RESOLVED FIXED 225716
Unable to use 'data:application/javascript' url for Worker 
https://bugs.webkit.org/show_bug.cgi?id=225716
Summary Unable to use 'data:application/javascript' url for Worker
nkronlage
Reported 2021-05-12 13:44:47 PDT
Using `new Worker('data:application/javascript,...')` results in 'SecurityError: The operation is insecure.'. I'm able to create a Worker using a Blob to that same string, so it's not clear why this method is not allowed. Chrome and Firefox both allow this. Live repro: https://jsfiddle.net/3dn86s1h/ Code: const code = 'postMessage("foo")'; const type = 'application/javascript'; const worker1 = new Worker(URL.createObjectURL(new Blob([code], { type }))); worker1.onmessage = function(e) { document.body.insertAdjacentHTML('beforeend', 'worker1 returned: ' + e.data + '<br>'); }; const worker2 = new Worker(`data:${type},${code}`); worker2.onmessage = function(e) { document.body.insertAdjacentHTML('beforeend', 'worker2 returned: ' + e.data + '<br>'); }; Expected: Document body shows results from both worker 1 and worker 2. Actual: Only Worker 1's results show in the body. Worker 2 threw 'SecurityError: The operation is insecure.'
Attachments
Patch (13.75 KB, patch)
2021-07-05 01:56 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (20.08 KB, patch)
2021-07-05 06:38 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-05-19 13:45:15 PDT
<rdar://problem/78222538>
youenn fablet
Comment 2 2021-07-05 01:56:39 PDT
Created attachment 432875 [details] Patch
youenn fablet
Comment 3 2021-07-05 06:38:14 PDT
Created attachment 432880 [details] Patch
EWS
Comment 4 2021-07-06 12:02:11 PDT
Committed r279602 (239426@main): <https://commits.webkit.org/239426@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 432880 [details].
Note You need to log in before you can comment on or make changes to this bug.