Created attachment 78666 [details]
Patch

This code looks to have been added in http://trac.webkit.org/changeset/19952, which doesn't explain why this optimization is necessary.

There might be more information in rdar://problem/4922454, but I can't see it.

(In reply to comment #3)
> There might be more information in rdar://problem/4922454, but I can't see it.

That’s a security bug, so I can give some details here, but probably best to do so in a security-sensitive bug.

I'm marking this bug as security sensitive, not because this issue reflects a security issue but so we can discuss the original motivation for the code we're changing.

Radar bug 4922454 was about http-protocol HTML files being able to load file-protocol scripts. The information in Radar does not any insight into why the fix included the optimized path.

Sorry, didn’t mean to be a tease. I suppose this really isn’t all that security-sensitive. I was rushing and doing multiple things at once and really noticed only that the classification was security.

Thanks for looking in rdar.  I'm going to move this back to non-sensitive so the commit-queue can land the patch.

Comment on attachment 78666 [details]
Patch

Clearing flags on attachment: 78666

Committed r75664: <http://trac.webkit.org/changeset/75664>

All reviewed patches have been landed.  Closing bug.