If I unset URI_LOADABLE_BY_ANYONE and set URI_IS_UI_RESOURCE, then the links to the custom protocol from file://xxx.html get rejected.
It seems that this protocol should return different set of flags for different situations to get past the nsScriptSecurityManager... >From the other side, if linking to *.xul is wrong, may be something should be changed there? Is there somewhere the list of things which are allowed and not allowed, from mozilla architetcure point of view? Boris Zbarsky wrote: > > Anna Nachesa wrote: >> What does it means in practice: "the content you're loading chrome:// >> from >> is not accessible to everyone"? > > Protocol handler doesn't set the URI_LOADABLE_BY_ANYONE flag and does > set the URI_IS_UI_RESOURCE flag. > > > -- View this message in context: http://www.nabble.com/nsScriptSecurityManager-and-a-custom-protocol-tp22227469p22248207.html Sent from the Mozilla - Embedding mailing list archive at Nabble.com. _______________________________________________ dev-embedding mailing list [email protected] https://lists.mozilla.org/listinfo/dev-embedding
