1 files changed, 24 insertions, 21 deletions

diff --git a/WebCore/page/SecurityOrigin.cpp b/WebCore/page/SecurityOrigin.cpp
index b44a35e..6001983 100644
--- a/WebCore/page/SecurityOrigin.cpp
+++ b/WebCore/page/SecurityOrigin.cpp
@@ -125,7 +125,7 @@ PassRefPtr<SecurityOrigin> SecurityOrigin::create(const KURL& url, SandboxFlags
     if (!url.isValid())
         return adoptRef(new SecurityOrigin(KURL(), sandboxFlags));
 #if ENABLE(BLOB)
-    if (url.protocolIs("blob"))
+    if (url.protocolIs(BlobURL::blobProtocol()))
         return adoptRef(new SecurityOrigin(BlobURL::getOrigin(url), sandboxFlags));
 #endif
     return adoptRef(new SecurityOrigin(url, sandboxFlags));
@@ -240,7 +240,7 @@ bool SecurityOrigin::canRequest(const KURL& url) const
     bool doUniqueOriginCheck = true;
 #if ENABLE(BLOB)
     // For blob scheme, we want to ignore this check.
-    doUniqueOriginCheck = !url.protocolIs("blob");
+    doUniqueOriginCheck = !url.protocolIs(BlobURL::blobProtocol());
 #endif
     if (doUniqueOriginCheck && targetOrigin->isUnique())
         return false;
@@ -284,32 +284,35 @@ bool SecurityOrigin::isAccessWhiteListed(const SecurityOrigin* targetOrigin) con
     return false;
 }
   
-bool SecurityOrigin::canDisplay(const KURL& url, const String& referrer, Document* document)
+bool SecurityOrigin::canDisplay(const KURL& url) const
 {
 #if ENABLE(BLOB)
-    if (url.protocolIs("blob") && document) {
-        SecurityOrigin* documentOrigin = document->securityOrigin();
-        RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url);
-        return documentOrigin->isSameSchemeHostPort(targetOrigin.get());
-    }
+    if (url.protocolIs(BlobURL::blobProtocol()))
+        return canRequest(url);
 #endif
 
+    if (!restrictAccessToLocal())
+        return true;
+
     if (!SchemeRegistry::shouldTreatURLAsLocal(url.string()))
         return true;
 
-    // If we were provided a document, we first check if the access has been white listed.
-    // Then we let its local file police dictate the result.
-    // Otherwise we allow local loads only if the supplied referrer is also local.
-    if (document) {
-        SecurityOrigin* documentOrigin = document->securityOrigin();
-        RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url);
-        if (documentOrigin->isAccessWhiteListed(targetOrigin.get()))
-            return true;
-        return documentOrigin->canLoadLocalResources();
-    }
-    if (!referrer.isEmpty())
-        return SchemeRegistry::shouldTreatURLAsLocal(referrer);
-    return false;
+    RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url);
+    if (isAccessWhiteListed(targetOrigin.get()))
+        return true;
+
+    return canLoadLocalResources();
+}
+
+bool SecurityOrigin::deprecatedCanDisplay(const String& referrer, const KURL& url)
+{
+    if (!restrictAccessToLocal())
+        return true;
+
+    if (!SchemeRegistry::shouldTreatURLAsLocal(url.string()))
+        return true;
+
+    return SchemeRegistry::shouldTreatURLAsLocal(referrer);
 }
 
 void SecurityOrigin::grantLoadLocalResources()