Take care of a FIXME in SecurityOrigin.cpp to check the validity of any innerURL during constructio…

Source/platform/weborigin/SecurityOrigin.cpp

Index: Source/platform/weborigin/SecurityOrigin.cpp
diff --git a/Source/platform/weborigin/SecurityOrigin.cpp b/Source/platform/weborigin/SecurityOrigin.cpp
index c979d83d7b2bf463fa237768070d6e553b813264..5404ee5b95b9f9c665feeef3e0c11f9bb9e494a1 100644
--- a/Source/platform/weborigin/SecurityOrigin.cpp
+++ b/Source/platform/weborigin/SecurityOrigin.cpp
@@ -97,19 +97,24 @@ static bool shouldTreatAsUniqueOrigin(const KURL& url)
         return true;
 
     // FIXME: Do we need to unwrap the URL further?
-    KURL innerURL = SecurityOrigin::shouldUseInnerURL(url) ? SecurityOrigin::extractInnerURL(url) : url;
-
-    // FIXME: Check whether innerURL is valid.
+    KURL relevantURL;
+    if (SecurityOrigin::shouldUseInnerURL(url)) {
+        relevantURL = SecurityOrigin::extractInnerURL(url);
+        if (!relevantURL.isValid())
+            return true;
+    } else {
+        relevantURL = url;
+    }
 
     // For edge case URLs that were probably misparsed, make sure that the origin is unique.
     // FIXME: Do we really need to do this? This looks to be a hack around a
     // security bug in CFNetwork that might have been fixed.
-    if (schemeRequiresAuthority(innerURL) && innerURL.host().isEmpty())
+    if (schemeRequiresAuthority(relevantURL) && relevantURL.host().isEmpty())

[sof, 2015/08/25 13:39:52]

If relevantURL is now checked for validity, is this check needed? The
String(Impl) allocation churn it brings, pains me :)

[michaeln, 2015/08/25 22:47:42]

hmmm... good question... i'm not sure?

         return true;
 
     // SchemeRegistry needs a lower case protocol because it uses HashMaps
     // that assume the scheme has already been canonicalized.
-    String protocol = innerURL.protocol().lower();
+    String protocol = relevantURL.protocol().lower();
 
     if (SchemeRegistry::shouldTreatURLSchemeAsNoAccess(protocol))
         return true;