search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update expectations after WebKit roll.
[chromium-blink-merge.git] / chrome_frame / script_security_manager.h
bloba586c845d29eccb63f05b0bf9b1172c1494d419b
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is mozilla.org code.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1999
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either of the GNU General Public License Version 2 or later (the "GPL"),
25 * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
36
37 #ifndef CHROME_FRAME_SCRIPT_SECURITY_MANAGER_H_
38 #define CHROME_FRAME_SCRIPT_SECURITY_MANAGER_H_
39
40 // Gecko headers need this on Windows.
41 #ifndef XP_WIN
42 #define XP_WIN
43 #endif
44
45 #include "chrome_frame/ns_associate_iid_win.h"
46 #include "third_party/xulrunner-sdk/win/include/caps/nsIScriptSecurityManager.h"
47
48 ASSOCIATE_IID(NS_ISCRIPTSECURITYMANAGER_IID_STR, nsIScriptSecurityManager);
49
50 // Because we need to support both Firefox 3.0.x and 3.5.x, and because Mozilla
51 // changed these unfrozen interfaces, both are declared here, with specific
52 // names for specific versions. Doing this makes it easier to adopt new
53 // version of the interfaces as they evolve in future version of Firefox.
54
55 // The xxx_FF30 declatations below were taken from the file
56 // nsIScriptSecurityManager.h in the gecko 1.9.0.5 SDK.
57 // The xxx_FF35 declarations below were taken from the file
58 // nsIScriptSecurityManager.h in the gecko 1.9.1 SDK.
59
60 #define NS_IXPCSECURITYMANAGER_IID_FF30 \
61 {0x31431440, 0xf1ce, 0x11d2, \
62 { 0x98, 0x5a, 0x00, 0x60, 0x08, 0x96, 0x24, 0x22 }}
63
64 class NS_NO_VTABLE nsIXPCSecurityManager_FF30 : public nsISupports {
65 public:
66
67 NS_DECLARE_STATIC_IID_ACCESSOR(NS_IXPCSECURITYMANAGER_IID_FF30)
68
69 /**
70 * These flags are used when calling nsIXPConnect::SetSecurityManager
71 */
72 enum { HOOK_CREATE_WRAPPER = 1U };
73
74 enum { HOOK_CREATE_INSTANCE = 2U };
75
76 enum { HOOK_GET_SERVICE = 4U };
77
78 enum { HOOK_CALL_METHOD = 8U };
79
80 enum { HOOK_GET_PROPERTY = 16U };
81
82 enum { HOOK_SET_PROPERTY = 32U };
83
84 enum { HOOK_ALL = 63U };
85
86 /**
87 * For each of these hooks returning NS_OK means 'let the action continue'.
88 * Returning an error code means 'veto the action'. XPConnect will return
89 * JS_FALSE to the js engine if the action is vetoed. The implementor of this
90 * interface is responsible for setting a JS exception into the JSContext
91 * if that is appropriate.
92 */
93 /* void CanCreateWrapper (in JSContextPtr aJSContext, in nsIIDRef aIID,
94 in nsISupports aObj, in nsIClassInfo aClassInfo,
95 inout voidPtr aPolicy); */
96 NS_IMETHOD CanCreateWrapper(JSContext* aJSContext, const nsIID & aIID,
97 nsISupports* aObj, nsIClassInfo* aClassInfo,
98 void** aPolicy) = 0;
99
100 /* void CanCreateInstance (in JSContextPtr aJSContext, in nsCIDRef aCID); */
101 NS_IMETHOD CanCreateInstance(JSContext* aJSContext, const nsCID& aCID) = 0;
102
103 /* void CanGetService (in JSContextPtr aJSContext, in nsCIDRef aCID); */
104 NS_IMETHOD CanGetService(JSContext* aJSContext, const nsCID& aCID) = 0;
105
106 enum { ACCESS_CALL_METHOD = 0U };
107
108 enum { ACCESS_GET_PROPERTY = 1U };
109
110 enum { ACCESS_SET_PROPERTY = 2U };
111
112 /* void CanAccess (in PRUint32 aAction,
113 in nsAXPCNativeCallContextPtr aCallContext,
114 in JSContextPtr aJSContext, in JSObjectPtr aJSObject,
115 in nsISupports aObj, in nsIClassInfo aClassInfo,
116 in JSVal aName, inout voidPtr aPolicy); */
117 NS_IMETHOD CanAccess(PRUint32 aAction,
118 nsAXPCNativeCallContext* aCallContext,
119 JSContext* aJSContext,
120 JSObject* aJSObject,
121 nsISupports* aObj,
122 nsIClassInfo* aClassInfo,
123 jsval aName, void** aPolicy) = 0;
124
125 };
126
127 NS_DEFINE_STATIC_IID_ACCESSOR(nsIXPCSecurityManager_FF30,
128 NS_IXPCSECURITYMANAGER_IID_FF30);
129
130
131 #define NS_ISCRIPTSECURITYMANAGER_IID_STR_FF30 \
132 "3fffd8e8-3fea-442e-a0ed-2ba81ae197d5"
133
134 #define NS_ISCRIPTSECURITYMANAGER_IID_FF30 \
135 {0x3fffd8e8, 0x3fea, 0x442e, \
136 { 0xa0, 0xed, 0x2b, 0xa8, 0x1a, 0xe1, 0x97, 0xd5 }}
137
138 /**
139 * WARNING!! The JEP needs to call GetSubjectPrincipal()
140 * to support JavaScript-to-Java LiveConnect. So every change to the
141 * nsIScriptSecurityManager interface (big enough to change its IID) also
142 * breaks JavaScript-to-Java LiveConnect on mac.
143 *
144 * If you REALLY have to change this interface, please mark your bug as
145 * blocking bug 293973.
146 */
147 class NS_NO_VTABLE NS_SCRIPTABLE nsIScriptSecurityManager_FF30 :
148 public nsIXPCSecurityManager_FF30 {
149 public:
150
151 NS_DECLARE_STATIC_IID_ACCESSOR(NS_ISCRIPTSECURITYMANAGER_IID_FF30)
152
153 /**
154 * Checks whether the running script is allowed to access aProperty.
155 */
156 /* [noscript] void checkPropertyAccess (in JSContextPtr aJSContext,
157 in JSObjectPtr aJSObject,
158 in string aClassName,
159 in JSVal aProperty,
160 in PRUint32 aAction); */
161 NS_IMETHOD CheckPropertyAccess(JSContext* aJSContext, JSObject* aJSObject,
162 const char* aClassName, jsval aProperty,
163 PRUint32 aAction) = 0;
164
165 /**
166 * Checks whether the running script is allowed to connect to aTargetURI
167 */
168 /* [noscript] void checkConnect (in JSContextPtr aJSContext,
169 in nsIURI aTargetURI, in string aClassName,
170 in string aProperty); */
171 NS_IMETHOD CheckConnect(JSContext* aJSContext, nsIURI* aTargetURI,
172 const char* aClassName, const char* aProperty) = 0;
173
174 /**
175 * Check that the script currently running in context "cx" can load "uri".
176 *
177 * Will return error code NS_ERROR_DOM_BAD_URI if the load request
178 * should be denied.
179 *
180 * @param cx the JSContext of the script causing the load
181 * @param uri the URI that is being loaded
182 */
183 /* [noscript] void checkLoadURIFromScript (in JSContextPtr cx,
184 in nsIURI uri); */
185 NS_IMETHOD CheckLoadURIFromScript(JSContext* cx, nsIURI* uri) = 0;
186
187 /**
188 * Default CheckLoadURI permissions
189 */
190 enum { STANDARD = 0U };
191
192 enum { LOAD_IS_AUTOMATIC_DOCUMENT_REPLACEMENT = 1U };
193
194 enum { ALLOW_CHROME = 2U };
195
196 enum { DISALLOW_INHERIT_PRINCIPAL = 4U };
197
198 enum { DISALLOW_SCRIPT_OR_DATA = 4U };
199
200 enum { DISALLOW_SCRIPT = 8U };
201
202 /**
203 * Check that content with principal aPrincipal can load "uri".
204 *
205 * Will return error code NS_ERROR_DOM_BAD_URI if the load request
206 * should be denied.
207 *
208 * @param aPrincipal the principal identifying the actor causing the load
209 * @param uri the URI that is being loaded
210 * @param flags the permission set, see above
211 */
212 /* void checkLoadURIWithPrincipal (in nsIPrincipal aPrincipal, in nsIURI uri,
213 in unsigned long flags); */
214 NS_SCRIPTABLE NS_IMETHOD CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
215 nsIURI* uri, PRUint32 flags) = 0;
216
217 /**
218 * Check that content from "from" can load "uri".
219 *
220 * Will return error code NS_ERROR_DOM_BAD_URI if the load request
221 * should be denied.
222 *
223 * @param from the URI causing the load
224 * @param uri the URI that is being loaded
225 * @param flags the permission set, see above
226 *
227 * @deprecated Use checkLoadURIWithPrincipal instead of this function.
228 */
229 /* void checkLoadURI (in nsIURI from, in nsIURI uri,
230 in unsigned long flags); */
231 NS_SCRIPTABLE NS_IMETHOD CheckLoadURI(nsIURI* from, nsIURI* uri,
232 PRUint32 flags) = 0;
233
234 /**
235 * Similar to checkLoadURIWithPrincipal but there are two differences:
236 *
237 * 1) The URI is a string, not a URI object.
238 * 2) This function assumes that the URI may still be subject to fixup (and
239 * hence will check whether fixed-up versions of the URI are allowed to
240 * load as well); if any of the versions of this URI is not allowed, this
241 * function will return error code NS_ERROR_DOM_BAD_URI.
242 */
243 /* void checkLoadURIStrWithPrincipal (in nsIPrincipal aPrincipal,
244 in AUTF8String uri,
245 in unsigned long flags); */
246 NS_SCRIPTABLE NS_IMETHOD CheckLoadURIStrWithPrincipal(
247 nsIPrincipal* aPrincipal, const nsACString& uri, PRUint32 flags) = 0;
248
249 /**
250 * Same as CheckLoadURI but takes string arguments for ease of use
251 * by scripts
252 *
253 * @deprecated Use checkLoadURIStrWithPrincipal instead of this function.
254 */
255 /* void checkLoadURIStr (in AUTF8String from, in AUTF8String uri,
256 in unsigned long flags); */
257 NS_SCRIPTABLE NS_IMETHOD CheckLoadURIStr(const nsACString& from,
258 const nsACString& uri,
259 PRUint32 flags) = 0;
260
261 /**
262 * Check that the function 'funObj' is allowed to run on 'targetObj'
263 *
264 * Will return error code NS_ERROR_DOM_SECURITY_ERR if the function
265 * should not run
266 *
267 * @param cx The current active JavaScript context.
268 * @param funObj The function trying to run..
269 * @param targetObj The object the function will run on.
270 */
271 /* [noscript] void checkFunctionAccess (in JSContextPtr cx,
272 in voidPtr funObj,
273 in voidPtr targetObj); */
274 NS_IMETHOD CheckFunctionAccess(JSContext* cx, void* funObj,
275 void* targetObj) = 0;
276
277 /**
278 * Return true if content from the given principal is allowed to
279 * execute scripts.
280 */
281 /* [noscript] boolean canExecuteScripts (in JSContextPtr cx,
282 in nsIPrincipal principal); */
283 NS_IMETHOD CanExecuteScripts(JSContext* cx, nsIPrincipal* principal,
284 PRBool* _retval) = 0;
285
286 /**
287 * Return the principal of the innermost frame of the currently
288 * executing script. Will return null if there is no script
289 * currently executing.
290 */
291 /* [noscript] nsIPrincipal getSubjectPrincipal (); */
292 NS_IMETHOD GetSubjectPrincipal(nsIPrincipal** _retval) = 0;
293
294 /**
295 * Return the all-powerful system principal.
296 */
297 /* [noscript] nsIPrincipal getSystemPrincipal (); */
298 NS_IMETHOD GetSystemPrincipal(nsIPrincipal** _retval) = 0;
299
300 /**
301 * Return a principal with the specified certificate fingerprint, subject
302 * name (the full name or concatenated set of names of the entity
303 * represented by the certificate), pretty name, certificate, and
304 * codebase URI. The certificate fingerprint and subject name MUST be
305 * nonempty; otherwise an error will be thrown. Similarly, aCert must
306 * not be null.
307 */
308 /* [noscript] nsIPrincipal getCertificatePrincipal (
309 in AUTF8String aCertFingerprint, in AUTF8String aSubjectName,
310 in AUTF8String aPrettyName, in nsISupports aCert, in nsIURI aURI); */
311 NS_IMETHOD GetCertificatePrincipal(const nsACString& aCertFingerprint,
312 const nsACString& aSubjectName,
313 const nsACString& aPrettyName,
314 nsISupports* aCert,
315 nsIURI* aURI, nsIPrincipal** _retval) = 0;
316
317 /**
318 * Return a principal that has the same origin as aURI.
319 */
320 /* nsIPrincipal getCodebasePrincipal (in nsIURI aURI); */
321 NS_SCRIPTABLE NS_IMETHOD GetCodebasePrincipal(nsIURI* aURI,
322 nsIPrincipal **_retval) = 0;
323
324 /**
325 * Request that 'capability' can be enabled by scripts or applets
326 * running with 'principal'. Will prompt user if
327 * necessary. Returns nsIPrincipal::ENABLE_GRANTED or
328 * nsIPrincipal::ENABLE_DENIED based on user's choice.
329 */
330 /* [noscript] short requestCapability (in nsIPrincipal principal,
331 in string capability); */
332 NS_IMETHOD RequestCapability(nsIPrincipal* principal,
333 const char* capability, PRInt16* _retval) = 0;
334
335 /**
336 * Return true if the currently executing script has 'capability' enabled.
337 */
338 /* boolean isCapabilityEnabled (in string capability); */
339 NS_SCRIPTABLE NS_IMETHOD IsCapabilityEnabled(const char* capability,
340 PRBool* _retval) = 0;
341
342 /**
343 * Enable 'capability' in the innermost frame of the currently executing
344 * script.
345 */
346 /* void enableCapability (in string capability); */
347 NS_SCRIPTABLE NS_IMETHOD EnableCapability(const char* capability) = 0;
348
349 /**
350 * Remove 'capability' from the innermost frame of the currently
351 * executing script. Any setting of 'capability' from enclosing
352 * frames thus comes into effect.
353 */
354 /* void revertCapability (in string capability); */
355 NS_SCRIPTABLE NS_IMETHOD RevertCapability(const char* capability) = 0;
356
357 /**
358 * Disable 'capability' in the innermost frame of the currently executing
359 * script.
360 */
361 /* void disableCapability (in string capability); */
362 NS_SCRIPTABLE NS_IMETHOD DisableCapability(const char* capability) = 0;
363
364 /**
365 * Allow 'certificateID' to enable 'capability.' Can only be performed
366 * by code signed by the system certificate.
367 */
368 /* void setCanEnableCapability (in AUTF8String certificateFingerprint,
369 in string capability, in short canEnable); */
370 NS_SCRIPTABLE NS_IMETHOD SetCanEnableCapability(
371 const nsACString& certificateFingerprint, const char* capability,
372 PRInt16 canEnable) = 0;
373
374 /**
375 * Return the principal of the specified object in the specified context.
376 */
377 /* [noscript] nsIPrincipal getObjectPrincipal (in JSContextPtr cx,
378 in JSObjectPtr obj); */
379 NS_IMETHOD GetObjectPrincipal(JSContext* cx, JSObject* obj,
380 nsIPrincipal** _retval) = 0;
381
382 /**
383 * Returns true if the principal of the currently running script is the
384 * system principal, false otherwise.
385 */
386 /* [noscript] boolean subjectPrincipalIsSystem (); */
387 NS_IMETHOD SubjectPrincipalIsSystem(PRBool* _retval) = 0;
388
389 /**
390 * Returns OK if aJSContext and target have the same "origin"
391 * (scheme, host, and port).
392 */
393 /* [noscript] void checkSameOrigin (in JSContextPtr aJSContext,
394 in nsIURI aTargetURI); */
395 NS_IMETHOD CheckSameOrigin(JSContext* aJSContext, nsIURI* aTargetURI) = 0;
396
397 /**
398 * Returns OK if aSourceURI and target have the same "origin"
399 * (scheme, host, and port).
400 * ReportError flag suppresses error reports for functions that
401 * don't need reporting.
402 */
403 /* void checkSameOriginURI (in nsIURI aSourceURI, in nsIURI aTargetURI,
404 in boolean reportError); */
405 NS_SCRIPTABLE NS_IMETHOD CheckSameOriginURI(nsIURI* aSourceURI,
406 nsIURI* aTargetURI,
407 PRBool reportError) = 0;
408
409 /**
410 * Returns the principal of the global object of the given context, or null
411 * if no global or no principal.
412 */
413 /* [noscript] nsIPrincipal getPrincipalFromContext (in JSContextPtr cx); */
414 NS_IMETHOD GetPrincipalFromContext(JSContext* cx,
415 nsIPrincipal** _retval) = 0;
416
417 /**
418 * Get the principal for the given channel. This will typically be the
419 * channel owner if there is one, and the codebase principal for the
420 * channel's URI otherwise. aChannel must not be null.
421 */
422 /* nsIPrincipal getChannelPrincipal (in nsIChannel aChannel); */
423 NS_SCRIPTABLE NS_IMETHOD GetChannelPrincipal(nsIChannel* aChannel,
424 nsIPrincipal** _retval) = 0;
425
426 /**
427 * Check whether a given principal is a system principal. This allows us
428 * to avoid handing back the system principal to script while allowing
429 * script to check whether a given principal is system.
430 */
431 /* boolean isSystemPrincipal (in nsIPrincipal aPrincipal); */
432 NS_SCRIPTABLE NS_IMETHOD IsSystemPrincipal(nsIPrincipal* aPrincipal,
433 PRBool* _retval) = 0;
434
435 /**
436 * Same as getSubjectPrincipal(), only faster. cx must *never* be
437 * passed null, and it must be the context on the top of the
438 * context stack. Does *not* reference count the returned
439 * principal.
440 */
441 /* [noscript, notxpcom] nsIPrincipal getCxSubjectPrincipal (
442 in JSContextPtr cx); */
443 NS_IMETHOD_(nsIPrincipal *) GetCxSubjectPrincipal(JSContext* cx) = 0;
444
445 };
446
447 NS_DEFINE_STATIC_IID_ACCESSOR(nsIScriptSecurityManager_FF30,
448 NS_ISCRIPTSECURITYMANAGER_IID_FF30);
449
450 ASSOCIATE_IID(NS_ISCRIPTSECURITYMANAGER_IID_STR_FF30,
451 nsIScriptSecurityManager_FF30);
452
453
454 #define NS_ISCRIPTSECURITYMANAGER_IID_STR_FF35 \
455 "f8e350b9-9f31-451a-8c8f-d10fea26b780"
456
457 #define NS_ISCRIPTSECURITYMANAGER_IID_FF35 \
458 {0xf8e350b9, 0x9f31, 0x451a, \
459 { 0x8c, 0x8f, 0xd1, 0x0f, 0xea, 0x26, 0xb7, 0x80 }}
460
461 #ifndef NS_OUTPARAM
462 #define NS_OUTPARAM
463 #endif
464
465 /**
466 * WARNING!! The JEP needs to call GetSubjectPrincipal()
467 * to support JavaScript-to-Java LiveConnect. So every change to the
468 * nsIScriptSecurityManager interface (big enough to change its IID) also
469 * breaks JavaScript-to-Java LiveConnect on mac.
470 *
471 * If you REALLY have to change this interface, please mark your bug as
472 * blocking bug 293973.
473 */
474 class NS_NO_VTABLE NS_SCRIPTABLE nsIScriptSecurityManager_FF35 :
475 public nsIXPCSecurityManager_FF30 {
476 public:
477
478 NS_DECLARE_STATIC_IID_ACCESSOR(NS_ISCRIPTSECURITYMANAGER_IID_FF35)
479
480 /**
481 * Checks whether the running script is allowed to access aProperty.
482 */
483 /* [noscript] void checkPropertyAccess (in JSContextPtr aJSContext,
484 in JSObjectPtr aJSObject,
485 in string aClassName,
486 in JSVal aProperty,
487 in PRUint32 aAction); */
488 NS_IMETHOD CheckPropertyAccess(JSContext* aJSContext, JSObject* aJSObject,
489 const char* aClassName, jsval aProperty,
490 PRUint32 aAction) = 0;
491
492 /**
493 * Checks whether the running script is allowed to connect to aTargetURI
494 */
495 /* [noscript] void checkConnect (in JSContextPtr aJSContext,
496 in nsIURI aTargetURI, in string aClassName,
497 in string aProperty); */
498 NS_IMETHOD CheckConnect(JSContext* aJSContext, nsIURI* aTargetURI,
499 const char* aClassName, const char* aProperty) = 0;
500
501 /**
502 * Check that the script currently running in context "cx" can load "uri".
503 *
504 * Will return error code NS_ERROR_DOM_BAD_URI if the load request
505 * should be denied.
506 *
507 * @param cx the JSContext of the script causing the load
508 * @param uri the URI that is being loaded
509 */
510 /* [noscript] void checkLoadURIFromScript (in JSContextPtr cx,
511 in nsIURI uri); */
512 NS_IMETHOD CheckLoadURIFromScript(JSContext* cx, nsIURI* uri) = 0;
513
514 /**
515 * Default CheckLoadURI permissions
516 */
517 enum { STANDARD = 0U };
518
519 enum { LOAD_IS_AUTOMATIC_DOCUMENT_REPLACEMENT = 1U };
520
521 enum { ALLOW_CHROME = 2U };
522
523 enum { DISALLOW_INHERIT_PRINCIPAL = 4U };
524
525 enum { DISALLOW_SCRIPT_OR_DATA = 4U };
526
527 enum { DISALLOW_SCRIPT = 8U };
528
529 /**
530 * Check that content with principal aPrincipal can load "uri".
531 *
532 * Will return error code NS_ERROR_DOM_BAD_URI if the load request
533 * should be denied.
534 *
535 * @param aPrincipal the principal identifying the actor causing the load
536 * @param uri the URI that is being loaded
537 * @param flags the permission set, see above
538 */
539 /* void checkLoadURIWithPrincipal (in nsIPrincipal aPrincipal, in nsIURI uri,
540 in unsigned long flags); */
541 NS_SCRIPTABLE NS_IMETHOD CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
542 nsIURI* uri,
543 PRUint32 flags) = 0;
544
545 /**
546 * Check that content from "from" can load "uri".
547 *
548 * Will return error code NS_ERROR_DOM_BAD_URI if the load request
549 * should be denied.
550 *
551 * @param from the URI causing the load
552 * @param uri the URI that is being loaded
553 * @param flags the permission set, see above
554 *
555 * @deprecated Use checkLoadURIWithPrincipal instead of this function.
556 */
557 /* void checkLoadURI (in nsIURI from, in nsIURI uri,
558 in unsigned long flags); */
559 NS_SCRIPTABLE NS_IMETHOD CheckLoadURI(nsIURI* from, nsIURI* uri,
560 PRUint32 flags) = 0;
561
562 /**
563 * Similar to checkLoadURIWithPrincipal but there are two differences:
564 *
565 * 1) The URI is a string, not a URI object.
566 * 2) This function assumes that the URI may still be subject to fixup (and
567 * hence will check whether fixed-up versions of the URI are allowed to
568 * load as well); if any of the versions of this URI is not allowed, this
569 * function will return error code NS_ERROR_DOM_BAD_URI.
570 */
571 /* void checkLoadURIStrWithPrincipal (in nsIPrincipal aPrincipal,
572 in AUTF8String uri,
573 in unsigned long flags); */
574 NS_SCRIPTABLE NS_IMETHOD CheckLoadURIStrWithPrincipal(
575 nsIPrincipal* aPrincipal, const nsACString& uri, PRUint32 flags) = 0;
576
577 /**
578 * Same as CheckLoadURI but takes string arguments for ease of use
579 * by scripts
580 *
581 * @deprecated Use checkLoadURIStrWithPrincipal instead of this function.
582 */
583 /* void checkLoadURIStr (in AUTF8String from, in AUTF8String uri,
584 in unsigned long flags); */
585 NS_SCRIPTABLE NS_IMETHOD CheckLoadURIStr(const nsACString& from,
586 const nsACString & uri,
587 PRUint32 flags) = 0;
588
589 /**
590 * Check that the function 'funObj' is allowed to run on 'targetObj'
591 *
592 * Will return error code NS_ERROR_DOM_SECURITY_ERR if the function
593 * should not run
594 *
595 * @param cx The current active JavaScript context.
596 * @param funObj The function trying to run..
597 * @param targetObj The object the function will run on.
598 */
599 /* [noscript] void checkFunctionAccess (in JSContextPtr cx,
600 in voidPtr funObj,
601 in voidPtr targetObj); */
602 NS_IMETHOD CheckFunctionAccess(JSContext* cx, void* funObj,
603 void* targetObj) = 0;
604
605 /**
606 * Return true if content from the given principal is allowed to
607 * execute scripts.
608 */
609 /* [noscript] boolean canExecuteScripts (in JSContextPtr cx,
610 in nsIPrincipal principal); */
611 NS_IMETHOD CanExecuteScripts(JSContext* cx, nsIPrincipal* principal,
612 PRBool* _retval NS_OUTPARAM) = 0;
613
614 /**
615 * Return the principal of the innermost frame of the currently
616 * executing script. Will return null if there is no script
617 * currently executing.
618 */
619 /* [noscript] nsIPrincipal getSubjectPrincipal (); */
620 NS_IMETHOD GetSubjectPrincipal(nsIPrincipal **_retval NS_OUTPARAM) = 0;
621
622 /**
623 * Return the all-powerful system principal.
624 */
625 /* [noscript] nsIPrincipal getSystemPrincipal (); */
626 NS_IMETHOD GetSystemPrincipal(nsIPrincipal **_retval NS_OUTPARAM) = 0;
627
628 /**
629 * Return a principal with the specified certificate fingerprint, subject
630 * name (the full name or concatenated set of names of the entity
631 * represented by the certificate), pretty name, certificate, and
632 * codebase URI. The certificate fingerprint and subject name MUST be
633 * nonempty; otherwise an error will be thrown. Similarly, aCert must
634 * not be null.
635 */
636 /* [noscript] nsIPrincipal getCertificatePrincipal (
637 in AUTF8String aCertFingerprint, in AUTF8String aSubjectName,
638 in AUTF8String aPrettyName, in nsISupports aCert, in nsIURI aURI); */
639 NS_IMETHOD GetCertificatePrincipal(const nsACString& aCertFingerprint,
640 const nsACString& aSubjectName,
641 const nsACString& aPrettyName,
642 nsISupports* aCert, nsIURI *aURI,
643 nsIPrincipal** _retval NS_OUTPARAM) = 0;
644
645 /**
646 * Return a principal that has the same origin as aURI.
647 */
648 /* nsIPrincipal getCodebasePrincipal (in nsIURI aURI); */
649 NS_SCRIPTABLE NS_IMETHOD GetCodebasePrincipal(nsIURI* aURI,
650 nsIPrincipal** _retval NS_OUTPARAM) = 0;
651
652 /**
653 * Request that 'capability' can be enabled by scripts or applets
654 * running with 'principal'. Will prompt user if
655 * necessary. Returns nsIPrincipal::ENABLE_GRANTED or
656 * nsIPrincipal::ENABLE_DENIED based on user's choice.
657 */
658 /* [noscript] short requestCapability (in nsIPrincipal principal,
659 in string capability); */
660 NS_IMETHOD RequestCapability(nsIPrincipal* principal, const char* capability,
661 PRInt16* _retval NS_OUTPARAM) = 0;
662
663 /**
664 * Return true if the currently executing script has 'capability' enabled.
665 */
666 /* boolean isCapabilityEnabled (in string capability); */
667 NS_SCRIPTABLE NS_IMETHOD IsCapabilityEnabled(const char* capability,
668 PRBool* _retval NS_OUTPARAM) = 0;
669
670 /**
671 * Enable 'capability' in the innermost frame of the currently executing
672 * script.
673 */
674 /* void enableCapability (in string capability); */
675 NS_SCRIPTABLE NS_IMETHOD EnableCapability(const char* capability) = 0;
676
677 /**
678 * Remove 'capability' from the innermost frame of the currently
679 * executing script. Any setting of 'capability' from enclosing
680 * frames thus comes into effect.
681 */
682 /* void revertCapability (in string capability); */
683 NS_SCRIPTABLE NS_IMETHOD RevertCapability(const char* capability) = 0;
684
685 /**
686 * Disable 'capability' in the innermost frame of the currently executing
687 * script.
688 */
689 /* void disableCapability (in string capability); */
690 NS_SCRIPTABLE NS_IMETHOD DisableCapability(const char* capability) = 0;
691
692 /**
693 * Allow 'certificateID' to enable 'capability.' Can only be performed
694 * by code signed by the system certificate.
695 */
696 /* void setCanEnableCapability (in AUTF8String certificateFingerprint,
697 in string capability, in short canEnable); */
698 NS_SCRIPTABLE NS_IMETHOD SetCanEnableCapability(
699 const nsACString& certificateFingerprint, const char *capability,
700 PRInt16 canEnable) = 0;
701
702 /**
703 * Return the principal of the specified object in the specified context.
704 */
705 /* [noscript] nsIPrincipal getObjectPrincipal (in JSContextPtr cx,
706 in JSObjectPtr obj); */
707 NS_IMETHOD GetObjectPrincipal(JSContext* cx, JSObject* obj,
708 nsIPrincipal** _retval NS_OUTPARAM) = 0;
709
710 /**
711 * Returns true if the principal of the currently running script is the
712 * system principal, false otherwise.
713 */
714 /* [noscript] boolean subjectPrincipalIsSystem (); */
715 NS_IMETHOD SubjectPrincipalIsSystem(PRBool* _retval NS_OUTPARAM) = 0;
716
717 /**
718 * Returns OK if aJSContext and target have the same "origin"
719 * (scheme, host, and port).
720 */
721 /* [noscript] void checkSameOrigin (in JSContextPtr aJSContext,
722 in nsIURI aTargetURI); */
723 NS_IMETHOD CheckSameOrigin(JSContext* aJSContext, nsIURI* aTargetURI) = 0;
724
725 /**
726 * Returns OK if aSourceURI and target have the same "origin"
727 * (scheme, host, and port).
728 * ReportError flag suppresses error reports for functions that
729 * don't need reporting.
730 */
731 /* void checkSameOriginURI (in nsIURI aSourceURI, in nsIURI aTargetURI,
732 in boolean reportError); */
733 NS_SCRIPTABLE NS_IMETHOD CheckSameOriginURI(nsIURI* aSourceURI,
734 nsIURI* aTargetURI,
735 PRBool reportError) = 0;
736
737 /**
738 * Returns the principal of the global object of the given context, or null
739 * if no global or no principal.
740 */
741 /* [noscript] nsIPrincipal getPrincipalFromContext (in JSContextPtr cx); */
742 NS_IMETHOD GetPrincipalFromContext(JSContext* cx,
743 nsIPrincipal** _retval NS_OUTPARAM) = 0;
744
745 /**
746 * Get the principal for the given channel. This will typically be the
747 * channel owner if there is one, and the codebase principal for the
748 * channel's URI otherwise. aChannel must not be null.
749 */
750 /* nsIPrincipal getChannelPrincipal (in nsIChannel aChannel); */
751 NS_SCRIPTABLE NS_IMETHOD GetChannelPrincipal(nsIChannel* aChannel,
752 nsIPrincipal** _retval NS_OUTPARAM) = 0;
753
754 /**
755 * Check whether a given principal is a system principal. This allows us
756 * to avoid handing back the system principal to script while allowing
757 * script to check whether a given principal is system.
758 */
759 /* boolean isSystemPrincipal (in nsIPrincipal aPrincipal); */
760 NS_SCRIPTABLE NS_IMETHOD IsSystemPrincipal(nsIPrincipal* aPrincipal,
761 PRBool* _retval NS_OUTPARAM) = 0;
762
763 /**
764 * Same as getSubjectPrincipal(), only faster. cx must *never* be
765 * passed null, and it must be the context on the top of the
766 * context stack. Does *not* reference count the returned
767 * principal.
768 */
769 /* [noscript, notxpcom] nsIPrincipal getCxSubjectPrincipal (
770 in JSContextPtr cx); */
771 NS_IMETHOD_(nsIPrincipal*) GetCxSubjectPrincipal(JSContext* cx) = 0;
772
773 /* [noscript, notxpcom] nsIPrincipal getCxSubjectPrincipalAndFrame (in JSContextPtr cx, out JSStackFramePtr fp); */
774 NS_IMETHOD_(nsIPrincipal*) GetCxSubjectPrincipalAndFrame(JSContext* cx,
775 JSStackFrame** fp NS_OUTPARAM) = 0;
776
777 };
778
779 NS_DEFINE_STATIC_IID_ACCESSOR(nsIScriptSecurityManager_FF35,
780 NS_ISCRIPTSECURITYMANAGER_IID_FF35);
781
782 ASSOCIATE_IID(NS_ISCRIPTSECURITYMANAGER_IID_STR_FF35,
783 nsIScriptSecurityManager_FF35);
784
785 #endif // CHROME_FRAME_SCRIPT_SECURITY_MANAGER_H_