Content script isn't allowed to use the window.open("", "", "alwaysRaised") feature even with expanded privileges.
Created attachment 168428 [details] testcase If the user allows the expanded privileges requested by the script in this testcase, one of the protected window.open features (titlebar) is accepted, but the other (alwaysRaised) is not. (Note that, last I checked, this testcase proves nothing on *nix builds, which don't support top-level window z-level at all.)
Oops. Yeah, the testcase doesn't work when served via HTTP. To test, you'll have to download it and run it off a local drive or set signed.applets.codebase_principal_support true.
Created attachment 411879 [details] [diff] [review] Patch
Comment on attachment 411879 [details] [diff] [review] Patch As per bug 42557 comment #15 ;-)
Shouldn't this be testable?