I have two XML pages. The first one, test.xml contains one line: <?xml version="1.0" encoding="utf-8"?><?xml-stylesheet href="test2.xml" type="text/xsl"?><root /> The second, test2.xml is a simple XSLT stylesheet that generates an HTML page containing javascript. The javascript in the page attempts to download another copy of test2.xml using XMLHttpRequest. However, it gets a permission denied error, presumably because the result of the XSLT transformation in the original XML file has lost its connection to the domain name of the server from which the files were downloaded. <?xml version="1.0" encoding="utf-8"?> <xsl:transform xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"> <xsl:output method="html" omit-xml-declaration="yes"/> <xsl:template match="/root"> <html> <script type="text/javascript"> var xmlhttp = new XMLHttpRequest(); xmlhttp.open("GET",location.href,true); xmlhttp.send(""); alert("ok"); </script> </html> </xsl:template> </xsl:transform> Neither IE 6/7 or Firefox 1/2 have a problem running this code. Tests were performed using the Webkit nightly downloaded 10 Nov 2006.
Confirmed as a regression. See also: bug 5219 (a similar problem with document.URL that was fixed).
Fixed by Alice in r18301.