nsIScriptSecurityManager Interface

 Return true if content from the given principal is allowed to
 execute scripts.

[noscript] boolean canExecuteScripts(in JSContextPtr cx, in nsIPrincipal principal)

 Checks whether the running script is allowed to connect to aTargetURI

[noscript] void checkConnect(in JSContextPtr aJSContext, in nsIURI aTargetURI, in string aClassName, in string aProperty)

 Check that the function 'funObj' is allowed to run on 'targetObj'

 Will return error code NS_ERROR_DOM_SECURITY_ERR if the function
 should not run

 @param cx The current active JavaScript context.
 @param funObj The function trying to run..
 @param targetObj The object the function will run on.

[noscript] void checkFunctionAccess(in JSContextPtr cx, in voidPtr funObj, in voidPtr targetObj)

 Check that content from "from" can load "uri".

 Will return error code NS_ERROR_DOM_BAD_URI if the load request 
 should be denied.

 @param from the URI causing the load
 @param uri the URI that is being loaded
 @param flags the permission set, see above

void checkLoadURI(in nsIURI from, in nsIURI uri, in unsigned long flags)

 Check that the script currently running in context "cx" can load "uri".

 Will return error code NS_ERROR_DOM_BAD_URI if the load request 
 should be denied.

 @param cx the JSContext of the script causing the load
 @param uri the URI that is being loaded

[noscript] void checkLoadURIFromScript(in JSContextPtr cx, in nsIURI uri)

 Same as CheckLoadURI but takes string arguments for ease of use
 by scripts

void checkLoadURIStr(in AUTF8String from, in AUTF8String uri, in unsigned long flags)

 Check that content with principal aPrincipal can load "uri".

 Will return error code NS_ERROR_DOM_BAD_URI if the load request 
 should be denied.

 @param aPrincipal the URI causing the load
 @param uri the URI that is being loaded
 @param flags the permission set, see above

[noscript] void checkLoadURIWithPrincipal(in nsIPrincipal aPrincipal, in nsIURI uri, in unsigned long flags)

 Checks whether the running script is allowed to access aProperty.

[noscript] void checkPropertyAccess(in JSContextPtr aJSContext, in JSObjectPtr aJSObject, in string aClassName, in JSVal aProperty, in PRUint32 aAction)

 Returns OK if aJSContext and target have the same "origin"
 (scheme, host, and port).

[noscript] void checkSameOrigin(in JSContextPtr aJSContext, in nsIURI aTargetURI)

 Returns OK if aSourcePrincipal and aTargetPrincipal
 have the same "origin" (scheme, host, and port).

[noscript] void checkSameOriginPrincipal(in nsIPrincipal aSourcePrincipal, in nsIPrincipal aTargetPrincipal)

 Returns OK if aSourceURI and target have the same "origin"
 (scheme, host, and port).

void checkSameOriginURI(in nsIURI aSourceURI, in nsIURI aTargetURI)

 Disable 'capability' in the innermost frame of the currently executing
 script.

void disableCapability(in string capability)

 Enable 'capability' in the innermost frame of the currently executing
 script.

void enableCapability(in string capability)

 Return a principal with the specified certificate fingerprint, subject
 name (the full name or concatenated set of names of the entity
 represented by the certificate), pretty name, certificate, and
 codebase URI.  The certificate fingerprint and subject name MUST be
 nonempty; otherwise an error will be thrown.  Similarly, aCert must
 not be null.

[noscript] nsIPrincipal getCertificatePrincipal(in AUTF8String aCertFingerprint, in AUTF8String aSubjectName, in AUTF8String aPrettyName, in nsISupports aCert, in nsIURI aURI)

 Return a principal that has the same origin as aURI.

[noscript] nsIPrincipal getCodebasePrincipal(in nsIURI aURI)

 Return the principal of the specified object in the specified context.

[noscript] nsIPrincipal getObjectPrincipal(in JSContextPtr cx, in JSObjectPtr obj)

 Returns the principal of the global object of the given context, or null
 if no global or no principal.

[noscript] nsIPrincipal getPrincipalFromContext(in JSContextPtr cx)

 Return the principal of the innermost frame of the currently 
 executing script. Will return null if there is no script 
 currently executing.

[noscript] nsIPrincipal getSubjectPrincipal()

 Return the all-powerful system principal.

[noscript] nsIPrincipal getSystemPrincipal()

 Return true if the currently executing script has 'capability' enabled.

boolean isCapabilityEnabled(in string capability)

 Request that 'capability' can be enabled by scripts or applets
 running with 'principal'. Will prompt user if
 necessary. Returns nsIPrincipal::ENABLE_GRANTED or
 nsIPrincipal::ENABLE_DENIED based on user's choice.

[noscript] short requestCapability(in nsIPrincipal principal, in string capability)

 Remove 'capability' from the innermost frame of the currently
 executing script. Any setting of 'capability' from enclosing
 frames thus comes into effect.

void revertCapability(in string capability)

 Utility method for comparing two URIs.  For security purposes, two URIs
 are equivalent if their schemes, hosts, and ports (if any) match.  This
 method returns true if aSubjectURI and aObjectURI have the same origin,
 false otherwise.

[noscript] boolean securityCompareURIs(in nsIURI aSubjectURI, in nsIURI aObjectURI)

 Allow 'certificateID' to enable 'capability.' Can only be performed
 by code signed by the system certificate.

void setCanEnableCapability(in AUTF8String certificateFingerprint, in string capability, in short canEnable)

 Returns true if the principal of the currently running script is the
 system principal, false otherwise.

[noscript] boolean subjectPrincipalIsSystem()