include "WebProcess.h"
+#include <WebCore/Frame.h>
 #include <WebCore/PageGroup.h>
 #include <WebCore/SecurityOrigin.h>
 #include <WebCore/Settings.h>
+#include <WebCore/StorageType.h>
 
 using namespace WebCore;
 
@@ -41,17 +43,22 @@
 
 RefPtr<StorageNamespaceImpl> StorageNamespaceImpl::createSessionStorageNamespace(uint64_t identifier, unsigned quotaInBytes)
 {
-    return adoptRef(new StorageNamespaceImpl(SessionStorage, identifier, nullptr, quotaInBytes));
+    return adoptRef(new StorageNamespaceImpl(StorageType::Session, identifier, nullptr, quotaInBytes));
+}
+
+RefPtr<StorageNamespaceImpl> StorageNamespaceImpl::createEphemeralLocalStorageNamespace(uint64_t identifier, unsigned quotaInBytes)
+{
+    return adoptRef(new StorageNamespaceImpl(StorageType::EphemeralLocal, identifier, nullptr, quotaInBytes));
 }
 
 RefPtr<StorageNamespaceImpl> StorageNamespaceImpl::createLocalStorageNamespace(uint64_t identifier, unsigned quotaInBytes)
 {
-    return adoptRef(new StorageNamespaceImpl(LocalStorage, identifier, nullptr, quotaInBytes));
+    return adoptRef(new StorageNamespaceImpl(StorageType::Local, identifier, nullptr, quotaInBytes));
 }
 
 RefPtr<StorageNamespaceImpl> StorageNamespaceImpl::createTransientLocalStorageNamespace(uint64_t identifier, WebCore::SecurityOrigin& topLevelOrigin, uint64_t quotaInBytes)
 {
-    return adoptRef(new StorageNamespaceImpl(LocalStorage, identifier, &topLevelOrigin, quotaInBytes));
+    return adoptRef(new StorageNamespaceImpl(StorageType::TransientLocal, identifier, &topLevelOrigin, quotaInBytes));
 }
 
 StorageNamespaceImpl::StorageNamespaceImpl(WebCore::StorageType storageType, uint64_t storageNamespaceID, WebCore::SecurityOrigin* topLevelOrigin, unsigned quotaInBytes)
@@ -73,6 +80,9 @@
 
 RefPtr<StorageArea> StorageNamespaceImpl::storageArea(const SecurityOriginData& securityOrigin)
 {
+    if (m_storageType == StorageType::EphemeralLocal)
+        return ephemeralLocalStorageArea(securityOrigin);
+
     RefPtr<StorageAreaMap> map;
 
     auto& slot = m_storageAreaMaps.add(securityOrigin, nullptr).iterator->value;
@@ -85,11 +95,125 @@
     return StorageAreaImpl::create(map.releaseNonNull());
 }
 
+class StorageNamespaceImpl::EphemeralStorageArea final : public StorageArea {
+public:
+    static Ref<EphemeralStorageArea> create(const SecurityOriginData& origin, unsigned quotaInBytes)
+    {
+        return adoptRef(*new EphemeralStorageArea(origin, quotaInBytes));
+    }
+
+    Ref<EphemeralStorageArea> copy()
+    {
+        return adoptRef(*new EphemeralStorageArea(*this));
+    }
+
+private:
+    EphemeralStorageArea(const SecurityOriginData& origin, unsigned quotaInBytes)
+        : m_securityOriginData(origin)
+        , m_storageMap(StorageMap::create(quotaInBytes))
+    {
+    }
+
+    EphemeralStorageArea(EphemeralStorageArea& other)
+        : m_securityOriginData(other.m_securityOriginData)
+        , m_storageMap(other.m_storageMap)
+    {
+    }
+
+    // WebCore::StorageArea.
+    unsigned length()
+    {
+        return m_storageMap->length();
+    }
+
+    String key(unsigned index)
+    {
+        return m_storageMap->key(index);
+    }
+
+    String item(const String& key)
+    {
+        return m_storageMap->getItem(key);
+    }
+
+    void setItem(Frame*, const String& key, const String& value, bool& quotaException)
+    {
+        String oldValue;
+        if (auto newMap = m_storageMap->setItem(key, value, oldValue, quotaException))
+            m_storageMap = WTFMove(newMap);
+    }
+
+    void removeItem(Frame*, const String& key)
+    {
+        String oldValue;
+        if (auto newMap = m_storageMap->removeItem(key, oldValue))
+            m_storageMap = WTFMove(newMap);
+    }
+
+    void clear(Frame*)
+    {
+        if (!m_storageMap->length())
+            return;
+
+        m_storageMap = StorageMap::create(m_storageMap->quota());
+    }
+
+    bool contains(const String& key)
+    {
+        return m_storageMap->contains(key);
+    }
+
+    bool canAccessStorage(Frame* frame)
+    {
+        return frame && frame->page();
+    }
+
+    StorageType storageType() const
+    {
+        return StorageType::EphemeralLocal;
+    }
+
+    size_t memoryBytesUsedByCache()
+    {
+        return 0;
+    }
+
+    void incrementAccessCount() { }
+    void decrementAccessCount() { }
+    void closeDatabaseIfIdle() { }
+
+    SecurityOriginData securityOrigin() const
+    {
+        return m_securityOriginData;
+    }
+
+    SecurityOriginData m_securityOriginData;
+    RefPtr<StorageMap> m_storageMap;
+};
+
+RefPtr<StorageArea> StorageNamespaceImpl::ephemeralLocalStorageArea(const SecurityOriginData& securityOrigin)
+{
+    auto& slot = m_ephemeralLocalStorageAreas.add(securityOrigin, nullptr).iterator->value;
+    if (!slot)
+        slot = StorageNamespaceImpl::EphemeralStorageArea::create(securityOrigin, m_quotaInBytes);
+
+    return slot.get();
+}
+
 RefPtr<StorageNamespace> StorageNamespaceImpl::copy(Page* newPage)
 {
     ASSERT(m_storageNamespaceID);
 
-    return createSessionStorageNamespace(WebPage::fromCorePage(newPage)->pageID(), m_quotaInBytes);
+    if (m_storageType == StorageType::Session)
+        return createSessionStorageNamespace(WebPage::fromCorePage(newPage)->pageID(), m_quotaInBytes);
+
+    ASSERT(m_storageType == StorageType::EphemeralLocal);
+    RefPtr<StorageNamespaceImpl> newNamespace = adoptRef(new StorageNamespaceImpl(m_storageType, m_storageNamespaceID, m_topLevelOrigin.get(), m_quotaInBytes));
+
+    for (auto& iter : m_ephemeralLocalStorageAreas)
+        newNamespace->m_ephemeralLocalStorageAreas.set(iter.key, iter.value->copy());
+
+    return newNamespace;
 }
 
 } // namespace WebKit
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/WebProcess/Storage/StorageNamespaceImpl.h webkit2gtk-2.16.2/Source/WebKit2/WebProcess/Storage/StorageNamespaceImpl.h
--- webkit2gtk-2.16.1/Source/WebKit2/WebProcess/Storage/StorageNamespaceImpl.h	2017-02-20 16:20:18.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/WebProcess/Storage/StorageNamespaceImpl.h	2017-05-07 09:25:28.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -28,6 +28,7 @@
 #include <WebCore/SecurityOriginData.h>
 #include <WebCore/SecurityOriginHash.h>
 #include <WebCore/StorageArea.h>
+#include <WebCore/StorageMap.h>
 #include <WebCore/StorageNamespace.h>
 #include <wtf/HashMap.h>
 
@@ -39,6 +40,7 @@
 class StorageNamespaceImpl : public WebCore::StorageNamespace {
 public:
     static RefPtr<StorageNamespaceImpl> createSessionStorageNamespace(uint64_t identifier, unsigned quotaInBytes);
+    static RefPtr<StorageNamespaceImpl> createEphemeralLocalStorageNamespace(uint64_t identifier, unsigned quotaInBytes);
     static RefPtr<StorageNamespaceImpl> createLocalStorageNamespace(uint64_t identifier, unsigned quotaInBytes);
     static RefPtr<StorageNamespaceImpl> createTransientLocalStorageNamespace(uint64_t identifier, WebCore::SecurityOrigin& topLevelOrigin, uint64_t quotaInBytes);
 
@@ -57,6 +59,8 @@
     RefPtr<WebCore::StorageArea> storageArea(const WebCore::SecurityOriginData&) override;
     RefPtr<WebCore::StorageNamespace> copy(WebCore::Page*) override;
 
+    RefPtr<WebCore::StorageArea> ephemeralLocalStorageArea(const WebCore::SecurityOriginData&);
+
     const WebCore::StorageType m_storageType;
     const uint64_t m_storageNamespaceID;
 
@@ -66,6 +70,9 @@
     const unsigned m_quotaInBytes;
 
     HashMap<WebCore::SecurityOriginData, StorageAreaMap*> m_storageAreaMaps;
+
+    class EphemeralStorageArea;
+    HashMap<WebCore::SecurityOriginData, RefPtr<EphemeralStorageArea>> m_ephemeralLocalStorageAreas;
 };
 
 } // namespace WebKit
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/WebProcess/Storage/WebStorageNamespaceProvider.cpp webkit2gtk-2.16.2/Source/WebKit2/WebProcess/Storage/WebStorageNamespaceProvider.cpp
--- webkit2gtk-2.16.1/Source/WebKit2/WebProcess/Storage/WebStorageNamespaceProvider.cpp	2017-02-20 16:20:18.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/WebProcess/Storage/WebStorageNamespaceProvider.cpp	2017-05-07 09:25:28.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -71,6 +71,11 @@
     return StorageNamespaceImpl::createSessionStorageNamespace(WebPage::fromCorePage(&page)->pageID(), quota);
 }
 
+RefPtr<WebCore::StorageNamespace> WebStorageNamespaceProvider::createEphemeralLocalStorageNamespace(Page& page, unsigned quota)
+{
+    return StorageNamespaceImpl::createEphemeralLocalStorageNamespace(WebPage::fromCorePage(&page)->pageID(), quota);
+}
+
 RefPtr<WebCore::StorageNamespace> WebStorageNamespaceProvider::createLocalStorageNamespace(unsigned quota)
 {
     return StorageNamespaceImpl::createLocalStorageNamespace(m_identifier, quota);
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/WebProcess/Storage/WebStorageNamespaceProvider.h webkit2gtk-2.16.2/Source/WebKit2/WebProcess/Storage/WebStorageNamespaceProvider.h
--- webkit2gtk-2.16.1/Source/WebKit2/WebProcess/Storage/WebStorageNamespaceProvider.h	2017-02-20 16:20:18.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/WebProcess/Storage/WebStorageNamespaceProvider.h	2017-05-07 09:25:28.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -39,6 +39,7 @@
     explicit WebStorageNamespaceProvider(uint64_t identifier);
 
     RefPtr<WebCore::StorageNamespace> createSessionStorageNamespace(WebCore::Page&, unsigned quota) override;
+    RefPtr<WebCore::StorageNamespace> createEphemeralLocalStorageNamespace(WebCore::Page&, unsigned quota) override;
     RefPtr<WebCore::StorageNamespace> createLocalStorageNamespace(unsigned quota) override;
     RefPtr<WebCore::StorageNamespace> createTransientLocalStorageNamespace(WebCore::SecurityOrigin&, unsigned quota) override;
 
diff -Nru webkit2gtk-2.16.1/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp webkit2gtk-2.16.2/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp
--- webkit2gtk-2.16.1/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp	2017-02-20 16:20:18.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp	2017-05-08 10:41:13.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -424,20 +424,24 @@
     webPage->send(Messages::WebPageProxy::DidStartProvisionalLoadForFrame(m_frame->frameID(), provisionalLoader.navigationID(), url, unreachableURL, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())));
 }
 
+static constexpr unsigned maxTitleLength = 1000; // Closest power of 10 above the W3C recommendation for Title length.
+
 void WebFrameLoaderClient::dispatchDidReceiveTitle(const StringWithDirection& title)
 {
     WebPage* webPage = m_frame->page();
     if (!webPage)
         return;
 
+    auto truncatedTitle = truncateFromEnd(title, maxTitleLength);
+    
     RefPtr<API::Object> userData;
 
     // Notify the bundle client.
     // FIXME: Use direction of title.
-    webPage->injectedBundleLoaderClient().didReceiveTitleForFrame(webPage, title.string, m_frame, userData);
+    webPage->injectedBundleLoaderClient().didReceiveTitleForFrame(webPage, truncatedTitle.string, m_frame, userData);
 
     // Notify the UIProcess.
-    webPage->send(Messages::WebPageProxy::DidReceiveTitleForFrame(m_frame->frameID(), title.string, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())));
+    webPage->send(Messages::WebPageProxy::DidReceiveTitleForFrame(m_frame->frameID(), truncatedTitle.string, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())));
 }
 
 void WebFrameLoaderClient::dispatchDidCommitLoad(std::optional<HasInsecureContent> hasInsecureContent)
diff -Nru webkit2gtk-2.16.1/Source/WTF/wtf/CMakeLists.txt webkit2gtk-2.16.2/Source/WTF/wtf/CMakeLists.txt
--- webkit2gtk-2.16.1/Source/WTF/wtf/CMakeLists.txt	2017-02-20 16:20:15.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WTF/wtf/CMakeLists.txt	2017-05-08 17:05:06.000000000 +0000
@@ -272,6 +272,12 @@
 set(WTF_INCLUDE_DIRECTORIES
     "${BMALLOC_DIR}"
     "${WTF_DIR}"
+    "${CMAKE_BINARY_DIR}"
+    "${DERIVED_SOURCES_DIR}"
+    "${THIRDPARTY_DIR}"
+)
+
+set(WTF_PRIVATE_INCLUDE_DIRECTORIES
     "${WTF_DIR}/wtf"
     "${WTF_DIR}/wtf/dtoa"
     "${WTF_DIR}/wtf/persistence"
@@ -279,9 +285,6 @@
     "${WTF_DIR}/wtf/text/icu"
     "${WTF_DIR}/wtf/threads"
     "${WTF_DIR}/wtf/unicode"
-    "${THIRDPARTY_DIR}"
-    "${CMAKE_BINARY_DIR}"
-    "${DERIVED_SOURCES_DIR}"
 )
 
 set(WTF_LIBRARIES
diff -Nru webkit2gtk-2.16.1/Source/WTF/wtf/NumberOfCores.cpp webkit2gtk-2.16.2/Source/WTF/wtf/NumberOfCores.cpp
--- webkit2gtk-2.16.1/Source/WTF/wtf/NumberOfCores.cpp	2017-02-27 08:03:42.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WTF/wtf/NumberOfCores.cpp	2017-05-06 08:30:23.000000000 +0000
@@ -26,6 +26,8 @@
 #include "config.h"
 #include "NumberOfCores.h"
 
+#include <cstdio>
+
 #if OS(DARWIN)
 #include <sys/param.h>
 // sys/types.h must come before sys/sysctl.h because the latter uses
diff -Nru webkit2gtk-2.16.1/Source/WTF/wtf/Platform.h webkit2gtk-2.16.2/Source/WTF/wtf/Platform.h
--- webkit2gtk-2.16.1/Source/WTF/wtf/Platform.h	2017-02-28 08:34:11.000000000 +0000
+++ webkit2gtk-2.16.2/Source/WTF/wtf/Platform.h	2017-05-06 10:26:28.000000000 +0000
@@ -673,7 +673,7 @@
 #endif
 
 #if !defined(USE_JSVALUE64) && !defined(USE_JSVALUE32_64)
-#if (CPU(X86_64) && (OS(UNIX) || OS(WINDOWS))) \
+#if (CPU(X86_64) && !defined(__ILP32__) && (OS(UNIX) || OS(WINDOWS))) \
     || (CPU(IA64) && !CPU(IA64_32)) \
     || CPU(ALPHA) \
     || CPU(ARM64) \
diff -Nru webkit2gtk-2.16.1/Tools/DumpRenderTree/TestRunner.cpp webkit2gtk-2.16.2/Tools/DumpRenderTree/TestRunner.cpp
--- webkit2gtk-2.16.1/Tools/DumpRenderTree/TestRunner.cpp	2017-02-20 16:20:19.000000000 +0000
+++ webkit2gtk-2.16.2/Tools/DumpRenderTree/TestRunner.cpp	2017-05-08 14:04:32.000000000 +0000
@@ -347,7 +347,10 @@
         return JSValueMakeUndefined(context);
 
     // FIXME (123058): Use a JSC API to get buffer contents once such is exposed.
-    JSC::JSArrayBufferView* jsBufferView = JSC::jsDynamicCast<JSC::JSArrayBufferView*>(toJS(context)->vm(), toJS(toJS(context), arguments[0]));
+    JSC::VM& vm = toJS(context)->vm();
+    JSC::JSLockHolder lock(vm);
+
+    JSC::JSArrayBufferView* jsBufferView = JSC::jsDynamicCast<JSC::JSArrayBufferView*>(vm, toJS(toJS(context), arguments[0]));
     ASSERT(jsBufferView);
     RefPtr<JSC::ArrayBufferView> bufferView = jsBufferView->unsharedImpl();
     const char* buffer = static_cast<const char*>(bufferView->baseAddress());
diff -Nru webkit2gtk-2.16.1/Tools/TestWebKitAPI/gtk/PlatformWebViewGtk.cpp webkit2gtk-2.16.2/Tools/TestWebKitAPI/gtk/PlatformWebViewGtk.cpp
--- webkit2gtk-2.16.1/Tools/TestWebKitAPI/gtk/PlatformWebViewGtk.cpp	2017-02-20 16:20:19.000000000 +0000
+++ webkit2gtk-2.16.2/Tools/TestWebKitAPI/gtk/PlatformWebViewGtk.cpp	2017-05-08 11:02:42.000000000 +0000
@@ -148,7 +148,7 @@
     doMouseButtonEvent(viewWidget, GDK_BUTTON_RELEASE, x, y, 3);
 }
 
-void PlatformWebView::simulateMouseMove(unsigned x, unsigned y)
+void PlatformWebView::simulateMouseMove(unsigned x, unsigned y, WKEventModifiers)
 {
     GUniquePtr<GdkEvent> event(gdk_event_new(GDK_MOTION_NOTIFY));
     event->motion.x = x;
diff -Nru webkit2gtk-2.16.1/Tools/TestWebKitAPI/PlatformWebView.h webkit2gtk-2.16.2/Tools/TestWebKitAPI/PlatformWebView.h
--- webkit2gtk-2.16.1/Tools/TestWebKitAPI/PlatformWebView.h	2017-02-20 16:20:19.000000000 +0000
+++ webkit2gtk-2.16.2/Tools/TestWebKitAPI/PlatformWebView.h	2017-05-08 11:02:45.000000000 +0000
@@ -72,7 +72,7 @@
     void simulateSpacebarKeyPress();
     void simulateAltKeyPress();
     void simulateRightClick(unsigned x, unsigned y);
-    void simulateMouseMove(unsigned x, unsigned y);
+    void simulateMouseMove(unsigned x, unsigned y, WKEventModifiers = 0);
 #if PLATFORM(MAC)
     void simulateButtonClick(WKEventMouseButton, unsigned x, unsigned y, WKEventModifiers);
 #endif
diff -Nru webkit2gtk-2.16.1/Tools/TestWebKitAPI/Tests/WebCore/ComplexTextController.cpp webkit2gtk-2.16.2/Tools/TestWebKitAPI/Tests/WebCore/ComplexTextController.cpp
--- webkit2gtk-2.16.1/Tools/TestWebKitAPI/Tests/WebCore/ComplexTextController.cpp	2017-02-28 09:05:27.000000000 +0000
+++ webkit2gtk-2.16.2/Tools/TestWebKitAPI/Tests/WebCore/ComplexTextController.cpp	2017-05-06 08:32:22.000000000 +0000
@@ -355,4 +355,37 @@
     EXPECT_NEAR(glyphBuffer.advanceAt(3).height(), 256 - 64, 0.0001);
 }
 
+TEST_F(ComplexTextControllerTest, TotalWidthWithJustification)
+{
+    FontCascadeDescription description;
+    description.setOneFamily("Times");
+    description.setComputedSize(80);
+    FontCascade font(description);
+    font.update();
+
+    Vector<FloatSize> advances = { FloatSize(1, 0), FloatSize(2, 0), FloatSize(4, 0), FloatSize(8, 0), FloatSize(16, 0) };
+#if USE_LAYOUT_SPECIFIC_ADVANCES
+    Vector<FloatPoint> origins = { FloatPoint(), FloatPoint(), FloatPoint(), FloatPoint(), FloatPoint() };
+#else
+    Vector<FloatPoint> origins = { };
+#endif
+
+    FloatSize initialAdvance = FloatSize();
+
+    UChar characters[] = { 0x644, ' ', 0x644, ' ', 0x644 };
+    size_t charactersLength = WTF_ARRAY_LENGTH(characters);
+    TextRun textRun(StringView(characters, charactersLength), 0, 14, DefaultExpansion, RTL);
+    auto run = ComplexTextController::ComplexTextRun::create(advances, origins, { 5, 6, 7, 8, 9 }, { 4, 3, 2, 1, 0 }, initialAdvance, font.primaryFont(), characters, 0, charactersLength, 0, 5, false);
+    Vector<Ref<ComplexTextController::ComplexTextRun>> runs;
+    runs.append(WTFMove(run));
+    ComplexTextController controller(font, textRun, runs);
+
+    EXPECT_NEAR(controller.totalWidth(), 1 + 20 + 7 + 4 + 20 + 7 + 16, 0.0001);
+    GlyphBuffer glyphBuffer;
+    EXPECT_NEAR(controller.runWidthSoFar(), 0, 0.0001);
+    controller.advance(5, &glyphBuffer);
+    EXPECT_EQ(glyphBuffer.size(), 5U);
+    EXPECT_NEAR(glyphBuffer.advanceAt(0).width() + glyphBuffer.advanceAt(1).width() + glyphBuffer.advanceAt(2).width() + glyphBuffer.advanceAt(3).width() + glyphBuffer.advanceAt(4).width(), controller.totalWidth(), 0.0001);
+}
+
 }
diff -Nru webkit2gtk-2.16.1/Tools/TestWebKitAPI/Tests/WebCore/URLParser.cpp webkit2gtk-2.16.2/Tools/TestWebKitAPI/Tests/WebCore/URLParser.cpp
--- webkit2gtk-2.16.1/Tools/TestWebKitAPI/Tests/WebCore/URLParser.cpp	2017-03-13 11:39:58.000000000 +0000
+++ webkit2gtk-2.16.2/Tools/TestWebKitAPI/Tests/WebCore/URLParser.cpp	2017-05-06 08:18:58.000000000 +0000
@@ -1298,6 +1298,7 @@
     checkURL(makeString("gopher://host/path?", withUmlauts, "#fragment"), "asdf://example.com/?doesntmatter", iso88591, {"gopher", "", "", "host", 0, "/path", "%DC%26%231072%3B%26%231105%3B", "fragment", "gopher://host/path?%DC%26%231072%3B%26%231105%3B#fragment"});
     checkURL(makeString("asdf://host/path?", withUmlauts, "#fragment"), "http://example.com/?doesntmatter", iso88591, {"asdf", "", "", "host", 0, "/path", "%C3%9C%D0%B0%D1%91", "fragment", "asdf://host/path?%C3%9C%D0%B0%D1%91#fragment"});
 
+    checkURL("http://host/?query=foo'bar", UTF8Encoding(), {"http", "", "", "host", 0, "/", "query=foo%27bar", "", "http://host/?query=foo%27bar"});
     // FIXME: Add more tests with other encodings and things like non-ascii characters, emoji and unmatched surrogate pairs.
 }
 
diff -Nru webkit2gtk-2.16.1/Tools/TestWebKitAPI/Tests/WebCore/UserAgentQuirks.cpp webkit2gtk-2.16.2/Tools/TestWebKitAPI/Tests/WebCore/UserAgentQuirks.cpp
--- webkit2gtk-2.16.1/Tools/TestWebKitAPI/Tests/WebCore/UserAgentQuirks.cpp	2017-02-20 16:20:19.000000000 +0000
+++ webkit2gtk-2.16.2/Tools/TestWebKitAPI/Tests/WebCore/UserAgentQuirks.cpp	2017-05-08 13:23:48.000000000 +0000
@@ -87,9 +87,12 @@
     uaString = standardUserAgentForURL(URL(ParsedURLString, "http://www.googleblog.com/"));
     EXPECT_FALSE(uaString.contains("Firefox"));
 
+    // Nor should it affect accounts.google.com due to bug #171770.
+    uaString = standardUserAgentForURL(URL(ParsedURLString, "http://accounts.google.com/"));
+    EXPECT_FALSE(uaString.contains("Firefox"));
+
     assertUserAgentForURLHasChromeBrowserQuirk("http://typekit.com/");
     assertUserAgentForURLHasChromeBrowserQuirk("http://typekit.net/");
-    assertUserAgentForURLHasChromeBrowserQuirk("http://www.youtube.com/");
     assertUserAgentForURLHasChromeBrowserQuirk("http://www.slack.com/");
 
     assertUserAgentForURLHasFirefoxBrowserQuirk("http://www.google.com/");
diff -Nru webkit2gtk-2.16.1/Tools/TestWebKitAPI/Tests/WebKit2/EventModifiers.cpp webkit2gtk-2.16.2/Tools/TestWebKitAPI/Tests/WebKit2/EventModifiers.cpp
--- webkit2gtk-2.16.1/Tools/TestWebKitAPI/Tests/WebKit2/EventModifiers.cpp	1970-01-01 00:00:00.000000000 +0000
+++ webkit2gtk-2.16.2/Tools/TestWebKitAPI/Tests/WebKit2/EventModifiers.cpp	2017-05-08 11:02:42.000000000 +0000
@@ -0,0 +1,82 @@
+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#if WK_HAVE_C_SPI
+
+#include "JavaScriptTest.h"
+#include "PlatformUtilities.h"
+#include "PlatformWebView.h"
+
+namespace TestWebKitAPI {
+
+static bool didFinishLoad { false };
+static bool mouseMoveCallbackFinished { false };
+
+static void didFinishLoadForFrame(WKPageRef, WKFrameRef, WKTypeRef, const void*)
+{
+    didFinishLoad = true;
+}
+
+static void mouseDidMoveOverElement(WKPageRef, WKHitTestResultRef, WKEventModifiers modifiers, WKTypeRef, const void*)
+{
+    EXPECT_EQ(modifiers, kWKEventModifiersControlKey);
+    mouseMoveCallbackFinished = true;
+}
+
+static void setClients(WKPageRef page)
+{
+    WKPageLoaderClientV0 loaderClient;
+    memset(&loaderClient, 0, sizeof(loaderClient));
+    loaderClient.base.version = 0;
+    loaderClient.didFinishLoadForFrame = didFinishLoadForFrame;
+    WKPageSetPageLoaderClient(page, &loaderClient.base);
+    
+    WKPageUIClientV1 uiClient;
+    memset(&uiClient, 0, sizeof(uiClient));
+    uiClient.base.version = 1;
+    uiClient.mouseDidMoveOverElement = mouseDidMoveOverElement;
+    WKPageSetPageUIClient(page, &uiClient.base);
+}
+
+TEST(WebKit2, EventModifiers)
+{
+    WKRetainPtr<WKContextRef> context = adoptWK(WKContextCreate());
+    
+    PlatformWebView webView(context.get());
+    setClients(webView.page());
+    
+    WKRetainPtr<WKURLRef> url(AdoptWK, Util::createURLForResource("simple", "html"));
+    WKPageLoadURL(webView.page(), url.get());
+    Util::run(&didFinishLoad);
+    
+    webView.simulateMouseMove(10, 10, kWKEventModifiersControlKey);
+    Util::run(&mouseMoveCallbackFinished);
+}
+
+} // namespace TestWebKitAPI
+
+#endif
diff -Nru webkit2gtk-2.16.1/Tools/TestWebKitAPI/Tests/WebKit2/LimitTitleSize.cpp webkit2gtk-2.16.2/Tools/TestWebKitAPI/Tests/WebKit2/LimitTitleSize.cpp
--- webkit2gtk-2.16.1/Tools/TestWebKitAPI/Tests/WebKit2/LimitTitleSize.cpp	1970-01-01 00:00:00.000000000 +0000
+++ webkit2gtk-2.16.2/Tools/TestWebKitAPI/Tests/WebKit2/LimitTitleSize.cpp	2017-05-08 10:41:11.000000000 +0000
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#if WK_HAVE_C_SPI
+
+#include "PlatformUtilities.h"
+#include "PlatformWebView.h"
+#include "Test.h"
+#include <WebKit/WKRetainPtr.h>
+
+namespace TestWebKitAPI {
+
+static bool waitUntilLongTitleReceived = false;
+static bool didFinishLoad = false;
+static size_t maxTitleLength = 4096;
+
+static void didFinishLoadForFrame(WKPageRef page, WKFrameRef frame, WKTypeRef userData, const void* clientInfo)
+{
+    didFinishLoad = true;
+}
+
+static void didReceiveTitleForFrame(WKPageRef page, WKStringRef title, WKFrameRef, WKTypeRef, const void*)
+{
+    WKStringRef titleString = (WKStringRef)title;
+    
+    if (WKStringIsEqualToUTF8CString(titleString, "Original Short Title"))
+        return;
+
+    EXPECT_LE(WKStringGetLength(titleString), maxTitleLength);
+    waitUntilLongTitleReceived = true;
+}
+
+TEST(WebKit2, LimitTitleSize)
+{
+    WKRetainPtr<WKContextRef> context(AdoptWK, WKContextCreate());
+    PlatformWebView webView(context.get());
+
+    WKPageLoaderClientV0 loaderClient;
+    memset(&loaderClient, 0, sizeof(loaderClient));
+
+    loaderClient.base.version = 0;
+    loaderClient.didReceiveTitleForFrame = didReceiveTitleForFrame;
+    loaderClient.didFinishLoadForFrame = didFinishLoadForFrame;
+
+    WKPageSetPageLoaderClient(webView.page(), &loaderClient.base);
+
+    WKRetainPtr<WKURLRef> url(AdoptWK, Util::createURLForResource("set-long-title", "html"));
+
+    WKPageLoadURL(webView.page(), url.get());
+    Util::run(&waitUntilLongTitleReceived);
+}
+
+} // namespace TestWebKitAPI
+
+#endif
diff -Nru webkit2gtk-2.16.1/Tools/TestWebKitAPI/Tests/WebKit2/set-long-title.html webkit2gtk-2.16.2/Tools/TestWebKitAPI/Tests/WebKit2/set-long-title.html
--- webkit2gtk-2.16.1/Tools/TestWebKitAPI/Tests/WebKit2/set-long-title.html	1970-01-01 00:00:00.000000000 +0000
+++ webkit2gtk-2.16.2/Tools/TestWebKitAPI/Tests/WebKit2/set-long-title.html	2017-05-08 10:41:11.000000000 +0000
@@ -0,0 +1,10 @@
+<html>
+<head>
+<title>Original Short Title</title>
+</head>
+<body>
+<script>
+document.title = Array(8096).join(String.fromCharCode(0x8181));
+</script>
+</body>
+</html>
\ No newline at end of file
diff -Nru webkit2gtk-2.16.1/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestUIClient.cpp webkit2gtk-2.16.2/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestUIClient.cpp
--- webkit2gtk-2.16.1/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestUIClient.cpp	2017-04-03 13:04:48.000000000 +0000
+++ webkit2gtk-2.16.2/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestUIClient.cpp	2017-05-08 16:41:06.000000000 +0000
@@ -298,11 +298,11 @@
         return m_mouseTargetHitTestResult.get();
     }
 
-    void simulateUserInterqaction()
+    void simulateUserInteraction()
     {
-        mouseMoveTo(1, 1);
-        keyStroke(GDK_KEY_Down);
-        keyStroke(GDK_KEY_Up);
+        runJavaScriptAndWaitUntilFinished("document.getElementById('testInput').focus()", nullptr);
+        keyStroke(GDK_KEY_a);
+        keyStroke(GDK_KEY_b);
         while (gtk_events_pending())
             gtk_main_iteration();
     }
@@ -535,7 +535,7 @@
     static const char* jsConfirmFormat = "do { confirmed = confirm('%s'); } while (!confirmed); alert('confirmed');";
     static const char* jsPromptFormat = "alert(prompt('%s', 'default'));";
     static const char* htmlOnBeforeUnloadFormat =
-        "<html><body onbeforeunload=\"return beforeUnloadHandler();\"><script>function beforeUnloadHandler() { return \"%s\"; }</script></body></html>";
+        "<html><body onbeforeunload=\"return beforeUnloadHandler();\"><input id=\"testInput\" type=\"text\"></input><script>function beforeUnloadHandler() { return \"%s\"; }</script></body></html>";
 
     test->m_scriptDialogType = WEBKIT_SCRIPT_DIALOG_ALERT;
     GUniquePtr<char> alertDialogMessage(g_strdup_printf(jsAlertFormat, kAlertDialogMessage));
@@ -568,7 +568,7 @@
 
     // Reload should trigger onbeforeunload.
 #if 0
-    test->simulateUserInterqaction();
+    test->simulateUserInteraction();
     // FIXME: reloading HTML data doesn't emit finished load event.
     // See https://bugs.webkit.org/show_bug.cgi?id=139089.
     test->m_scriptDialogConfirmed = false;
@@ -578,7 +578,7 @@
 #endif
 
     // Navigation should trigger onbeforeunload.
-    test->simulateUserInterqaction();
+    test->simulateUserInteraction();
     test->m_scriptDialogConfirmed = false;
     test->loadHtml("<html></html>", nullptr);
     test->waitUntilLoadFinished();
@@ -588,7 +588,7 @@
     test->m_scriptDialogConfirmed = false;
     test->loadHtml(beforeUnloadDialogHTML.get(), nullptr);
     test->waitUntilLoadFinished();
-    test->simulateUserInterqaction();
+    test->simulateUserInteraction();
     test->tryCloseAndWaitUntilClosed();
     g_assert(test->m_scriptDialogConfirmed);
 
diff -Nru webkit2gtk-2.16.1/Tools/WebKitTestRunner/gtk/TestControllerGtk.cpp webkit2gtk-2.16.2/Tools/WebKitTestRunner/gtk/TestControllerGtk.cpp
--- webkit2gtk-2.16.1/Tools/WebKitTestRunner/gtk/TestControllerGtk.cpp	2017-02-20 16:20:19.000000000 +0000
+++ webkit2gtk-2.16.2/Tools/WebKitTestRunner/gtk/TestControllerGtk.cpp	2017-05-08 14:03:23.000000000 +0000
@@ -48,7 +48,7 @@
             g_source_set_ready_time(static_cast<GSource*>(userData), -1);
             fprintf(stderr, "FAIL: TestControllerRunLoop timed out.\n");
             RunLoop::main().stop();
-            return G_SOURCE_CONTINUE;
+            return G_SOURCE_REMOVE;
         }, source.get(), nullptr);
         g_source_attach(source.get(), nullptr);
     }