In this add-on, we’d like to allow loading of private internal resources (chrome:// or resource://), which we usually block, into a tab not controllable by any site. Active documents such as (X)HTML or SVG are insecure. JSON preview, image preview and movies on tabs are supposedly not controllable by a website and we intend to whitelist them. All of the insecure and secure documents have a content principal but we need to distinguish tabs that websites can’t access.
https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIContentPolicy
/**
* Should the resource at this location be loaded?
* ShouldLoad will be called before loading the resource at aContentLocation
* to determine whether to start the load at all.
*
* @param aContentType the type of content being tested. This will be one
* one of the TYPE_* constants.
*
* @param aContentLocation the location of the content being checked; must
* not be null
*
* @param aRequestOrigin OPTIONAL. the location of the resource that
* initiated this load request; can be null if
* inapplicable
*
* @param aContext OPTIONAL. the nsIDOMNode or nsIDOMWindow that
* initiated the request, or something that can QI
* to one of those; can be null if inapplicable.
* Note that for navigation events (new windows and
* link clicks), this is the NEW window.
*
* @param aMimeTypeGuess OPTIONAL. a guess for the requested content's
* MIME type, based on information available to
* the request initiator (e.g., an OBJECT's type
* attribute); does not reliably reflect the
* actual MIME type of the requested content
*
* @param aExtra an OPTIONAL argument, pass-through for non-Gecko
* callers to pass extra data to callees.
*
* @param aRequestPrincipal an OPTIONAL argument, defines the principal that
* caused the load. This is optional only for
* non-gecko code: all gecko code should set this
* argument. For navigation events, this is
* the principal of the page that caused this load.
*
* @return ACCEPT or REJECT_*
*
* @note shouldLoad can be called while the DOM and layout of the document
* involved is in an inconsistent state. This means that implementors of
* this method MUST NOT do any of the following:
* 1) Modify the DOM in any way (e.g. setting attributes is a no-no).
* 2) Query any DOM properties that depend on layout (e.g. offset*
* properties).
* 3) Query any DOM properties that depend on style (e.g. computed style).
* 4) Query any DOM properties that depend on the current state of the DOM
* outside the "context" node (e.g. lengths of node lists).
* 5) [JavaScript implementations only] Access properties of any sort on any
* object without using XPCNativeWrapper (either explicitly or
* implicitly). Due to various DOM0 things, this leads to item 4.
* If you do any of these things in your shouldLoad implementation, expect
* unpredictable behavior, possibly including crashes, content not showing
* up, content showing up doubled, etc. If you need to do any of the things
* above, do them off timeout or event.
*/
short shouldLoad(in nsContentPolicyType aContentType,
in nsIURI aContentLocation,
in nsIURI aRequestOrigin,
in nsISupports aContext,
in ACString aMimeTypeGuess,
in nsISupports aExtra,
[optional] in nsIPrincipal aRequestPrincipal);
Thanks.