Public Member Functions | Public Attributes

nsIScriptSecurityManager Interface Reference

import "nsIScriptSecurityManager.idl";

Inheritance diagram for nsIScriptSecurityManager:
Collaboration diagram for nsIScriptSecurityManager:

List of all members.

Public Member Functions

void checkPropertyAccess (in JSContextPtr aJSContext, in JSObjectPtr aJSObject, in string aClassName, in jsid aProperty, in PRUint32 aAction)
 Checks whether the running script is allowed to access aProperty.
void checkLoadURIFromScript (in JSContextPtr cx, in nsIURI uri)
 Check that the script currently running in context "cx" can load "uri".
void checkLoadURIWithPrincipal (in nsIPrincipal aPrincipal, in nsIURI uri, in unsigned long flags)
 Check that content with principal aPrincipal can load "uri".
void checkLoadURI (in nsIURI from, in nsIURI uri, in unsigned long flags)
 Check that content from "from" can load "uri".
void checkLoadURIStrWithPrincipal (in nsIPrincipal aPrincipal, in AUTF8String uri, in unsigned long flags)
 Similar to checkLoadURIWithPrincipal but there are two differences:
void checkLoadURIStr (in AUTF8String from, in AUTF8String uri, in unsigned long flags)
 Same as CheckLoadURI but takes string arguments for ease of use by scripts.
void checkFunctionAccess (in JSContextPtr cx, in voidPtr funObj, in voidPtr targetObj)
 Check that the function 'funObj' is allowed to run on 'targetObj'.
boolean canExecuteScripts (in JSContextPtr cx, in nsIPrincipal principal)
 Return true if content from the given principal is allowed to execute scripts.
nsIPrincipal getSubjectPrincipal ()
 Return the principal of the innermost frame of the currently executing script.
nsIPrincipal getSystemPrincipal ()
 Return the all-powerful system principal.
nsIPrincipal getCertificatePrincipal (in AUTF8String aCertFingerprint, in AUTF8String aSubjectName, in AUTF8String aPrettyName, in nsISupports aCert, in nsIURI aURI)
 Return a principal with the specified certificate fingerprint, subject name (the full name or concatenated set of names of the entity represented by the certificate), pretty name, certificate, and codebase URI.
nsIPrincipal getCodebasePrincipal (in nsIURI aURI)
 Return a principal that has the same origin as aURI.
short requestCapability (in nsIPrincipal principal, in string capability)
 Request that 'capability' can be enabled by scripts or applets running with 'principal'.
boolean isCapabilityEnabled (in string capability)
 Return true if the currently executing script has 'capability' enabled.
void enableCapability (in string capability)
 Enable 'capability' in the innermost frame of the currently executing script.
void revertCapability (in string capability)
 Remove 'capability' from the innermost frame of the currently executing script.
void disableCapability (in string capability)
 Disable 'capability' in the innermost frame of the currently executing script.
void setCanEnableCapability (in AUTF8String certificateFingerprint, in string capability, in short canEnable)
 Allow 'certificateID' to enable 'capability.
nsIPrincipal getObjectPrincipal (in JSContextPtr cx, in JSObjectPtr obj)
 Return the principal of the specified object in the specified context.
boolean subjectPrincipalIsSystem ()
 Returns true if the principal of the currently running script is the system principal, false otherwise.
void checkSameOrigin (in JSContextPtr aJSContext, in nsIURI aTargetURI)
 Returns OK if aJSContext and target have the same "origin" (scheme, host, and port).
void checkSameOriginURI (in nsIURI aSourceURI, in nsIURI aTargetURI, in boolean reportError)
 Returns OK if aSourceURI and target have the same "origin" (scheme, host, and port).
nsIPrincipal getPrincipalFromContext (in JSContextPtr cx)
 Returns the principal of the global object of the given context, or null if no global or no principal.
nsIPrincipal getChannelPrincipal (in nsIChannel aChannel)
 Get the principal for the given channel.
boolean isSystemPrincipal (in nsIPrincipal aPrincipal)
 Check whether a given principal is a system principal.
nsIPrincipal getCxSubjectPrincipal (in JSContextPtr cx)
 Same as getSubjectPrincipal(), only faster.
nsIPrincipal getCxSubjectPrincipalAndFrame (in JSContextPtr cx, out JSStackFramePtr fp)
void pushContextPrincipal (in JSContextPtr cx, in JSStackFramePtr fp, in nsIPrincipal principal)
 If no scripted code is running "above" (or called from) fp, then instead of looking at cx->globalObject, we will return |principal|.
void popContextPrincipal (in JSContextPtr cx)
 Removes a clamp set by pushContextPrincipal from cx.

Public Attributes

const unsigned long STANDARD = 0
 Default CheckLoadURI permissions.
const unsigned long LOAD_IS_AUTOMATIC_DOCUMENT_REPLACEMENT = 1 << 0
const unsigned long ALLOW_CHROME = 1 << 1
const unsigned long DISALLOW_INHERIT_PRINCIPAL = 1 << 2
const unsigned long DISALLOW_SCRIPT_OR_DATA = DISALLOW_INHERIT_PRINCIPAL
const unsigned long DISALLOW_SCRIPT = 1 << 3

Member Function Documentation

boolean nsIScriptSecurityManager::canExecuteScripts ( in JSContextPtr  cx,
in nsIPrincipal  principal 
)

Return true if content from the given principal is allowed to execute scripts.

void nsIScriptSecurityManager::checkFunctionAccess ( in JSContextPtr  cx,
in voidPtr  funObj,
in voidPtr  targetObj 
)

Check that the function 'funObj' is allowed to run on 'targetObj'.

Will return error code NS_ERROR_DOM_SECURITY_ERR if the function should not run

Parameters:
cx The current active JavaScript context.
funObj The function trying to run..
targetObj The object the function will run on.
void nsIScriptSecurityManager::checkLoadURI ( in nsIURI  from,
in nsIURI  uri,
in unsigned long  flags 
)

Check that content from "from" can load "uri".

Will return error code NS_ERROR_DOM_BAD_URI if the load request should be denied.

Parameters:
from the URI causing the load
uri the URI that is being loaded
flags the permission set, see above
Deprecated:
Use checkLoadURIWithPrincipal instead of this function.
void nsIScriptSecurityManager::checkLoadURIFromScript ( in JSContextPtr  cx,
in nsIURI  uri 
)

Check that the script currently running in context "cx" can load "uri".

Will return error code NS_ERROR_DOM_BAD_URI if the load request should be denied.

Parameters:
cx the JSContext of the script causing the load
uri the URI that is being loaded
void nsIScriptSecurityManager::checkLoadURIStr ( in AUTF8String  from,
in AUTF8String  uri,
in unsigned long  flags 
)

Same as CheckLoadURI but takes string arguments for ease of use by scripts.

Deprecated:
Use checkLoadURIStrWithPrincipal instead of this function.
void nsIScriptSecurityManager::checkLoadURIStrWithPrincipal ( in nsIPrincipal  aPrincipal,
in AUTF8String  uri,
in unsigned long  flags 
)

Similar to checkLoadURIWithPrincipal but there are two differences:

1) The URI is a string, not a URI object. 2) This function assumes that the URI may still be subject to fixup (and hence will check whether fixed-up versions of the URI are allowed to load as well); if any of the versions of this URI is not allowed, this function will return error code NS_ERROR_DOM_BAD_URI.

void nsIScriptSecurityManager::checkLoadURIWithPrincipal ( in nsIPrincipal  aPrincipal,
in nsIURI  uri,
in unsigned long  flags 
)

Check that content with principal aPrincipal can load "uri".

Will return error code NS_ERROR_DOM_BAD_URI if the load request should be denied.

Parameters:
aPrincipal the principal identifying the actor causing the load
uri the URI that is being loaded
flags the permission set, see above
void nsIScriptSecurityManager::checkPropertyAccess ( in JSContextPtr  aJSContext,
in JSObjectPtr  aJSObject,
in string  aClassName,
in jsid  aProperty,
in PRUint32  aAction 
)

Checks whether the running script is allowed to access aProperty.

void nsIScriptSecurityManager::checkSameOrigin ( in JSContextPtr  aJSContext,
in nsIURI  aTargetURI 
)

Returns OK if aJSContext and target have the same "origin" (scheme, host, and port).

void nsIScriptSecurityManager::checkSameOriginURI ( in nsIURI  aSourceURI,
in nsIURI  aTargetURI,
in boolean  reportError 
)

Returns OK if aSourceURI and target have the same "origin" (scheme, host, and port).

ReportError flag suppresses error reports for functions that don't need reporting.

void nsIScriptSecurityManager::disableCapability ( in string  capability  ) 

Disable 'capability' in the innermost frame of the currently executing script.

void nsIScriptSecurityManager::enableCapability ( in string  capability  ) 

Enable 'capability' in the innermost frame of the currently executing script.

nsIPrincipal nsIScriptSecurityManager::getCertificatePrincipal ( in AUTF8String  aCertFingerprint,
in AUTF8String  aSubjectName,
in AUTF8String  aPrettyName,
in nsISupports  aCert,
in nsIURI  aURI 
)

Return a principal with the specified certificate fingerprint, subject name (the full name or concatenated set of names of the entity represented by the certificate), pretty name, certificate, and codebase URI.

The certificate fingerprint and subject name MUST be nonempty; otherwise an error will be thrown. Similarly, aCert must not be null.

nsIPrincipal nsIScriptSecurityManager::getChannelPrincipal ( in nsIChannel  aChannel  ) 

Get the principal for the given channel.

This will typically be the channel owner if there is one, and the codebase principal for the channel's URI otherwise. aChannel must not be null.

nsIPrincipal nsIScriptSecurityManager::getCodebasePrincipal ( in nsIURI  aURI  ) 

Return a principal that has the same origin as aURI.

nsIPrincipal nsIScriptSecurityManager::getCxSubjectPrincipal ( in JSContextPtr  cx  ) 

Same as getSubjectPrincipal(), only faster.

cx must *never* be passed null, and it must be the context on the top of the context stack. Does *not* reference count the returned principal.

nsIPrincipal nsIScriptSecurityManager::getCxSubjectPrincipalAndFrame ( in JSContextPtr  cx,
out JSStackFramePtr  fp 
)
nsIPrincipal nsIScriptSecurityManager::getObjectPrincipal ( in JSContextPtr  cx,
in JSObjectPtr  obj 
)

Return the principal of the specified object in the specified context.

nsIPrincipal nsIScriptSecurityManager::getPrincipalFromContext ( in JSContextPtr  cx  ) 

Returns the principal of the global object of the given context, or null if no global or no principal.

nsIPrincipal nsIScriptSecurityManager::getSubjectPrincipal (  ) 

Return the principal of the innermost frame of the currently executing script.

Will return null if there is no script currently executing.

nsIPrincipal nsIScriptSecurityManager::getSystemPrincipal (  ) 

Return the all-powerful system principal.

boolean nsIScriptSecurityManager::isCapabilityEnabled ( in string  capability  ) 

Return true if the currently executing script has 'capability' enabled.

boolean nsIScriptSecurityManager::isSystemPrincipal ( in nsIPrincipal  aPrincipal  ) 

Check whether a given principal is a system principal.

This allows us to avoid handing back the system principal to script while allowing script to check whether a given principal is system.

void nsIScriptSecurityManager::popContextPrincipal ( in JSContextPtr  cx  ) 

Removes a clamp set by pushContextPrincipal from cx.

This must be called in a stack-like fashion (e.g., given two contexts |a| and |b|, it is not legal to do: push(a) push(b) pop(a)).

void nsIScriptSecurityManager::pushContextPrincipal ( in JSContextPtr  cx,
in JSStackFramePtr  fp,
in nsIPrincipal  principal 
)

If no scripted code is running "above" (or called from) fp, then instead of looking at cx->globalObject, we will return |principal|.

This function only affects |cx|. If someone pushes another context onto the context stack, then it supersedes this call. NOTE: If |fp| is non-null popContextPrincipal must be called before fp has finished executing.

Parameters:
cx The context to clamp.
fp The frame pointer to clamp at. May be 'null'.
principal The principal to clamp to.
short nsIScriptSecurityManager::requestCapability ( in nsIPrincipal  principal,
in string  capability 
)

Request that 'capability' can be enabled by scripts or applets running with 'principal'.

Will prompt user if necessary. Returns nsIPrincipal::ENABLE_GRANTED or nsIPrincipal::ENABLE_DENIED based on user's choice.

void nsIScriptSecurityManager::revertCapability ( in string  capability  ) 

Remove 'capability' from the innermost frame of the currently executing script.

Any setting of 'capability' from enclosing frames thus comes into effect.

void nsIScriptSecurityManager::setCanEnableCapability ( in AUTF8String  certificateFingerprint,
in string  capability,
in short  canEnable 
)

Allow 'certificateID' to enable 'capability.

' Can only be performed by code signed by the system certificate.

boolean nsIScriptSecurityManager::subjectPrincipalIsSystem (  ) 

Returns true if the principal of the currently running script is the system principal, false otherwise.


Member Data Documentation

const unsigned long nsIScriptSecurityManager::ALLOW_CHROME = 1 << 1
const unsigned long nsIScriptSecurityManager::DISALLOW_SCRIPT = 1 << 3
const unsigned long nsIScriptSecurityManager::STANDARD = 0

Default CheckLoadURI permissions.


The documentation for this interface was generated from the following file: