Harden the implementation of '--disable-web-security'

third_party/WebKit/Source/core/dom/Document.cpp

Index: third_party/WebKit/Source/core/dom/Document.cpp
diff --git a/third_party/WebKit/Source/core/dom/Document.cpp b/third_party/WebKit/Source/core/dom/Document.cpp
index 1e47f442157510b83b9c9d82cd55cf388366721c..1d38939178e3975bcd39e7d212370d7d9f5d1ce1 100644
--- a/third_party/WebKit/Source/core/dom/Document.cpp
+++ b/third_party/WebKit/Source/core/dom/Document.cpp
@@ -4803,7 +4803,7 @@ void Document::initSecurityContext(const DocumentInit& initializer)
         } else if (securityOrigin()->isLocal()) {
             if (settings->allowUniversalAccessFromFileURLs()) {
                 // Some clients want local URLs to have universal access, but that setting is dangerous for other clients.
-                securityOrigin()->grantUniversalAccess();
+                securityOrigin()->grantUniversalAccessForFileOrigins();
             } else if (!settings->allowFileAccessFromFileURLs()) {
                 // Some clients do not want local URLs to have access to other local URLs.
                 securityOrigin()->blockLocalAccessFromLocalOrigin();