I think it's time to ask Apple to (1) document this somehow, and (2) expose a the private API for making it possible for developers to white-list or turn off the restriction where needed.
Anyhow, I traced the WebCore method you suggested up to this private WebView API: > @interface WebView (WebViewPrivate) > > // Whitelists access from an origin (sourceOrigin) to a set of one or more > origins described by the parameters: > // - destinationProtocol: The protocol to grant access to. > // - destinationHost: The host to grant access to. > // - allowDestinationSubdomains: If host is a domain, setting this to YES > will whitelist host and all its subdomains, recursively. > + (void)_addOriginAccessWhitelistEntryWithSourceOrigin:(NSString > *)sourceOrigin destinationProtocol:(NSString *)destinationProtocol > destinationHost:(NSString *)destinationHost > allowDestinationSubdomains:(BOOL)allowDestinationSubdomains; > > @end > I tried using it like this. I'm not really clear on what I should be putting as the parameters. I gave it my best guess but no dice. [WebView _addOriginAccessWhitelistEntryWithSourceOrigin:@"localhost" destinationProtocol:@"file" destinationHost:@"localhost" allowDestinationSubdomains:NO]; Any advice from those in the know? On Jun 25, 2010, at 6:19 AM, Alexander Shulgin wrote: > On 24.06.2010 22:37, Dan Wood wrote: >> I'm seeing an odd behavior, and I wonder if it is a regression in Safari >> 5's webkit, and if there is a workaround. >> >> I have an HTML string which I have loaded up from a remote website, and >> modified slightly to include an image with a source of a local file:// URL. >> >> Then I try to load it into my webview with -[WebFrame >> loadHTMLString:baseURL:]. I pass in the base URL so that the images with >> relative paths will show properly. >> >> This works fine, except that my file:// image does not load! It's not >> even requested, if I monitor the resource load delegate! > > I pretty much believe it is blocked for security reasons, as I ended up > debugging similar issue just recently. > > There's WebCore::SecurityOrigin::addOriginAccessWhitelistEntry() you could > use, however I can't seem to find it's WebKit equivalent. > > -- > Alex -- Dan Wood Twitter: http://twitter.com/danwood Karelia Software — Sandvox for the Mac http://www.karelia.com/ "According to some estimates we cannot track $2.3 Trillion in transactions" - Donald Rumsfeld, September 10, 2001 _______________________________________________ webkit-help mailing list [email protected] http://lists.webkit.org/mailman/listinfo.cgi/webkit-help
