[*] POSIX security: let the execute/special bit override ADS blocks. Not that is matters, because modern Google bitched out of supporting Linux quarantine and FireFox devs are incompetent

People *do* care about this on Linux: https://github.com/rrika/chromium-referrer-backport/blob/master/trunk/chromium-metadata.patch
Of course Gnome devs are seething over doing anything of value: https://discourse.gnome.org/t/feat-xdg-extended-attribute-spec-support/16892/9
KDE devs malding at Fire*ack, crashes, would you like to send a bug report?* developers into adding support. Of course these lazy sacks of incompetent fucks havent done anything IN OVER A DECADE: https://bugzilla.mozilla.org/show_bug.cgi?id=665531
For some dumbfuck reason, those aforementioned gnome devs have gnome virtual file system that firefox - and only firefox - uses, despite MacOS adopting this TWO DECADE OLD LINUX FEATURE: https://connect.mozilla.org/t5/ideas/add-user-xdg-origin-url-attribute-to-downloaded-files/idi-p/17404 https://askubuntu.com/questions/633955/what-is-gvfsd-metadata

why am i even bothering?

Source/IO/FS/FileTrust.Unix.cpp

@@ -148,13 +148,13 @@ namespace Aurora::IO::FS
         auto length = ::getxattr(srcPath.c_str(), "user.xdg.referrer.url", nullptr, 0);
         if (length > 0)
         {
-            return true;
+            return !IsFileTrusted(srcPath);
         }
 
         length = ::getxattr(srcPath.c_str(), "user.xdg.origin.url", nullptr, 0);
         if (length > 0)
         {
-            return true;
+            return !IsFileTrusted(srcPath);
         }
 
         return false;