Anna Nachesa wrote:
If I unset URI_LOADABLE_BY_ANYONE and set URI_IS_UI_RESOURCE, then the links
to the custom protocol from file://xxx.html get rejected.
Yes, I understand that.
It seems that this protocol should return different set of flags for
different situations to get past the nsScriptSecurityManager...
If your goal is to introduce security bugs, yes... I mean the security
manager is not really being arbitrary here. It's preventing things that
are security problems.
From the other side, if linking to *.xul is wrong
Linking to chrome:// from web-accessible content is wrong. There is no
problem linking to .xul per se.
> Is there somewhere the list of things which are allowed
and not allowed, from mozilla architetcure point of view?
You mean somewhere in the form of documentation? You might want to look
at developer.mozilla.org; if it's not there it's not anywhere. The code
is, of course, available at all times.
-Boris
_______________________________________________
dev-embedding mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-embedding
