Same origin policy for XBL

The same origin policy used for XBL documents is different from the policy used for other content. This article provides a description of how the same origin policy for XBL works.

When Mozilla needs to decide whether or not XBL is allowed to be loaded, it looks at the nsIPrincipal originating the load and the nsIURI to be loaded.

Determining the originating principal

The principal originating the load is determined using the following steps:

  • For external stylesheets (<link>, <?xml-stylesheet?>, user sheets, and UA sheets), it depends on where the sheet is loaded from, just like it would for an HTML document loaded from a similar source.
  • For inline stylesheets (<style> and style attributes), the principal of the element node involved (meaning the <style> element or the element whose style attribute is being looked at).
  • For the nsIDOMDocumentXBL interface's nsIDOMDocumentXBL.addBinding() and nsIDOMDocumentXBL.loadBindingDocument() methods, the originating principal is the one of the script making the call, or the principal of the document the call is made on if there isn't a script.

Checks performed

Once the originating principal is determined, checks are done to make sure the load should be allowed. The checks performed are:

  1. If the principal originating the load is the system principal, the load is allowed.
  2. A call to ChecLoadURIWithPrincipal() is done to make sure the principal is able to link to the given URI in the first place.
  3. A content policy check is performed.
  4. If the URI is a chrome: URI, the load is allowed. Note that step 2 already denied the load attempt for cases in which the chrome: URI isn't accessible to untrusted content.
  5. A CheckMayLoad() check is performed on the originating principal for the given URI.

If the CheckMayLoad() check passes, the load is allowed.