Chrome-side changes to use registerURLSchemeNoAccess.

webkit/port/bindings/v8/v8_proxy.cpp

Index: webkit/port/bindings/v8/v8_proxy.cpp
===================================================================
--- webkit/port/bindings/v8/v8_proxy.cpp	(revision 11496)
+++ webkit/port/bindings/v8/v8_proxy.cpp	(working copy)
@@ -1996,6 +1996,10 @@
     if (origin->protocol() == "http" || origin->protocol() == "https")
         return false;  // Web site
 
+    // TODO(darin): the following are application decisions, and they should
+    // not be made at this layer.  instead, we should bridge out to the
+    // embedder to allow them to override policy here.
+
     if (origin->protocol() == ChromiumBridge::uiResourceProtocol())
         return true;   // Embedder's scripts are ok to run
 
@@ -2208,20 +2212,6 @@
     if (!target_security_origin)
         return false;
 
-    String ui_resource_protocol = ChromiumBridge::uiResourceProtocol();
-    if (active_security_origin->protocol() == ui_resource_protocol) {
-        KURL inspector_url = ChromiumBridge::inspectorURL();
-        ASSERT(inspector_url.protocol() == ui_resource_protocol);
-
-        // The Inspector can access anything.
-        if (active_security_origin->host() == inspector_url.host())
-            return true;
-
-        // To mitigate XSS vulnerabilities on the browser itself, UI resources
-        // besides the Inspector can't access other documents.
-        return false;
-    }
-
     if (active_security_origin->canAccess(target_security_origin))
         return true;