This seems to work (tested with the patch from bug 656433). Is it going to cause any security problems? I don't know!
Attachment #532084 - Flags: feedback?(bzbarsky)
Comment on attachment 532084 [details] [diff] [review] patch We actually depend on this code being the way it is to avoid running JS (even in a sandbox) in some contexts. I'd rather not change that behavior right now. For the bug 656433 thing, we'd want to get a null principal in docshell only.
Attachment #532084 - Flags: feedback?(bzbarsky) → feedback-
As discussed on IRC.
Comment on attachment 532274 [details] [diff] [review] patch, with tests r=me
Attachment #532274 - Flags: review?(bzbarsky) → review+
Target Milestone: --- → mozilla6
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Note that there's still a slight annoyance here: the JS loaded in this scenario still won't have an associated window object, so thing like e.g. "javsacript:alert(1+1)" still won't work. We should probably get a followup filed to run them against about:blank somehow.
You need to log in before you can comment on or make changes to this bug.