[scriptable, uuid(f8e350b9-9f31-451a-8c8f-d10fea26b780)]
interface nsIScriptSecurityManager : nsIXPCSecurityManager

Constants

 Default CheckLoadURI permissions
const unsigned long STANDARD = 0

          
const unsigned long LOAD_IS_AUTOMATIC_DOCUMENT_REPLACEMENT = 1

          
const unsigned long ALLOW_CHROME = 2

          
const unsigned long DISALLOW_INHERIT_PRINCIPAL = 4

          
const unsigned long DISALLOW_SCRIPT_OR_DATA = 4

          
const unsigned long DISALLOW_SCRIPT = 8

Methods

 Return true if content from the given principal is allowed to
 execute scripts.
[noscript] boolean canExecuteScripts(in JSContextPtr cx, in nsIPrincipal principal)
 Checks whether the running script is allowed to connect to aTargetURI
[noscript] void checkConnect(in JSContextPtr aJSContext, in nsIURI aTargetURI, in string aClassName, in string aProperty)
 Check that the function 'funObj' is allowed to run on 'targetObj'

 Will return error code NS_ERROR_DOM_SECURITY_ERR if the function
 should not run

 @param cx The current active JavaScript context.
 @param funObj The function trying to run..
 @param targetObj The object the function will run on.
[noscript] void checkFunctionAccess(in JSContextPtr cx, in voidPtr funObj, in voidPtr targetObj)
 Check that content from "from" can load "uri".

 Will return error code NS_ERROR_DOM_BAD_URI if the load request 
 should be denied.

 @param from the URI causing the load
 @param uri the URI that is being loaded
 @param flags the permission set, see above

 @deprecated Use checkLoadURIWithPrincipal instead of this function.
void checkLoadURI(in nsIURI from, in nsIURI uri, in unsigned long flags)
 Check that the script currently running in context "cx" can load "uri".

 Will return error code NS_ERROR_DOM_BAD_URI if the load request 
 should be denied.

 @param cx the JSContext of the script causing the load
 @param uri the URI that is being loaded
[noscript] void checkLoadURIFromScript(in JSContextPtr cx, in nsIURI uri)
 Same as CheckLoadURI but takes string arguments for ease of use
 by scripts

 @deprecated Use checkLoadURIStrWithPrincipal instead of this function.
void checkLoadURIStr(in AUTF8String from, in AUTF8String uri, in unsigned long flags)
 Similar to checkLoadURIWithPrincipal but there are two differences:

 1) The URI is a string, not a URI object.
 2) This function assumes that the URI may still be subject to fixup (and
 hence will check whether fixed-up versions of the URI are allowed to
 load as well); if any of the versions of this URI is not allowed, this
 function will return error code NS_ERROR_DOM_BAD_URI.
void checkLoadURIStrWithPrincipal(in nsIPrincipal aPrincipal, in AUTF8String uri, in unsigned long flags)
 Check that content with principal aPrincipal can load "uri".

 Will return error code NS_ERROR_DOM_BAD_URI if the load request 
 should be denied.

 @param aPrincipal the principal identifying the actor causing the load
 @param uri the URI that is being loaded
 @param flags the permission set, see above
void checkLoadURIWithPrincipal(in nsIPrincipal aPrincipal, in nsIURI uri, in unsigned long flags)
 Checks whether the running script is allowed to access aProperty.
[noscript] void checkPropertyAccess(in JSContextPtr aJSContext, in JSObjectPtr aJSObject, in string aClassName, in JSVal aProperty, in PRUint32 aAction)
 Returns OK if aJSContext and target have the same "origin"
 (scheme, host, and port).
[noscript] void checkSameOrigin(in JSContextPtr aJSContext, in nsIURI aTargetURI)
 Returns OK if aSourceURI and target have the same "origin"
 (scheme, host, and port).
 ReportError flag suppresses error reports for functions that
 don't need reporting.
void checkSameOriginURI(in nsIURI aSourceURI, in nsIURI aTargetURI, in boolean reportError)
 Disable 'capability' in the innermost frame of the currently executing
 script.
void disableCapability(in string capability)
 Enable 'capability' in the innermost frame of the currently executing
 script.
void enableCapability(in string capability)
 Return a principal with the specified certificate fingerprint, subject
 name (the full name or concatenated set of names of the entity
 represented by the certificate), pretty name, certificate, and
 codebase URI.  The certificate fingerprint and subject name MUST be
 nonempty; otherwise an error will be thrown.  Similarly, aCert must
 not be null.
[noscript] nsIPrincipal getCertificatePrincipal(in AUTF8String aCertFingerprint, in AUTF8String aSubjectName, in AUTF8String aPrettyName, in nsISupports aCert, in nsIURI aURI)
 Get the principal for the given channel.  This will typically be the
 channel owner if there is one, and the codebase principal for the
 channel's URI otherwise.  aChannel must not be null.
nsIPrincipal getChannelPrincipal(in nsIChannel aChannel)
 Return a principal that has the same origin as aURI.
nsIPrincipal getCodebasePrincipal(in nsIURI aURI)
 Same as getSubjectPrincipal(), only faster. cx must *never* be
 passed null, and it must be the context on the top of the
 context stack. Does *not* reference count the returned
 principal.
[noscript, notxpcom] nsIPrincipal getCxSubjectPrincipal(in JSContextPtr cx)

          
[noscript, notxpcom] nsIPrincipal getCxSubjectPrincipalAndFrame(in JSContextPtr cx, out JSStackFramePtr fp)
 Return the principal of the specified object in the specified context.
[noscript] nsIPrincipal getObjectPrincipal(in JSContextPtr cx, in JSObjectPtr obj)
 Returns the principal of the global object of the given context, or null
 if no global or no principal.
[noscript] nsIPrincipal getPrincipalFromContext(in JSContextPtr cx)
 Return the principal of the innermost frame of the currently 
 executing script. Will return null if there is no script 
 currently executing.
[noscript] nsIPrincipal getSubjectPrincipal()
 Return the all-powerful system principal.
[noscript] nsIPrincipal getSystemPrincipal()
 Return true if the currently executing script has 'capability' enabled.
boolean isCapabilityEnabled(in string capability)
 Check whether a given principal is a system principal.  This allows us
 to avoid handing back the system principal to script while allowing
 script to check whether a given principal is system.
boolean isSystemPrincipal(in nsIPrincipal aPrincipal)
 Request that 'capability' can be enabled by scripts or applets
 running with 'principal'. Will prompt user if
 necessary. Returns nsIPrincipal::ENABLE_GRANTED or
 nsIPrincipal::ENABLE_DENIED based on user's choice.
[noscript] short requestCapability(in nsIPrincipal principal, in string capability)
 Remove 'capability' from the innermost frame of the currently
 executing script. Any setting of 'capability' from enclosing
 frames thus comes into effect.
void revertCapability(in string capability)
 Allow 'certificateID' to enable 'capability.' Can only be performed
 by code signed by the system certificate.
void setCanEnableCapability(in AUTF8String certificateFingerprint, in string capability, in short canEnable)
 Returns true if the principal of the currently running script is the
 system principal, false otherwise.
[noscript] boolean subjectPrincipalIsSystem()