Custom handlers should throw SecurityError exception if the URL's origin differs from the document'…

LayoutTests/navigatorcontentutils/unregister-protocol-handler.html

Index: LayoutTests/navigatorcontentutils/unregister-protocol-handler.html
diff --git a/LayoutTests/navigatorcontentutils/unregister-protocol-handler.html b/LayoutTests/navigatorcontentutils/unregister-protocol-handler.html
index b6180f93e6e679c119a050b860e816e0f61852b7..cc014a861591aff2a3c137e7778ae24d7d6485a7 100644
--- a/LayoutTests/navigatorcontentutils/unregister-protocol-handler.html
+++ b/LayoutTests/navigatorcontentutils/unregister-protocol-handler.html
@@ -6,8 +6,10 @@
 <p>This test makes sure that navigator.unregisterProtocolHandler throws the proper exceptions and has no-op default implementation.</p>
 <pre id="console"></pre>
 <script>
-if (window.testRunner)
+if (window.testRunner) {
+    testRunner.setAllowUniversalAccessFromFileURLs(false);
     testRunner.dumpAsText();
+}
 
 if (window.internals)
     internals.setNavigatorContentUtilsClientMock(document);
@@ -81,6 +83,21 @@ invalid_urls.forEach(function (url) {
         debug('FAIL Invalid url "' + url + '" allowed.');
 });
 
+// Test that the API throws SecurityError exception if the URL's origin differs from the document's origin.
+succeeded = false;
+var errorMessage;
+try {
+    window.navigator.unregisterProtocolHandler('web+myprotocol', "http://www.example.com/soup?url=%s", "title");
+} catch (e) {
+    succeeded = true;
+    errorMessage = e.message;
+}
+
+if (succeeded)
+    debug('PASS URL with origin different than document origin threw SecurityError exception: "' + errorMessage + '".');
+else
+    debug('FAIL URL with origin different than document origin is allowed.');
+
 // Test that the API has default no-op implementation.
 var succeeded = true;
 try {