Sounds like it could be another XSS auditor issue: > Refused to execute a JavaScript script. Source code of script found within request It'd be great if these errors mentioned the URL that they relate to.

This issue is triggered because of the HTML Base element: <base href="http://forum.dvdtalk.com/" /> XSSAuditor thinks this is an attack because the URL of the Base element appears in the URL of the page (say http://forum.dvdtalk.com/dvd-talk-3/). A check in XSSAuditor::canSetBaseElementURL (line: m_frame->document()->url().baseAsString() != baseElementURL.baseAsString()) is insufficient. Working on patch. (In reply to comment #0) > The forum's on the site load a css from: > > @import url("clientscript/vbulletin_css/style-bbed93be-00019.css"); > > r45752+ generates a file not found and the css doesn't render when it tries to > load the path: > > http://forum.dvdtalk.com/forum-feedback-support-4/clientscript/vbulletin_css/style-bbed93be-00019.css > > r45702 and earlier does render correctly and looks for the path: > > http://forum.dvdtalk.com/clientscript/vbulletin_css/style-bbed93be-00019.css

Created attachment 32631 [details] Patch with test

*** Bug 27185 has been marked as a duplicate of this bug. ***

*** Bug 27194 has been marked as a duplicate of this bug. ***

Sending LayoutTests/ChangeLog Adding LayoutTests/http/tests/security/xssAuditor/base-href-safe3-expected.txt Adding LayoutTests/http/tests/security/xssAuditor/base-href-safe3.html Adding LayoutTests/http/tests/security/xssAuditor/resources/base-href/base-href-safe3.html Sending WebCore/ChangeLog Sending WebCore/page/XSSAuditor.cpp Transmitting file data ...... Committed revision 45763. http://trac.webkit.org/changeset/45763