HTMLFrameElementBase has a function, isURLAllowed, that takes an AtomicString argument. But it is always called with the value from m_URL, and it should use that directly rather than taking an argument so we can make m_URL private.
Created attachment 34962 [details] patch
http://trac.webkit.org/changeset/47354