Compare to:
Implemented by
- @mozilla.org/globalprefsecuritycheck;1
- @mozilla.org/scriptsecuritymanager;1
- @mozilla.org/netwerk/global-channel-event-sink;1
WARNING!! The JEP needs to call GetSubjectPrincipal() to support JavaScript-to-Java LiveConnect. So every change to the nsIScriptSecurityManager interface (big enough to change its IID) also breaks JavaScript-to-Java LiveConnect on mac. If you REALLY have to change this interface, please mark your bug as blocking bug 293973.
[scriptable, uuid(f8e350b9-9f31-451a-8c8f-d10fea26b780)]
interface nsIScriptSecurityManager : nsIXPCSecurityManager
Constants
Default CheckLoadURI permissions
const
unsigned long
STANDARD = 0
const
unsigned long
LOAD_IS_AUTOMATIC_DOCUMENT_REPLACEMENT = 1
const
unsigned long
ALLOW_CHROME = 2
const
unsigned long
DISALLOW_INHERIT_PRINCIPAL = 4
const
unsigned long
DISALLOW_SCRIPT_OR_DATA = 4
const
unsigned long
DISALLOW_SCRIPT = 8
Methods
Return true if content from the given principal is allowed to execute scripts.
[noscript]
boolean
canExecuteScripts(in JSContextPtr cx, in nsIPrincipal principal)
Checks whether the running script is allowed to connect to aTargetURI
[noscript]
void
checkConnect(in JSContextPtr aJSContext, in nsIURI aTargetURI, in string aClassName, in string aProperty)
Check that the function 'funObj' is allowed to run on 'targetObj' Will return error code NS_ERROR_DOM_SECURITY_ERR if the function should not run @param cx The current active JavaScript context. @param funObj The function trying to run.. @param targetObj The object the function will run on.
[noscript]
void
checkFunctionAccess(in JSContextPtr cx, in voidPtr funObj, in voidPtr targetObj)
Check that content from "from" can load "uri". Will return error code NS_ERROR_DOM_BAD_URI if the load request should be denied. @param from the URI causing the load @param uri the URI that is being loaded @param flags the permission set, see above @deprecated Use checkLoadURIWithPrincipal instead of this function.
void
checkLoadURI(in nsIURI from, in nsIURI uri, in unsigned long flags)
Check that the script currently running in context "cx" can load "uri". Will return error code NS_ERROR_DOM_BAD_URI if the load request should be denied. @param cx the JSContext of the script causing the load @param uri the URI that is being loaded
[noscript]
void
checkLoadURIFromScript(in JSContextPtr cx, in nsIURI uri)
Same as CheckLoadURI but takes string arguments for ease of use by scripts @deprecated Use checkLoadURIStrWithPrincipal instead of this function.
void
checkLoadURIStr(in AUTF8String from, in AUTF8String uri, in unsigned long flags)
Similar to checkLoadURIWithPrincipal but there are two differences: 1) The URI is a string, not a URI object. 2) This function assumes that the URI may still be subject to fixup (and hence will check whether fixed-up versions of the URI are allowed to load as well); if any of the versions of this URI is not allowed, this function will return error code NS_ERROR_DOM_BAD_URI.
void
checkLoadURIStrWithPrincipal(in nsIPrincipal aPrincipal, in AUTF8String uri, in unsigned long flags)
Check that content with principal aPrincipal can load "uri". Will return error code NS_ERROR_DOM_BAD_URI if the load request should be denied. @param aPrincipal the principal identifying the actor causing the load @param uri the URI that is being loaded @param flags the permission set, see above
void
checkLoadURIWithPrincipal(in nsIPrincipal aPrincipal, in nsIURI uri, in unsigned long flags)
Checks whether the running script is allowed to access aProperty.
[noscript]
void
checkPropertyAccess(in JSContextPtr aJSContext, in JSObjectPtr aJSObject, in string aClassName, in JSVal aProperty, in PRUint32 aAction)
Returns OK if aJSContext and target have the same "origin" (scheme, host, and port).
[noscript]
void
checkSameOrigin(in JSContextPtr aJSContext, in nsIURI aTargetURI)
Returns OK if aSourceURI and target have the same "origin" (scheme, host, and port). ReportError flag suppresses error reports for functions that don't need reporting.
void
checkSameOriginURI(in nsIURI aSourceURI, in nsIURI aTargetURI, in boolean reportError)
Disable 'capability' in the innermost frame of the currently executing script.
void
disableCapability(in string capability)
Enable 'capability' in the innermost frame of the currently executing script.
void
enableCapability(in string capability)
Return a principal with the specified certificate fingerprint, subject name (the full name or concatenated set of names of the entity represented by the certificate), pretty name, certificate, and codebase URI. The certificate fingerprint and subject name MUST be nonempty; otherwise an error will be thrown. Similarly, aCert must not be null.
[noscript]
nsIPrincipal
getCertificatePrincipal(in AUTF8String aCertFingerprint, in AUTF8String aSubjectName, in AUTF8String aPrettyName, in nsISupports aCert, in nsIURI aURI)
Get the principal for the given channel. This will typically be the channel owner if there is one, and the codebase principal for the channel's URI otherwise. aChannel must not be null.
nsIPrincipal
getChannelPrincipal(in nsIChannel aChannel)
Return a principal that has the same origin as aURI.
nsIPrincipal
getCodebasePrincipal(in nsIURI aURI)
Same as getSubjectPrincipal(), only faster. cx must *never* be passed null, and it must be the context on the top of the context stack. Does *not* reference count the returned principal.
[noscript, notxpcom]
nsIPrincipal
getCxSubjectPrincipal(in JSContextPtr cx)
[noscript, notxpcom]
nsIPrincipal
getCxSubjectPrincipalAndFrame(in JSContextPtr cx, out JSStackFramePtr fp)
Return the principal of the specified object in the specified context.
[noscript]
nsIPrincipal
getObjectPrincipal(in JSContextPtr cx, in JSObjectPtr obj)
Returns the principal of the global object of the given context, or null if no global or no principal.
[noscript]
nsIPrincipal
getPrincipalFromContext(in JSContextPtr cx)
Return the principal of the innermost frame of the currently executing script. Will return null if there is no script currently executing.
[noscript]
nsIPrincipal
getSubjectPrincipal()
Return the all-powerful system principal.
[noscript]
nsIPrincipal
getSystemPrincipal()
Return true if the currently executing script has 'capability' enabled.
boolean
isCapabilityEnabled(in string capability)
Check whether a given principal is a system principal. This allows us to avoid handing back the system principal to script while allowing script to check whether a given principal is system.
boolean
isSystemPrincipal(in nsIPrincipal aPrincipal)
Request that 'capability' can be enabled by scripts or applets running with 'principal'. Will prompt user if necessary. Returns nsIPrincipal::ENABLE_GRANTED or nsIPrincipal::ENABLE_DENIED based on user's choice.
[noscript]
short
requestCapability(in nsIPrincipal principal, in string capability)
Remove 'capability' from the innermost frame of the currently executing script. Any setting of 'capability' from enclosing frames thus comes into effect.
void
revertCapability(in string capability)
Allow 'certificateID' to enable 'capability.' Can only be performed by code signed by the system certificate.
void
setCanEnableCapability(in AUTF8String certificateFingerprint, in string capability, in short canEnable)
Returns true if the principal of the currently running script is the system principal, false otherwise.
[noscript]
boolean
subjectPrincipalIsSystem()