https://bugs.webkit.org/show_bug.cgi?id=23535
        Strengthen debug checks in KURL

        Covered (and prompted) by existing tests.

        * platform/KURL.cpp:
        (WebCore::checkEncodedString): Check that the first character of the URL is an allowed
        first scheme character, not just that it isn't a slash.
        (WebCore::KURL::KURL): Assert that parsing didn't affect the string (which must be the case
        because of parsing being idempotent).

        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::create): Added a check for the URL being valid - if it is not, an
        empty security origin is created.
        (WebCore::SecurityOrigin::createFromString): Parse the string as URL, do not just convert
        it - it is not guaranteed to be properly encoded.

        * dom/Document.cpp: (WebCore::Document::updateBaseURL): As documentURI is an arbitrary
        string, it needs to be parsed into an URL, not just converted into one.

        * html/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::createPattern):
        Create the security origin with createFromString() instead of create(). I do not know where
        the string comes from and whether it might not be properly encoded, but this change can't
        hurt, and makes the code slightly more clear.

        * xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::accessControlCheck): Create the security
        origin with createFromString() instead of create(). The string comes from an HTTP response
        header, so it may not be a properly encoded URL.

        * loader/DocLoader.cpp: (WebCore::DocLoader::requestResource): Do not try to request using
        invalid URLs.

        * page/DOMWindow.cpp: (WebCore::DOMWindow::postMessage): Updated to call
        SecurityOrigin::createFromString() (no change in behavior).



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@40242 268f45cc-cd09-0410-ab3c-d52691b4dbfc