Boris Zbarsky wrote:
>
>> It seems that this protocol should return different set of flags for
>> different situations to get past the nsScriptSecurityManager...
>
> If your goal is to introduce security bugs, yes... I mean the security
> manager is not really being arbitrary here. It's preventing things that
> are security problems.
>
I understand this, so I would not really want to go that way.
Boris Zbarsky wrote:
>
> Linking to chrome:// from web-accessible content is wrong. There is no
> problem linking to .xul per se.
>
Well, strictly speaking this content is not web-accessible. This is a page
generated locally, by the application itself. It doesn't come from the
server.
Anyway, I guess I either have to change the content so that it doesn't
lilnks to chrome or to tweak SecurityManager so that it doesn't restrict our
protocol. I would prefer the first option.
--
View this message in context:
http://www.nabble.com/nsScriptSecurityManager-and-a-custom-protocol-tp22227469p22249223.html
Sent from the Mozilla - Embedding mailing list archive at Nabble.com.
_______________________________________________
dev-embedding mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-embedding
