import "nsIScriptSecurityManager.idl";
Inheritance diagram for nsIScriptSecurityManager:
Collaboration diagram for nsIScriptSecurityManager:
Public Member Functions | |
| void | checkPropertyAccess (in JSContextPtr aJSContext, in JSObjectPtr aJSObject, in string aClassName, in jsid aProperty, in PRUint32 aAction) |
| Checks whether the running script is allowed to access aProperty. | |
| void | checkLoadURIFromScript (in JSContextPtr cx, in nsIURI uri) |
| Check that the script currently running in context "cx" can load "uri". | |
| void | checkLoadURIWithPrincipal (in nsIPrincipal aPrincipal, in nsIURI uri, in unsigned long flags) |
| Check that content with principal aPrincipal can load "uri". | |
| void | checkLoadURI (in nsIURI from, in nsIURI uri, in unsigned long flags) |
| Check that content from "from" can load "uri". | |
| void | checkLoadURIStrWithPrincipal (in nsIPrincipal aPrincipal, in AUTF8String uri, in unsigned long flags) |
| Similar to checkLoadURIWithPrincipal but there are two differences: | |
| void | checkLoadURIStr (in AUTF8String from, in AUTF8String uri, in unsigned long flags) |
| Same as CheckLoadURI but takes string arguments for ease of use by scripts. | |
| void | checkFunctionAccess (in JSContextPtr cx, in voidPtr funObj, in voidPtr targetObj) |
| Check that the function 'funObj' is allowed to run on 'targetObj'. | |
| boolean | canExecuteScripts (in JSContextPtr cx, in nsIPrincipal principal) |
| Return true if content from the given principal is allowed to execute scripts. | |
| nsIPrincipal | getSubjectPrincipal () |
| Return the principal of the innermost frame of the currently executing script. | |
| nsIPrincipal | getSystemPrincipal () |
| Return the all-powerful system principal. | |
| nsIPrincipal | getCertificatePrincipal (in AUTF8String aCertFingerprint, in AUTF8String aSubjectName, in AUTF8String aPrettyName, in nsISupports aCert, in nsIURI aURI) |
| Return a principal with the specified certificate fingerprint, subject name (the full name or concatenated set of names of the entity represented by the certificate), pretty name, certificate, and codebase URI. | |
| nsIPrincipal | getCodebasePrincipal (in nsIURI aURI) |
| Return a principal that has the same origin as aURI. | |
| short | requestCapability (in nsIPrincipal principal, in string capability) |
| Request that 'capability' can be enabled by scripts or applets running with 'principal'. | |
| boolean | isCapabilityEnabled (in string capability) |
| Return true if the currently executing script has 'capability' enabled. | |
| void | enableCapability (in string capability) |
| Enable 'capability' in the innermost frame of the currently executing script. | |
| void | revertCapability (in string capability) |
| Remove 'capability' from the innermost frame of the currently executing script. | |
| void | disableCapability (in string capability) |
| Disable 'capability' in the innermost frame of the currently executing script. | |
| void | setCanEnableCapability (in AUTF8String certificateFingerprint, in string capability, in short canEnable) |
| Allow 'certificateID' to enable 'capability. | |
| nsIPrincipal | getObjectPrincipal (in JSContextPtr cx, in JSObjectPtr obj) |
| Return the principal of the specified object in the specified context. | |
| boolean | subjectPrincipalIsSystem () |
| Returns true if the principal of the currently running script is the system principal, false otherwise. | |
| void | checkSameOrigin (in JSContextPtr aJSContext, in nsIURI aTargetURI) |
| Returns OK if aJSContext and target have the same "origin" (scheme, host, and port). | |
| void | checkSameOriginURI (in nsIURI aSourceURI, in nsIURI aTargetURI, in boolean reportError) |
| Returns OK if aSourceURI and target have the same "origin" (scheme, host, and port). | |
| nsIPrincipal | getPrincipalFromContext (in JSContextPtr cx) |
| Returns the principal of the global object of the given context, or null if no global or no principal. | |
| nsIPrincipal | getChannelPrincipal (in nsIChannel aChannel) |
| Get the principal for the given channel. | |
| boolean | isSystemPrincipal (in nsIPrincipal aPrincipal) |
| Check whether a given principal is a system principal. | |
| nsIPrincipal | getCxSubjectPrincipal (in JSContextPtr cx) |
| Same as getSubjectPrincipal(), only faster. | |
| nsIPrincipal | getCxSubjectPrincipalAndFrame (in JSContextPtr cx, out JSStackFramePtr fp) |
| void | pushContextPrincipal (in JSContextPtr cx, in JSStackFramePtr fp, in nsIPrincipal principal) |
| If no scripted code is running "above" (or called from) fp, then instead of looking at cx->globalObject, we will return |principal|. | |
| void | popContextPrincipal (in JSContextPtr cx) |
| Removes a clamp set by pushContextPrincipal from cx. | |
Public Attributes | |
| const unsigned long | STANDARD = 0 |
| Default CheckLoadURI permissions. | |
| const unsigned long | LOAD_IS_AUTOMATIC_DOCUMENT_REPLACEMENT = 1 << 0 |
| const unsigned long | ALLOW_CHROME = 1 << 1 |
| const unsigned long | DISALLOW_INHERIT_PRINCIPAL = 1 << 2 |
| const unsigned long | DISALLOW_SCRIPT_OR_DATA = DISALLOW_INHERIT_PRINCIPAL |
| const unsigned long | DISALLOW_SCRIPT = 1 << 3 |
Member Function Documentation
| boolean nsIScriptSecurityManager::canExecuteScripts | ( | in JSContextPtr | cx, | |
| in nsIPrincipal | principal | |||
| ) |
Return true if content from the given principal is allowed to execute scripts.
| void nsIScriptSecurityManager::checkFunctionAccess | ( | in JSContextPtr | cx, | |
| in voidPtr | funObj, | |||
| in voidPtr | targetObj | |||
| ) |
Check that the function 'funObj' is allowed to run on 'targetObj'.
Will return error code NS_ERROR_DOM_SECURITY_ERR if the function should not run
- Parameters:
-
cx The current active JavaScript context. funObj The function trying to run.. targetObj The object the function will run on.
| void nsIScriptSecurityManager::checkLoadURI | ( | in nsIURI | from, | |
| in nsIURI | uri, | |||
| in unsigned long | flags | |||
| ) |
Check that content from "from" can load "uri".
Will return error code NS_ERROR_DOM_BAD_URI if the load request should be denied.
- Parameters:
-
from the URI causing the load uri the URI that is being loaded flags the permission set, see above
- Deprecated:
- Use checkLoadURIWithPrincipal instead of this function.
| void nsIScriptSecurityManager::checkLoadURIFromScript | ( | in JSContextPtr | cx, | |
| in nsIURI | uri | |||
| ) |
Check that the script currently running in context "cx" can load "uri".
Will return error code NS_ERROR_DOM_BAD_URI if the load request should be denied.
- Parameters:
-
cx the JSContext of the script causing the load uri the URI that is being loaded
| void nsIScriptSecurityManager::checkLoadURIStr | ( | in AUTF8String | from, | |
| in AUTF8String | uri, | |||
| in unsigned long | flags | |||
| ) |
Same as CheckLoadURI but takes string arguments for ease of use by scripts.
- Deprecated:
- Use checkLoadURIStrWithPrincipal instead of this function.
| void nsIScriptSecurityManager::checkLoadURIStrWithPrincipal | ( | in nsIPrincipal | aPrincipal, | |
| in AUTF8String | uri, | |||
| in unsigned long | flags | |||
| ) |
Similar to checkLoadURIWithPrincipal but there are two differences:
1) The URI is a string, not a URI object. 2) This function assumes that the URI may still be subject to fixup (and hence will check whether fixed-up versions of the URI are allowed to load as well); if any of the versions of this URI is not allowed, this function will return error code NS_ERROR_DOM_BAD_URI.
| void nsIScriptSecurityManager::checkLoadURIWithPrincipal | ( | in nsIPrincipal | aPrincipal, | |
| in nsIURI | uri, | |||
| in unsigned long | flags | |||
| ) |
Check that content with principal aPrincipal can load "uri".
Will return error code NS_ERROR_DOM_BAD_URI if the load request should be denied.
- Parameters:
-
aPrincipal the principal identifying the actor causing the load uri the URI that is being loaded flags the permission set, see above
| void nsIScriptSecurityManager::checkPropertyAccess | ( | in JSContextPtr | aJSContext, | |
| in JSObjectPtr | aJSObject, | |||
| in string | aClassName, | |||
| in jsid | aProperty, | |||
| in PRUint32 | aAction | |||
| ) |
Checks whether the running script is allowed to access aProperty.
| void nsIScriptSecurityManager::checkSameOrigin | ( | in JSContextPtr | aJSContext, | |
| in nsIURI | aTargetURI | |||
| ) |
Returns OK if aJSContext and target have the same "origin" (scheme, host, and port).
| void nsIScriptSecurityManager::checkSameOriginURI | ( | in nsIURI | aSourceURI, | |
| in nsIURI | aTargetURI, | |||
| in boolean | reportError | |||
| ) |
Returns OK if aSourceURI and target have the same "origin" (scheme, host, and port).
ReportError flag suppresses error reports for functions that don't need reporting.
| void nsIScriptSecurityManager::disableCapability | ( | in string | capability | ) |
Disable 'capability' in the innermost frame of the currently executing script.
| void nsIScriptSecurityManager::enableCapability | ( | in string | capability | ) |
Enable 'capability' in the innermost frame of the currently executing script.
| nsIPrincipal nsIScriptSecurityManager::getCertificatePrincipal | ( | in AUTF8String | aCertFingerprint, | |
| in AUTF8String | aSubjectName, | |||
| in AUTF8String | aPrettyName, | |||
| in nsISupports | aCert, | |||
| in nsIURI | aURI | |||
| ) |
Return a principal with the specified certificate fingerprint, subject name (the full name or concatenated set of names of the entity represented by the certificate), pretty name, certificate, and codebase URI.
The certificate fingerprint and subject name MUST be nonempty; otherwise an error will be thrown. Similarly, aCert must not be null.
| nsIPrincipal nsIScriptSecurityManager::getChannelPrincipal | ( | in nsIChannel | aChannel | ) |
Get the principal for the given channel.
This will typically be the channel owner if there is one, and the codebase principal for the channel's URI otherwise. aChannel must not be null.
| nsIPrincipal nsIScriptSecurityManager::getCodebasePrincipal | ( | in nsIURI | aURI | ) |
Return a principal that has the same origin as aURI.
| nsIPrincipal nsIScriptSecurityManager::getCxSubjectPrincipal | ( | in JSContextPtr | cx | ) |
Same as getSubjectPrincipal(), only faster.
cx must *never* be passed null, and it must be the context on the top of the context stack. Does *not* reference count the returned principal.
| nsIPrincipal nsIScriptSecurityManager::getCxSubjectPrincipalAndFrame | ( | in JSContextPtr | cx, | |
| out JSStackFramePtr | fp | |||
| ) |
| nsIPrincipal nsIScriptSecurityManager::getObjectPrincipal | ( | in JSContextPtr | cx, | |
| in JSObjectPtr | obj | |||
| ) |
Return the principal of the specified object in the specified context.
| nsIPrincipal nsIScriptSecurityManager::getPrincipalFromContext | ( | in JSContextPtr | cx | ) |
Returns the principal of the global object of the given context, or null if no global or no principal.
| nsIPrincipal nsIScriptSecurityManager::getSubjectPrincipal | ( | ) |
Return the principal of the innermost frame of the currently executing script.
Will return null if there is no script currently executing.
| nsIPrincipal nsIScriptSecurityManager::getSystemPrincipal | ( | ) |
Return the all-powerful system principal.
| boolean nsIScriptSecurityManager::isCapabilityEnabled | ( | in string | capability | ) |
Return true if the currently executing script has 'capability' enabled.
| boolean nsIScriptSecurityManager::isSystemPrincipal | ( | in nsIPrincipal | aPrincipal | ) |
Check whether a given principal is a system principal.
This allows us to avoid handing back the system principal to script while allowing script to check whether a given principal is system.
| void nsIScriptSecurityManager::popContextPrincipal | ( | in JSContextPtr | cx | ) |
Removes a clamp set by pushContextPrincipal from cx.
This must be called in a stack-like fashion (e.g., given two contexts |a| and |b|, it is not legal to do: push(a) push(b) pop(a)).
| void nsIScriptSecurityManager::pushContextPrincipal | ( | in JSContextPtr | cx, | |
| in JSStackFramePtr | fp, | |||
| in nsIPrincipal | principal | |||
| ) |
If no scripted code is running "above" (or called from) fp, then instead of looking at cx->globalObject, we will return |principal|.
This function only affects |cx|. If someone pushes another context onto the context stack, then it supersedes this call. NOTE: If |fp| is non-null popContextPrincipal must be called before fp has finished executing.
- Parameters:
-
cx The context to clamp. fp The frame pointer to clamp at. May be 'null'. principal The principal to clamp to.
| short nsIScriptSecurityManager::requestCapability | ( | in nsIPrincipal | principal, | |
| in string | capability | |||
| ) |
Request that 'capability' can be enabled by scripts or applets running with 'principal'.
Will prompt user if necessary. Returns nsIPrincipal::ENABLE_GRANTED or nsIPrincipal::ENABLE_DENIED based on user's choice.
| void nsIScriptSecurityManager::revertCapability | ( | in string | capability | ) |
Remove 'capability' from the innermost frame of the currently executing script.
Any setting of 'capability' from enclosing frames thus comes into effect.
| void nsIScriptSecurityManager::setCanEnableCapability | ( | in AUTF8String | certificateFingerprint, | |
| in string | capability, | |||
| in short | canEnable | |||
| ) |
Allow 'certificateID' to enable 'capability.
' Can only be performed by code signed by the system certificate.
| boolean nsIScriptSecurityManager::subjectPrincipalIsSystem | ( | ) |
Returns true if the principal of the currently running script is the system principal, false otherwise.
Member Data Documentation
| const unsigned long nsIScriptSecurityManager::ALLOW_CHROME = 1 << 1 |
| const unsigned long nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL = 1 << 2 |
| const unsigned long nsIScriptSecurityManager::DISALLOW_SCRIPT = 1 << 3 |
| const unsigned long nsIScriptSecurityManager::DISALLOW_SCRIPT_OR_DATA = DISALLOW_INHERIT_PRINCIPAL |
| const unsigned long nsIScriptSecurityManager::LOAD_IS_AUTOMATIC_DOCUMENT_REPLACEMENT = 1 << 0 |
| const unsigned long nsIScriptSecurityManager::STANDARD = 0 |
Default CheckLoadURI permissions.
The documentation for this interface was generated from the following file:
