Also shown on https://bugreport.apple.com/cgi-bin/WebObjects/RadarWeb.woa/3/wo/vIeBNGYXJSOQXAzfd0WURM/4.27

Seemed to happen during Security Update / 10.4.5 update

Confirming bug (tested on my PB G4 already). Reporter mentioned this happens on Safari 2.0.3 (417.8) on 10.4.5 so changing Version to 417.x. Reporter noted that this behavior started with either the Mac OS X 10.4.5 update or Security Update 2006-001 that followed shortly thereafter. About the Mac OS X 10.4.5 Update (delta) http://docs.info.apple.com/article.html?artnum=303179 About Security Update 2006-001 http://docs.info.apple.com/article.html?artnum=303382

Neil, the URL you provided in Comment #1 isn't going to work for anyone else. You need to list the "Radar" bug number assigned to the issue here. It probably starts with "4" and has 7 digits.

Adding Regression keyword since this apparently is a regression from earlier versions of Mac OS X. Also adding HasReduction since the reduction is available. The reporter said that this code works in Firefox 1.5.0.1, but I can't seem to get it to work now. Perhaps this isn't a bug after all? Firefox throws a permission denied error....

Cross-site XMLHttpRequests aren't allowed, the script should be from the same domain that the request URI has. WebKit specifically allows scripts running from local files to make any request; this is needed for Dashboard widgets. Firefox raises an exception on attempts to use cross-site requests, unless the script is signed and granted special privileges. WebKit simply ignores such attempts, which is a known bug (it should also raise an exception).

Radar bug is 4474958 This also works in Firefox for me with no security differences

This does not work in the latest FireFox either. As far as I can tell this is correct behavior. Resolving Radar as well.

Mass moving XML DOM bugs to the "DOM" Component.