Custom handlers should throw SecurityError exception if the URL's origin differs from the document'…

Source/core/dom/Document.cpp

Index: Source/core/dom/Document.cpp
diff --git a/Source/core/dom/Document.cpp b/Source/core/dom/Document.cpp
index 996a28e911bf13003b2f50d01cf4cf77b99a505b..694305a36d09284f1a8a7540a4b5b0a1085b9be4 100644
--- a/Source/core/dom/Document.cpp
+++ b/Source/core/dom/Document.cpp
@@ -4803,11 +4803,11 @@ void Document::initSecurityContext(const DocumentInit& initializer)
         if (!settings->webSecurityEnabled()) {
             // Web security is turned off. We should let this document access every other document. This is used primary by testing
             // harnesses for web sites.
-            securityOrigin()->grantUniversalAccess();
+            securityOrigin()->setUniversalAccess(true);

[abarth-chromium, 2014/08/06 18:34:55]

This doesn't make sense.  There's no way to revoke universal access.  That's a
technical impossibility.

[pals, 2014/08/07 14:06:06]

This change is not required anymore. Removed.

         } else if (securityOrigin()->isLocal()) {
             if (settings->allowUniversalAccessFromFileURLs()) {
                 // Some clients want local URLs to have universal access, but that setting is dangerous for other clients.
-                securityOrigin()->grantUniversalAccess();
+                securityOrigin()->setUniversalAccess(true);
             } else if (!settings->allowFileAccessFromFileURLs()) {
                 // Some clients want local URLs to have even tighter restrictions by default, and not be able to access other local files.
                 // FIXME 81578: The naming of this is confusing. Files with restricted access to other local files