The current setup is stupid. We do the following: 1) In nsScriptSecurityManager::CreateCodebasePrincipal we use the contractid instead of just creating a nullprincipal directly. 2) In nsNullPrincipal we end up creating a URI string to pass to nsNullPrincipalURI, which then just parses it apart. That's silly.
You need to log in before you can comment on or make changes to this bug.