nsIScriptSecurityManager

IID:f4d74511-2b2d-4a14-a3e4-a392ac5ac3ff
Inherits From:nsIXPCSecurityManager

This interface is implemented by the following components:


Constants

Default CheckLoadURI permissions
PRUint32 STANDARD = 0
PRUint32 DISALLOW_FROM_MAIL = 1
PRUint32 ALLOW_CHROME = 2
PRUint32 DISALLOW_SCRIPT_OR_DATA = 4
PRUint32 DISALLOW_SCRIPT = 8

Methods

[noscript] PRBool canExecuteScripts ( JSContextPtr* cx , nsIPrincipal principal ) [noscript] void checkConnect ( JSContextPtr* JSContext , nsIURI targetURI , char* className , char* property ) [noscript] void checkFunctionAccess ( JSContextPtr* cx , voidPtr* funObj , voidPtr* targetObj ) void checkLoadURI ( nsIURI from , nsIURI uri , PRUint32 flags ) [noscript] void checkLoadURIFromScript ( JSContextPtr* cx , nsIURI uri ) void checkLoadURIStr ( AUTF8String from , AUTF8String uri , PRUint32 flags ) [noscript] void checkLoadURIWithPrincipal ( nsIPrincipal principal , nsIURI uri , PRUint32 flags ) [noscript] void checkPropertyAccess ( JSContextPtr* JSContext , JSObjectPtr* JSObject , char* className , JSVal property , PRUint32 action ) [noscript] void checkSameOrigin ( JSContextPtr* JSContext , nsIURI targetURI ) [noscript] void checkSameOriginPrincipal ( nsIPrincipal sourcePrincipal , nsIPrincipal targetPrincipal ) void checkSameOriginURI ( nsIURI sourceURI , nsIURI targetURI ) void disableCapability ( char* capability ) void enableCapability ( char* capability ) [noscript] nsIPrincipal getCertificatePrincipal ( AUTF8String certFingerprint , AUTF8String subjectName , AUTF8String prettyName , nsISupports cert , nsIURI URI ) [noscript] nsIPrincipal getCodebasePrincipal ( nsIURI URI ) [noscript] nsIPrincipal getObjectPrincipal ( JSContextPtr* cx , JSObjectPtr* obj ) [noscript] nsIPrincipal getPrincipalFromContext ( JSContextPtr* cx ) [noscript] nsIPrincipal getSubjectPrincipal ( ) [noscript] nsIPrincipal getSystemPrincipal ( ) PRBool isCapabilityEnabled ( char* capability ) [noscript] PRInt16 requestCapability ( nsIPrincipal principal , char* capability ) void revertCapability ( char* capability ) [noscript] PRBool securityCompareURIs ( nsIURI subjectURI , nsIURI objectURI ) void setCanEnableCapability ( AUTF8String certificateFingerprint , char* capability , PRInt16 canEnable ) [noscript] PRBool subjectPrincipalIsSystem ( )

PRBool canExecuteScripts ( JSContextPtr* cx , nsIPrincipal principal )

Return true if content from the given principal is allowed to execute scripts.

Arguments:
cx
principal

void checkConnect ( JSContextPtr* JSContext , nsIURI targetURI , char* className , char* property )

Checks whether the running script is allowed to connect to targetURI

Arguments:
JSContext
targetURI
className
property

void checkFunctionAccess ( JSContextPtr* cx , voidPtr* funObj , voidPtr* targetObj )

Check that the function 'funObj' is allowed to run on 'targetObj'

Will return error code NS_ERROR_DOM_SECURITY_ERR if the function should not run

Arguments:
cx: The current active JavaScript context.
funObj: The function trying to run..
targetObj: The object the function will run on.

void checkLoadURI ( nsIURI from , nsIURI uri , PRUint32 flags )

Check that content from "from" can load "uri".

Will return error code NS_ERROR_DOM_BAD_URI if the load request should be denied.

Arguments:
from: the URI causing the load
uri: the URI that is being loaded
flags: the permission set, see above

void checkLoadURIFromScript ( JSContextPtr* cx , nsIURI uri )

Check that the script currently running in context "cx" can load "uri".

Will return error code NS_ERROR_DOM_BAD_URI if the load request should be denied.

Arguments:
cx: the JSContext of the script causing the load
uri: the URI that is being loaded

void checkLoadURIStr ( AUTF8String from , AUTF8String uri , PRUint32 flags )

Same as CheckLoadURI but takes string arguments for ease of use by scripts

Arguments:
from
uri
flags

void checkLoadURIWithPrincipal ( nsIPrincipal principal , nsIURI uri , PRUint32 flags )

Check that content with principal principal can load "uri".

Will return error code NS_ERROR_DOM_BAD_URI if the load request should be denied.

Arguments:
principal: the URI causing the load
uri: the URI that is being loaded
flags: the permission set, see above

void checkPropertyAccess ( JSContextPtr* JSContext , JSObjectPtr* JSObject , char* className , JSVal property , PRUint32 action )

Checks whether the running script is allowed to access property.

Arguments:
JSContext
JSObject
className
property
action

void checkSameOrigin ( JSContextPtr* JSContext , nsIURI targetURI )

Returns OK if jSContext and target have the same "origin" (scheme, host, and port).

Arguments:
JSContext
targetURI

void checkSameOriginPrincipal ( nsIPrincipal sourcePrincipal , nsIPrincipal targetPrincipal )

Returns OK if sourcePrincipal and targetPrincipal have the same "origin" (scheme, host, and port).

Arguments:
sourcePrincipal
targetPrincipal

void checkSameOriginURI ( nsIURI sourceURI , nsIURI targetURI )

Returns OK if sourceURI and target have the same "origin" (scheme, host, and port).

Arguments:
sourceURI
targetURI

void disableCapability ( char* capability )

Disable 'capability' in the innermost frame of the currently executing script.

Arguments:
capability

void enableCapability ( char* capability )

Enable 'capability' in the innermost frame of the currently executing script.

Arguments:
capability

nsIPrincipal getCertificatePrincipal ( AUTF8String certFingerprint , AUTF8String subjectName , AUTF8String prettyName , nsISupports cert , nsIURI URI )

Return a principal with the specified certificate fingerprint, subject name (the full name or concatenated set of names of the entity represented by the certificate), pretty name, certificate, and codebase URI. The certificate fingerprint and subject name MUST be nonempty; otherwise an error will be thrown. Similarly, cert must not be null.

Arguments:
certFingerprint
subjectName
prettyName
cert
URI

nsIPrincipal getCodebasePrincipal ( nsIURI URI )

Return a principal that has the same origin as uRI.

Arguments:
URI

nsIPrincipal getObjectPrincipal ( JSContextPtr* cx , JSObjectPtr* obj )

Return the principal of the specified object in the specified context.

Arguments:
cx
obj

nsIPrincipal getPrincipalFromContext ( JSContextPtr* cx )

Returns the principal of the global object of the given context, or null if no global or no principal.

Arguments:
cx

nsIPrincipal getSubjectPrincipal ( )

Return the principal of the innermost frame of the currently executing script. Will return null if there is no script currently executing.


nsIPrincipal getSystemPrincipal ( )

Return the all-powerful system principal.


PRBool isCapabilityEnabled ( char* capability )

Return true if the currently executing script has 'capability' enabled.

Arguments:
capability

PRInt16 requestCapability ( nsIPrincipal principal , char* capability )

Request that 'capability' can be enabled by scripts or applets running with 'principal'. Will prompt user if necessary. Returns nsIPrincipal::ENABLE_GRANTED or nsIPrincipal::ENABLE_DENIED based on user's choice.

Arguments:
principal
capability

void revertCapability ( char* capability )

Remove 'capability' from the innermost frame of the currently executing script. Any setting of 'capability' from enclosing frames thus comes into effect.

Arguments:
capability

PRBool securityCompareURIs ( nsIURI subjectURI , nsIURI objectURI )

Utility method for comparing two URIs. For security purposes, two URIs are equivalent if their schemes, hosts, and ports (if any) match. This method returns true if subjectURI and objectURI have the same origin, false otherwise.

Arguments:
subjectURI
objectURI

void setCanEnableCapability ( AUTF8String certificateFingerprint , char* capability , PRInt16 canEnable )

Allow 'certificateID' to enable 'capability.' Can only be performed by code signed by the system certificate.

Arguments:
certificateFingerprint
capability
canEnable

PRBool subjectPrincipalIsSystem ( )

Returns true if the principal of the currently running script is the system principal, false otherwise.

Reference documentation is generated from Mozilla's source.

Add a note User Contributed Notes
No comments available

Copyright © 1999 - 2005 XULPlanet.com