url schemes that are listed as noAccess block access from javascripts to inline stylesheets. The description of the noAccess feature suggests that javascripts in such a document should be allowed to access itself. This is also an issue in Chrome, see http://code.google.com/p/chromium/issues/detail?id=29422
Created attachment 44516 [details] test case The following html file is a small test case. The javascript announces the number of CSS rules found in the inline css stylesheet. When you encode this file as a data: link, the variable rules will be null and rules.length results into an error: data:text/html;base64,PGh0bWw+CiAgPHN0eWxlPgogICAgYm9keSB7CiAgICAgIGJhY2tncm91bmQ6IGdyZWVuOwogICAgfQogIDwvc3R5bGU+CiAgPGJvZHk+CiAgICA8c2NyaXB0PgogICAgICB2YXIgc3R5bGVzaGVldHMgPSBkb2N1bWVudC5zdHlsZVNoZWV0czsKICAgICAgdmFyIHN0eWxlc2hlZXQgPSBzdHlsZXNoZWV0c1tzdHlsZXNoZWV0cy5sZW5ndGgtMV07CiAgICAgIHZhciBydWxlcyA9IHN0eWxlc2hlZXQuY3NzUnVsZXM7CiAgICAgIGFsZXJ0KHJ1bGVzLmxlbmd0aCArICcgcnVsZXMgZm91bmQnKTsKICAgIDwvc2NyaXB0PgogIDwvYm9keT4KPC9odG1sPgo=
This is likely a regression from my patch in this area. I'll look at this unless someone beats me to it.
Created attachment 51990 [details] Patch
Comment on attachment 51990 [details] Patch The test covers the isEmpty case, but does not cover cases where baseURL != finalURL. Since you are making both changes, I think we need to test both.
> The test covers the isEmpty case, but does not cover cases where baseURL != > finalURL. Since you are making both changes, I think we need to test both. Looking at the implementation of baseURL(), I think the only case where they are different is when finalURL is empty: http://trac.webkit.org/browser/trunk/WebCore/css/StyleBase.cpp#L51
Comment on attachment 51990 [details] Patch Thanks.
Comment on attachment 51990 [details] Patch Clearing flags on attachment: 51990 Committed r61391: <http://trac.webkit.org/changeset/61391>
All reviewed patches have been landed. Closing bug.