At the moment, the privileged content process behaves just like web content processes. We should find a way to ensure that the privileged content process never loads untrusted input (pages, scripts). We have not decided what kind of privileged access do we want to give the privileged content process yet, but we should probably add this restriction first before doing that.
Are you planning on working on this or do you need help from someone with this Jay?
After discussing with :mconley, we think that this will be a NOFIX. We don't plan to give this content process more privileges, and therefore, we do not need to add this restriction. See Bug 1473146.
Status: NEW → RESOLVED
Last Resolved: 11 months ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.