In bug 411092, I added some code that assumed that all scripts have principals. In theory, that's nice, but in practice, event handlers (such as <body onload>) do not have principals. This was causing the test boxes to go orange. I checked in a null check to avoid the crash and the null check is correct for the common case, but I worry that it might not always be correct.
Created attachment 300245 [details] [diff] [review]
This patch makes us use the callee object if there are no principals in the script. I think that we want to use the script principals over the callee because the filename will be privileged even if the callee has been cloned into an untrusted context.
jst, if you agree, could you approve this as well?
Blake, do you want me to land this one for you?
Fix checked in.
branch version of 411092 checked in.
Verified in bug 411092.