1 files changed, 14 insertions, 7 deletions

diff --git a/WebCore/page/SecurityOrigin.cpp b/WebCore/page/SecurityOrigin.cpp
index fd8144f..a1863c9 100644
--- a/WebCore/page/SecurityOrigin.cpp
+++ b/WebCore/page/SecurityOrigin.cpp
@@ -58,14 +58,15 @@ SecurityOrigin::SecurityOrigin(const KURL& url)
     , m_host(url.host().isNull() ? "" : url.host().lower())
     , m_port(url.port())
     , m_noAccess(false)
+    , m_universalAccess(false)
     , m_domainWasSetInDOM(false)
 {
     // These protocols do not create security origins; the owner frame provides the origin
     if (m_protocol == "about" || m_protocol == "javascript")
         m_protocol = "";
 
-    // data: URLs are not allowed access to anything other than themselves.
-    if (m_protocol == "data")
+    // Some URLs are not allowed access to anything other than themselves.
+    if (FrameLoader::shouldTreatURLSchemeAsNoAccess(m_protocol))
         m_noAccess = true;
 
     // document.domain starts as m_host, but can be set by the DOM.
@@ -84,6 +85,7 @@ SecurityOrigin::SecurityOrigin(const SecurityOrigin* other)
     , m_domain(other->m_domain.copy())
     , m_port(other->m_port)
     , m_noAccess(other->m_noAccess)
+    , m_universalAccess(other->m_universalAccess)
     , m_domainWasSetInDOM(other->m_domainWasSetInDOM)
     , m_canLoadLocalResources(other->m_canLoadLocalResources)
 {
@@ -119,7 +121,7 @@ void SecurityOrigin::setDomainFromDOM(const String& newDomain)
 
 bool SecurityOrigin::canAccess(const SecurityOrigin* other) const
 {  
-    if (isLocal())
+    if (m_universalAccess)
         return true;
 
     if (m_noAccess || other->m_noAccess)
@@ -160,7 +162,7 @@ bool SecurityOrigin::canAccess(const SecurityOrigin* other) const
 
 bool SecurityOrigin::canRequest(const KURL& url) const
 {
-    if (isLocal())
+    if (m_universalAccess)
         return true;
 
     if (m_noAccess)
@@ -184,9 +186,14 @@ void SecurityOrigin::grantLoadLocalResources()
     m_canLoadLocalResources = true;
 }
 
+void SecurityOrigin::grantUniversalAccess()
+{
+    m_universalAccess = true;
+}
+
 bool SecurityOrigin::isLocal() const
 {
-    return FrameLoader::shouldTreatSchemeAsLocal(m_protocol);
+    return FrameLoader::shouldTreatURLSchemeAsLocal(m_protocol);
 }
 
 bool SecurityOrigin::isSecureTransitionTo(const KURL& url) const
@@ -211,7 +218,7 @@ String SecurityOrigin::toString() const
         return String("file://");
 
     Vector<UChar> result;
-    result.reserveCapacity(m_protocol.length() + m_host.length() + 10);
+    result.reserveInitialCapacity(m_protocol.length() + m_host.length() + 10);
     append(result, m_protocol);
     append(result, "://");
     append(result, m_host);
@@ -259,7 +266,7 @@ PassRefPtr<SecurityOrigin> SecurityOrigin::createFromDatabaseIdentifier(const St
     // Split out the 3 sections of data
     String protocol = databaseIdentifier.substring(0, separator1);
     String host = databaseIdentifier.substring(separator1 + 1, separator2 - separator1 - 1);
-    return create(KURL(protocol + "://" + host + ":" + String::number(port)));
+    return create(KURL(KURL(), protocol + "://" + host + ":" + String::number(port)));
 }
 
 String SecurityOrigin::databaseIdentifier() const