Bug 225716

Using `new Worker('data:application/javascript,...')` results in 'SecurityError: The operation is insecure.'. I'm able to create a Worker using a Blob to that same string, so it's not clear why this method is not allowed. Chrome and Firefox both allow this. Live repro: https://jsfiddle.net/3dn86s1h/ Code: const code = 'postMessage("foo")'; const type = 'application/javascript'; const worker1 = new Worker(URL.createObjectURL(new Blob([code], { type }))); worker1.onmessage = function(e) { document.body.insertAdjacentHTML('beforeend', 'worker1 returned: ' + e.data + '<br>'); }; const worker2 = new Worker(`data:${type},${code}`); worker2.onmessage = function(e) { document.body.insertAdjacentHTML('beforeend', 'worker2 returned: ' + e.data + '<br>'); }; Expected: Document body shows results from both worker 1 and worker 2. Actual: Only Worker 1's results show in the body. Worker 2 threw 'SecurityError: The operation is insecure.'