X-Git-Url: http://git.webkit.org/?p=WebKit-https.git;a=blobdiff_plain;f=WebCore%2Fworkers%2FWorker.cpp;h=9185baedf26cc06d049c1a9b2d98fb33362bbd24;hp=866687f928950051d88789fedd18e911b199841b;hb=96865d99afbd140feec35a8d64a672d6ea53c5a5;hpb=931ff473045758cf5085bfbbe525d20df3197c4a

diff --git a/WebCore/workers/Worker.cpp b/WebCore/workers/Worker.cpp
index 866687f..9185bae 100644
--- a/WebCore/workers/Worker.cpp
+++ b/WebCore/workers/Worker.cpp
@@ -50,12 +50,28 @@
 
 namespace WebCore {
 
-Worker::Worker(const String& url, ScriptExecutionContext* context)
+Worker::Worker(const String& url, ScriptExecutionContext* context, ExceptionCode& ec)
     : AbstractWorker(context)
     , m_contextProxy(WorkerContextProxy::create(this))
 {
+    if (url.isEmpty()) {
+        ec = SYNTAX_ERR;
+        return;
+    }
+
+    KURL scriptURL = context->completeURL(url);
+    if (!scriptURL.isValid()) {
+        ec = SYNTAX_ERR;
+        return;
+    }
+
+    if (!context->securityOrigin()->canAccess(SecurityOrigin::create(scriptURL).get())) {
+        ec = SECURITY_ERR;
+        return;
+    }
+
     m_scriptLoader = new WorkerScriptLoader();
-    m_scriptLoader->loadAsynchronously(scriptExecutionContext(), url, CompleteURL, DenyCrossOriginLoad, this);
+    m_scriptLoader->loadAsynchronously(scriptExecutionContext(), scriptURL, DenyCrossOriginRedirect, this);
     setPendingActivity(this);  // The worker context does not exist while loading, so we must ensure that the worker object is not collected, as well as its event listeners.
 }