Please report any other irregularities here.
Accesses of window.location aren't causing a call to canAccess() in the security manager, nor are accesses of properties defined in scripts.
Upping severity to blocker. If not fixed, this will allow some pretty bad privacy violations.
Severity: normal → blocker
Mitch, what security manager methods should I call in the scriptable helper code? And when? On setting a property and getting a property, any other cases?
Look at nsIXPCSecurityManager; the names of the functions are pretty self-explanatory. THose are the functions we should be calling.
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED
Johhney or Mitch, could you please verify this one ?
Verified. I've re-tested this.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.