Interface nsIScriptSecurityManagerType

Takes a string of the following format: {"1": {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}} and turns it into a principal or a nullptr on error.

Per-domain controls to enable and disable script. This system is designed to be used by at most one consumer, and enforces this with its semantics.

Initially, domainPolicyActive is false. When activateDomainPolicy() is invoked, domainPolicyActive becomes true, and subsequent calls to activateDomainPolicy() will fail until deactivate() is invoked on the nsIDomainPolicy returned from activateDomainPolicy(). At this point, domainPolicyActive becomes false again, and a new consumer may acquire control of the system by invoking activateDomainPolicy().

Only the parent process can directly access domain policies, child processes only have a read-only mirror to the one in the parent. For child processes the mirror is updated via messages and ContentChild will hold the DomainPolicy by calling ActivateDomainPolicyInternal directly. New consumer to this function should not be addded.

For each of these hooks returning NS_OK means 'let the action continue'. Returning an error code means 'veto the action'. XPConnect will return false to the js engine if the action is vetoed. The implementor of this interface is responsible for setting a JS exception into the JSContext if that is appropriate.

Check that the script currently running in context "cx" can load "uri".

Will return error code NS_ERROR_DOM_BAD_URI if the load request should be denied.

Same as the above, but when called from JS, raises exceptions with more useful messages, including both the tested URI and the principal string.

Similar to checkLoadURIWithPrincipal but there are two differences:

1. The URI is a string, not a URI object.
2. This function assumes that the URI may still be subject to fixup (and hence will check whether fixed-up versions of the URI are allowed to load as well); if any of the versions of this URI is not allowed, this function will return error code NS_ERROR_DOM_BAD_URI.

Same as the above, but when called from JS, raises exceptions with more useful messages, including both the tested URI and the principal string.

Check that content with principal aPrincipal can load "uri".

Will return error code NS_ERROR_DOM_BAD_URI if the load request should be denied.

Returns OK if aSourceURI and target have the same "origin" (scheme, host, and port). ReportError flag suppresses error reports for functions that don't need reporting. FromPrivateWindow indicates whether the error occurs in a private window or not.

This function is for internal use only. Every time a child process is spawned, we must clone any active domain policies in the parent to the new child.

Returns a principal whose origin is composed of |uri| and |originAttributes|. See nsIPrincipal.idl for a description of origin attributes, and ChromeUtils.webidl for a list of origin attributes and their defaults.

Returns a principal whose origin is the one we pass in. See nsIPrincipal.idl for a description of origin attributes, and ChromeUtils.webidl for a list of origin attributes and their defaults.

Returns a unique nonce principal with |originAttributes|. See nsIPrincipal.idl for a description of origin attributes, and ChromeUtils.webidl for a list of origin attributes and their defaults.

Get the principal for the given channel. This will typically be the channel owner if there is one, and the content principal for the channel's URI otherwise. aChannel must not be null.

Temporary API until bug 1220687 is fixed.

Returns the same value as getChannelResultPrincipal, but ignoring sandboxing. Specifically, if sandboxing would have prevented the channel's triggering principal from being returned by getChannelResultPrincipal, the triggering principal will be returned by this method.

Note that this method only ignores sandboxing of the channel in question, it does not ignore sandboxing of any channels further up a document chain. The triggering principal itself may still be the null principal due to sandboxing further up a document chain. In that regard the ignoring of sandboxing is limited.

This method returns 2 principals from a nsIChannel:

• aPrincipal is the regular principal.
• aPartitionedPrincipal is aPrincipal plus an isolation key in its originAttributes. See more in StoragePrincipalHelper.h

Get the storage principal for the given channel. This is basically the same of getChannelResultPrincipal() execept for trackers, where we return a principal with a different OriginAttributes.

Get the content principal for the channel's URI. aChannel must not be null.

Returns a principal that has the OriginAttributes of the docshell.

Returns a principal that has the OriginAttributes of the load context.

Return the all-powerful system principal.

Returns true if the URI is from a domain that is allow-listed through prefs to be allowed to use file:// URIs.

Query mechanism for the above policy.

If domainPolicyEnabled is false, this simply returns the current value of javascript.enabled. Otherwise, it returns the same value, but taking the various blocklist/allowlist exceptions into account.

Takes a principal and returns a string representation of it or a nullptr if it can't be serialized. Example output: {"1": {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}}

If this is a content principal, return a copy with different origin attributes.