[Webkit-unassigned] [Bug 225716] New: Unable to use 'data:application/javascript' url for Worker
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 12 13:44:47 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=225716
Bug ID: 225716
Summary: Unable to use 'data:application/javascript' url for
Worker
Product: WebKit
Version: Safari Technology Preview
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Platform
Assignee: webkit-unassigned at lists.webkit.org
Reporter: nkronlage at hotmail.com
Using `new Worker('data:application/javascript,...')` results in 'SecurityError: The operation is insecure.'.
I'm able to create a Worker using a Blob to that same string, so it's not clear why this method is not allowed.
Chrome and Firefox both allow this.
Live repro: https://jsfiddle.net/3dn86s1h/
Code:
const code = 'postMessage("foo")';
const type = 'application/javascript';
const worker1 = new Worker(URL.createObjectURL(new Blob([code], {
type
})));
worker1.onmessage = function(e) {
document.body.insertAdjacentHTML('beforeend', 'worker1 returned: ' + e.data + '<br>');
};
const worker2 = new Worker(`data:${type},${code}`);
worker2.onmessage = function(e) {
document.body.insertAdjacentHTML('beforeend', 'worker2 returned: ' + e.data + '<br>');
};
Expected:
Document body shows results from both worker 1 and worker 2.
Actual:
Only Worker 1's results show in the body. Worker 2 threw 'SecurityError: The operation is insecure.'
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210512/090a16ed/attachment.htm>
More information about the webkit-unassigned
mailing list