Darin Fisher wrote:
So, if channels support nsIPropertyBag and they somehow dispatch a notification to observers from AsyncOpen, then we could get around needing nsISecureIOService.
Hmm... True.
We could create a utility function for creating a channel with principal that content and imagelib and other necko consumers could all use.
Seems reasonable, I guess. But what really worries me is JS. Especially extension JS. It would be _very_ nice to have a simple litmus test for extension authors: Does your code use this method? If so, it's insecure. I'm really not sure what a good way to deal with this is. :(
This way, necko doesn't really need to change that much. Moreover, provided we make nsBaseChannel emit "on-modify-request" or some similar callback from AsyncOpen, this will all work fine when third-party protocol handlers use nsInputStreamChannel to satisfy their NewChannel method.
Assuming they propagate their property bag stuff to it, sure. -Boris _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
