As discussed in bug 463504, we need to mark SeaMonkey content as package contentaccessible to allow for example new cert error page access it's files.
I think we should create a new package for this, even if the package contains no files and uses overrides (like the messagebody package does).
I'm still not convinced that we can't just make communicator contentaccessible - what's the security violation scenario of someone accessing contents of that package when all the code to it is open anyway and execution with chrome privileges is prohibited through other mechanism?
When philor wanted to fix smileys we decided to create a separate package instead of making messenger contentaccessible like the way global and browser are because that felt sloppy (quoted from IRC). It actually only needed one line in jar.mn: content messagebody %content/messagebody/ contentaccessible=yes Actually, we made messageBody.css a chrome override, but you get the idea from content/messagebody/addressbook/print.css (addrbook/resources/content/print.css)
I see communicator/ being contentaccessible, so works for me :P
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.