nsISecurityCheckedComponent

Provides methods that let an XPCOM component define custom rules for accessing it from potentially unprivileged code.
Inherits from: nsISupports Last changed in Gecko 1.7

Capability strings

In Gecko, a "capability" is a string identifying a set of actions that code is allowed to perform.  Two examples:

  1. Code that has the "UniversalXPConnect" capability is allowed to access all of XPCOM.  This includes creating instances of arbitrary XPCOM objects and calling methods and setting properties on them.
  2. Code that has the "UniversalBrowserRead" capability is allowed to perform certain actions that allow it to read information from the local system.  For example, this capability allows code to set the value of <input type="file"> and access an arbitrary file on disk.

Standard web pages have no special capabilities.  Extensions can define their own capabilities and use this interface to only allow access to code trusted with that capability.  The two special return values of '"allAccess" or "noAccess" unconditionally allow or deny access to the operation.  All code has the "allAccess" capability, and no code has the "noAccess" capability.

This interface is used in Mozilla by XPConnect and a handful of things that need special handing (XUL controllers, the UI for the <video> tag, etc.).

Method overview

string canCallMethod(in nsIIDPtr iid, in wstring methodName);
string canCreateWrapper(in nsIIDPtr iid);
string canGetProperty(in nsIIDPtr iid, in wstring propertyName);
string canSetProperty(in nsIIDPtr iid, in wstring propertyName);

Methods

canCallMethod()

Returns a capability string indicating what permissions are required to call the specified method on the given interface.

string canCallMethod(
  in nsIIDPtr iid,
  in wstring methodName
);
Parameters
iid
The IID of the interface this method exists on.
methodName
The name of the method to be called on the interface.
Return value

The capability required to call this method. See Capability strings for details.

canCreateWrapper()

Returns a string indicating what permissions are required to create a wrapper for the given interface.

string canCreateWrapper(
  in nsIIDPtr iid
);
Parameters
iid
The interface to reflect into JavaScript.
Return value

The capability required to reflect this interface.  Note that if wrapper creation is prevented, the properties and methods will not be defined on the JavaScript object, whereas if wrapper creation succeeds but methods/properties are prevented, the properties and methods will be visible, not not usable. See Capability strings for details.

canGetProperty()

Returns the permissions required to get the specified property on the given interface.

string canGetProperty(
  in nsIIDPtr iid,
  in wstring propertyName
);
Parameters
iid
The interface that the property to get exists on.
propertyName
The name of the property to be retrieved on this interface.
Return value

The capability required to get the property. See Capability strings for details.

canSetProperty()

Returns the permissions required to set the specified property on the given interface.

string canSetProperty(
  in nsIIDPtr iid,
  in wstring propertyName
);
Parameters
iid
The interface that the property to set exists on.
propertyName
The name of the property to be set on this interface.
Return value

The capability required to set the property. See Capability strings for details.

Document Tags and Contributors

 Contributors to this page: Sheppy, khuey, trevorh, Eff2k5
 Last updated by: Sheppy,