Using `new Worker('data:application/javascript,...')` results in 'SecurityError: The operation is insecure.'. I'm able to create a Worker using a Blob to that same string, so it's not clear why this method is not allowed. Chrome and Firefox both allow this. Live repro: https://jsfiddle.net/3dn86s1h/ Code: const code = 'postMessage("foo")'; const type = 'application/javascript'; const worker1 = new Worker(URL.createObjectURL(new Blob([code], { type }))); worker1.onmessage = function(e) { document.body.insertAdjacentHTML('beforeend', 'worker1 returned: ' + e.data + '<br>'); }; const worker2 = new Worker(`data:${type},${code}`); worker2.onmessage = function(e) { document.body.insertAdjacentHTML('beforeend', 'worker2 returned: ' + e.data + '<br>'); }; Expected: Document body shows results from both worker 1 and worker 2. Actual: Only Worker 1's results show in the body. Worker 2 threw 'SecurityError: The operation is insecure.'
<rdar://problem/78222538>
Created attachment 432875 [details] Patch
Created attachment 432880 [details] Patch
Committed r279602 (239426@main): <https://commits.webkit.org/239426@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 432880 [details].