1 files changed, 18 insertions, 0 deletions

diff --git a/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp b/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp
index c0b3e22..516c533 100644
--- a/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp
+++ b/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp
@@ -90,6 +90,20 @@ static URLSchemesMap& schemesWithUniqueOrigins()
     return schemesWithUniqueOrigins;
 }
 
+static bool schemeRequiresAuthority(const String& scheme)
+{
+    DEFINE_STATIC_LOCAL(URLSchemesMap, schemes, ());
+
+    if (schemes.isEmpty()) {
+        schemes.add("http");
+        schemes.add("https");
+        schemes.add("ftp");
+    }
+
+    return schemes.contains(scheme);
+}
+
+
 SecurityOrigin::SecurityOrigin(const KURL& url, SandboxFlags sandboxFlags)
     : m_sandboxFlags(sandboxFlags)
     , m_protocol(url.protocol().isNull() ? "" : url.protocol().lower())
@@ -103,6 +117,10 @@ SecurityOrigin::SecurityOrigin(const KURL& url, SandboxFlags sandboxFlags)
     if (m_protocol == "about" || m_protocol == "javascript")
         m_protocol = "";
 
+    // For edge case URLs that were probably misparsed, make sure that the origin is unique.
+    if (schemeRequiresAuthority(m_protocol) && m_host.isEmpty())
+        m_isUnique = true;
+
     // document.domain starts as m_host, but can be set by the DOM.
     m_domain = m_host;