Created attachment 65942 [details] Patch

Created attachment 65946 [details] Patch Fixed some formatting issues in the layout test.

Comment on attachment 65946 [details] Patch Rejecting patch 65946 from commit-queue. Failed to run "['WebKitTools/Scripts/run-webkit-tests', '--no-launch-safari', '--exit-after-n-failures=1', '--wait-for-httpd', '--ignore-tests', 'compositing,media', '--quiet']" exit_code: 1 Running build-dumprendertree Compiling Java tests make: Nothing to be done for `default'. Running tests from /Users/eseidel/Projects/CommitQueue/LayoutTests Testing 20871 test cases. fast/loader/recursive-before-unload-crash.html -> failed Exiting early after 1 failures. 14296 tests run. 364.51s total testing time 14295 test cases (99%) succeeded 1 test case (<1%) had incorrect layout 1 test case (<1%) had stderr output Full output: http://queues.webkit.org/results/3881173

Committed r66496: <http://trac.webkit.org/changeset/66496>

Could you please document the reason for this change for posterity? Is this matching other browsers and/or HTML5? Are there known Web pages affected by this problem?

Sorry for the lack of explanation. I ran into this bug while implementing @srcdoc and testing with local URLs. The problem is that we were blocking local sub-frame loads from a local frame with no referrer. (The layout test demonstrates this by adding a child file: frame to an about:blank frame on a file: URL.) I couldn't find any spec on this case (local URL behavior is grossly under-specified). So, I verified that both Firefox and IE allow the access, and that in all other cases we use the parent document's origin for access checking. Based on that, both Nate and I decided it was a bug. I doubt anyone is hitting this now because it's such an odd corner case. However, it would be hit more often once srcdoc lands.