Bug 416942. Give user and ua sheets the system principal. r+sr=sicking
authorBoris Zbarsky <bzbarsky@mit.edu>
Mon, 16 Mar 2009 21:38:36 -0400
changeset 26242 94678a2f5ae95214abd7b6552e04dece92ea2115
parent 26241 55d159b75f41141d92ad9bb2c52780d082ed11a0
child 26244 844d5410d576b8780f4aa30408a0f2509e7c9749
push idunknown
push userunknown
push dateunknown
bugs416942
milestone1.9.2a1pre
Bug 416942. Give user and ua sheets the system principal. r+sr=sicking
chrome/src/nsChromeRegistry.cpp
content/base/src/nsDocument.cpp
content/xbl/src/nsXBLResourceLoader.cpp
content/xbl/src/nsXBLService.cpp
content/xml/document/src/nsXMLContentSink.cpp
editor/libeditor/html/nsHTMLEditor.cpp
layout/base/nsStyleSheetService.cpp
layout/style/nsCSSLoader.cpp
layout/style/nsCSSLoader.h
layout/style/nsICSSLoader.h
layout/style/nsLayoutStylesheetCache.cpp
--- a/chrome/src/nsChromeRegistry.cpp
+++ b/chrome/src/nsChromeRegistry.cpp
@@ -997,17 +997,18 @@ nsresult nsChromeRegistry::RefreshWindow
 
       nsCOMPtr<nsIURI> uri;
       rv = sheet->GetSheetURI(getter_AddRefs(uri));
       if (NS_FAILED(rv)) return rv;
 
       if (IsChromeURI(uri)) {
         // Reload the sheet.
         nsCOMPtr<nsICSSStyleSheet> newSheet;
-        rv = aCSSLoader->LoadSheetSync(uri, PR_TRUE, getter_AddRefs(newSheet));
+        rv = aCSSLoader->LoadSheetSync(uri, PR_TRUE, PR_TRUE,
+                                       getter_AddRefs(newSheet));
         if (NS_FAILED(rv)) return rv;
         if (newSheet) {
           rv = newAgentSheets.AppendObject(newSheet) ? NS_OK : NS_ERROR_FAILURE;
           if (NS_FAILED(rv)) return rv;
         }
       }
       else {  // Just use the same sheet.
         rv = newAgentSheets.AppendObject(sheet) ? NS_OK : NS_ERROR_FAILURE;
--- a/content/base/src/nsDocument.cpp
+++ b/content/base/src/nsDocument.cpp
@@ -3489,17 +3489,17 @@ nsDocument::EnsureCatalogStyleSheet(cons
           return;
       }
     }
 
     nsCOMPtr<nsIURI> uri;
     NS_NewURI(getter_AddRefs(uri), aStyleSheetURI);
     if (uri) {
       nsCOMPtr<nsICSSStyleSheet> sheet;
-      cssLoader->LoadSheetSync(uri, PR_TRUE, getter_AddRefs(sheet));
+      cssLoader->LoadSheetSync(uri, PR_TRUE, PR_TRUE, getter_AddRefs(sheet));
       if (sheet) {
         BeginUpdate(UPDATE_STYLE);
         AddCatalogStyleSheet(sheet);
         EndUpdate(UPDATE_STYLE);
       }
     }
   }
 }
--- a/content/xbl/src/nsXBLResourceLoader.cpp
+++ b/content/xbl/src/nsXBLResourceLoader.cpp
@@ -54,16 +54,17 @@
 #include "nsNetUtil.h"
 #include "nsGkAtoms.h"
 #include "nsFrameManager.h"
 #include "nsStyleContext.h"
 #include "nsXBLPrototypeBinding.h"
 #include "nsCSSRuleProcessor.h"
 #include "nsContentUtils.h"
 #include "nsStyleSet.h"
+#include "nsIScriptSecurityManager.h"
 
 NS_IMPL_CYCLE_COLLECTION_CLASS(nsXBLResourceLoader)
 NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(nsXBLResourceLoader)
 NS_IMPL_CYCLE_COLLECTION_UNLINK_NSCOMARRAY(mBoundElements)
 NS_IMPL_CYCLE_COLLECTION_UNLINK_END
 NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN(nsXBLResourceLoader)
 NS_IMPL_CYCLE_COLLECTION_TRAVERSE_NSCOMARRAY(mBoundElements)
 NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
@@ -143,23 +144,28 @@ nsXBLResourceLoader::LoadResources(PRBoo
       // Kick off the load of the stylesheet.
 
       // Always load chrome synchronously
       // XXXbz should that still do a content policy check?
       PRBool chrome;
       nsresult rv;
       if (NS_SUCCEEDED(url->SchemeIs("chrome", &chrome)) && chrome)
       {
-        nsCOMPtr<nsICSSStyleSheet> sheet;
-        rv = cssLoader->LoadSheetSync(url, getter_AddRefs(sheet));
-        NS_ASSERTION(NS_SUCCEEDED(rv), "Load failed!!!");
-        if (NS_SUCCEEDED(rv))
-        {
-          rv = StyleSheetLoaded(sheet, PR_FALSE, NS_OK);
-          NS_ASSERTION(NS_SUCCEEDED(rv), "Processing the style sheet failed!!!");
+        rv = nsContentUtils::GetSecurityManager()->
+          CheckLoadURIWithPrincipal(docPrincipal, url,
+                                    nsIScriptSecurityManager::ALLOW_CHROME);
+        if (NS_SUCCEEDED(rv)) {
+          nsCOMPtr<nsICSSStyleSheet> sheet;
+          rv = cssLoader->LoadSheetSync(url, getter_AddRefs(sheet));
+          NS_ASSERTION(NS_SUCCEEDED(rv), "Load failed!!!");
+          if (NS_SUCCEEDED(rv))
+          {
+            rv = StyleSheetLoaded(sheet, PR_FALSE, NS_OK);
+            NS_ASSERTION(NS_SUCCEEDED(rv), "Processing the style sheet failed!!!");
+          }
         }
       }
       else
       {
         rv = cssLoader->LoadSheet(url, docPrincipal, this);
         if (NS_SUCCEEDED(rv))
           ++mPendingSheets;
       }
--- a/content/xbl/src/nsXBLService.cpp
+++ b/content/xbl/src/nsXBLService.cpp
@@ -1109,34 +1109,28 @@ nsXBLService::LoadBindingDocumentInfo(ns
       CheckSecurityBeforeLoad(aBindingURI, aOriginPrincipal,
                               nsIScriptSecurityManager::ALLOW_CHROME,
                               gAllowDataURIs,
                               nsIContentPolicy::TYPE_XBL,
                               aBoundDocument);
     NS_ENSURE_SUCCESS(rv, rv);
 
     // Also make sure that we're same-origin with the bound document
-    // except if the stylesheet is a UA stylesheet. We fake testing
-    // for UA stylesheets by calling CheckLoadURI.
-    nsCOMPtr<nsIURI> principalURI;
-    rv = aOriginPrincipal->GetURI(getter_AddRefs(principalURI));
+    // except if the stylesheet has the system principal.
+    PRBool isSystem;
+    rv = nsContentUtils::GetSecurityManager()->
+      IsSystemPrincipal(aOriginPrincipal, &isSystem);
     NS_ENSURE_SUCCESS(rv, rv);
 
-    if (principalURI &&
+    if (!isSystem &&
         !(gAllowDataURIs && SchemeIs(aBindingURI, "data")) &&
         !SchemeIs(aBindingURI, "chrome")) {
-      nsresult uaCheckRes =
-        nsContentUtils::GetSecurityManager()->
-        CheckLoadURIWithPrincipal(aBoundDocument->NodePrincipal(),
-                                  principalURI, 0);
-      if (NS_SUCCEEDED(uaCheckRes)) {
-        rv = aBoundDocument->NodePrincipal()->CheckMayLoad(aBindingURI,
-                                                           PR_TRUE);
-        NS_ENSURE_SUCCESS(rv, rv);
-      }
+      rv = aBoundDocument->NodePrincipal()->CheckMayLoad(aBindingURI,
+                                                         PR_TRUE);
+      NS_ENSURE_SUCCESS(rv, rv);
     }
   }
 
   *aResult = nsnull;
   nsCOMPtr<nsIXBLDocumentInfo> info;
 
   nsCOMPtr<nsIURI> documentURI;
   rv = aBindingURI->Clone(getter_AddRefs(documentURI));
--- a/content/xml/document/src/nsXMLContentSink.cpp
+++ b/content/xml/document/src/nsXMLContentSink.cpp
@@ -1284,17 +1284,17 @@ nsXMLContentSink::HandleDoctypeDecl(cons
   }
 
   if (aCatalogData && mCSSLoader && mDocument) {
     // bug 124570 - we only expect additional agent sheets for now -- ignore
     // exit codes, error are not fatal here, just that the stylesheet won't apply
     nsCOMPtr<nsIURI> uri(do_QueryInterface(aCatalogData));
     if (uri) {
       nsCOMPtr<nsICSSStyleSheet> sheet;
-      mCSSLoader->LoadSheetSync(uri, PR_TRUE, getter_AddRefs(sheet));
+      mCSSLoader->LoadSheetSync(uri, PR_TRUE, PR_TRUE, getter_AddRefs(sheet));
       
 #ifdef NS_DEBUG
       nsCAutoString uriStr;
       uri->GetSpec(uriStr);
       printf("Loading catalog stylesheet: %s ... %s\n", uriStr.get(), sheet.get() ? "Done" : "Failed");
 #endif
       if (sheet) {
         mDocument->BeginUpdate(UPDATE_STYLE);
--- a/editor/libeditor/html/nsHTMLEditor.cpp
+++ b/editor/libeditor/html/nsHTMLEditor.cpp
@@ -3597,17 +3597,17 @@ nsHTMLEditor::AddOverrideStyleSheet(cons
   rv = NS_NewURI(getter_AddRefs(uaURI), aURL);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // We MUST ONLY load synchronous local files (no @import)
   // XXXbz Except this will actually try to load remote files
   // synchronously, of course..
   nsCOMPtr<nsICSSStyleSheet> sheet;
   // Editor override style sheets may want to style Gecko anonymous boxes
-  rv = cssLoader->LoadSheetSync(uaURI, PR_TRUE, getter_AddRefs(sheet));
+  rv = cssLoader->LoadSheetSync(uaURI, PR_TRUE, PR_TRUE, getter_AddRefs(sheet));
 
   // Synchronous loads should ALWAYS return completed
   if (!sheet)
     return NS_ERROR_NULL_POINTER;
 
   nsCOMPtr<nsIPresShell> ps = do_QueryReferent(mPresShellWeak);
   if (!ps)
     return NS_ERROR_NOT_INITIALIZED;
--- a/layout/base/nsStyleSheetService.cpp
+++ b/layout/base/nsStyleSheetService.cpp
@@ -167,17 +167,17 @@ nsStyleSheetService::LoadAndRegisterShee
 {
   NS_ENSURE_ARG(aSheetType == AGENT_SHEET || aSheetType == USER_SHEET);
   NS_ENSURE_ARG_POINTER(aSheetURI);
 
   nsCOMPtr<nsICSSLoader> loader = do_CreateInstance(kCSSLoaderCID);
   nsCOMPtr<nsICSSStyleSheet> sheet;
   // Allow UA sheets, but not user sheets, to use unsafe rules
   nsresult rv = loader->LoadSheetSync(aSheetURI, aSheetType == AGENT_SHEET,
-                                      getter_AddRefs(sheet));
+                                      PR_TRUE, getter_AddRefs(sheet));
   NS_ENSURE_SUCCESS(rv, rv);
 
   if (!mSheets[aSheetType].AppendObject(sheet)) {
     rv = NS_ERROR_OUT_OF_MEMORY;
   }
 
   return rv;
 }
--- a/layout/style/nsCSSLoader.cpp
+++ b/layout/style/nsCSSLoader.cpp
@@ -161,21 +161,21 @@ SheetLoadData::SheetLoadData(CSSLoaderIm
     mPendingChildren(0),
     mSyncLoad(PR_FALSE),
     mIsNonDocumentSheet(PR_FALSE),
     mIsLoading(PR_FALSE),
     mIsCancelled(PR_FALSE),
     mMustNotify(PR_FALSE),
     mWasAlternate(aIsAlternate),
     mAllowUnsafeRules(PR_FALSE),
+    mUseSystemPrincipal(PR_FALSE),
     mOwningElement(aOwningElement),
     mObserver(aObserver),
     mLoaderPrincipal(aLoaderPrincipal)
 {
-
   NS_PRECONDITION(mLoader, "Must have a loader!");
   NS_ADDREF(mLoader);
 }
 
 SheetLoadData::SheetLoadData(CSSLoaderImpl* aLoader,
                              nsIURI* aURI,
                              nsICSSStyleSheet* aSheet,
                              SheetLoadData* aParentData,
@@ -190,60 +190,68 @@ SheetLoadData::SheetLoadData(CSSLoaderIm
     mPendingChildren(0),
     mSyncLoad(PR_FALSE),
     mIsNonDocumentSheet(PR_FALSE),
     mIsLoading(PR_FALSE),
     mIsCancelled(PR_FALSE),
     mMustNotify(PR_FALSE),
     mWasAlternate(PR_FALSE),
     mAllowUnsafeRules(PR_FALSE),
+    mUseSystemPrincipal(PR_FALSE),
     mOwningElement(nsnull),
     mObserver(aObserver),
     mLoaderPrincipal(aLoaderPrincipal)
 {
-
   NS_PRECONDITION(mLoader, "Must have a loader!");
   NS_ADDREF(mLoader);
   if (mParentData) {
     NS_ADDREF(mParentData);
     mSyncLoad = mParentData->mSyncLoad;
     mIsNonDocumentSheet = mParentData->mIsNonDocumentSheet;
     mAllowUnsafeRules = mParentData->mAllowUnsafeRules;
+    mUseSystemPrincipal = mParentData->mUseSystemPrincipal;
     ++(mParentData->mPendingChildren);
   }
+
+  NS_POSTCONDITION(!mUseSystemPrincipal || mSyncLoad,
+                   "Shouldn't use system principal for async loads");
 }
 
 SheetLoadData::SheetLoadData(CSSLoaderImpl* aLoader,
                              nsIURI* aURI,
                              nsICSSStyleSheet* aSheet,
                              PRBool aSyncLoad,
                              PRBool aAllowUnsafeRules,
+                             PRBool aUseSystemPrincipal,
                              nsICSSLoaderObserver* aObserver,
                              nsIPrincipal* aLoaderPrincipal)
   : mLoader(aLoader),
     mURI(aURI),
     mLineNumber(1),
     mSheet(aSheet),
     mNext(nsnull),
     mParentData(nsnull),
     mPendingChildren(0),
     mSyncLoad(aSyncLoad),
     mIsNonDocumentSheet(PR_TRUE),
     mIsLoading(PR_FALSE),
     mIsCancelled(PR_FALSE),
     mMustNotify(PR_FALSE),
     mWasAlternate(PR_FALSE),
     mAllowUnsafeRules(aAllowUnsafeRules),
+    mUseSystemPrincipal(aUseSystemPrincipal),
     mOwningElement(nsnull),
     mObserver(aObserver),
     mLoaderPrincipal(aLoaderPrincipal)
 {
-
   NS_PRECONDITION(mLoader, "Must have a loader!");
   NS_ADDREF(mLoader);
+
+  NS_POSTCONDITION(!mUseSystemPrincipal || mSyncLoad,
+                   "Shouldn't use system principal for async loads");
 }
 
 SheetLoadData::~SheetLoadData()
 {
   NS_RELEASE(mLoader);
   NS_IF_RELEASE(mParentData);
   NS_IF_RELEASE(mNext);
 }
@@ -1267,16 +1275,18 @@ CSSLoaderImpl::InsertChildSheet(nsICSSSt
 nsresult
 CSSLoaderImpl::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState)
 {
   LOG(("CSSLoaderImpl::LoadSheet"));
   NS_PRECONDITION(aLoadData, "Need a load data");
   NS_PRECONDITION(aLoadData->mURI, "Need a URI to load");
   NS_PRECONDITION(aLoadData->mSheet, "Need a sheet to load into");
   NS_PRECONDITION(aSheetState != eSheetComplete, "Why bother?");
+  NS_PRECONDITION(!aLoadData->mUseSystemPrincipal || aLoadData->mSyncLoad,
+                  "Shouldn't use system principal for async loads");
   NS_ASSERTION(mLoadingDatas.IsInitialized(), "mLoadingDatas should be initialized by now.");
 
   LOG_URI("  Load from: '%s'", aLoadData->mURI);
   
   nsresult rv = NS_OK;  
 
   if (!mDocument && !aLoadData->mIsNonDocumentSheet) {
     // No point starting the load; just release all the data and such.
@@ -1300,20 +1310,26 @@ CSSLoaderImpl::LoadSheet(SheetLoadData* 
     if (NS_FAILED(rv)) {
       LOG_ERROR(("  Failed to open URI synchronously"));
       SheetComplete(aLoadData, rv);
       return rv;
     }
 
     NS_ASSERTION(channel, "NS_OpenURI lied?");
     
-    // Get the principal for this channel
+    // Get the principal for this sheet
     nsCOMPtr<nsIPrincipal> principal;
-    rv = nsContentUtils::GetSecurityManager()->
-      GetChannelPrincipal(channel, getter_AddRefs(principal));
+    if (aLoadData->mUseSystemPrincipal) {
+      rv = nsContentUtils::GetSecurityManager()->
+        GetSystemPrincipal(getter_AddRefs(principal));
+    } else {
+      rv = nsContentUtils::GetSecurityManager()->
+        GetChannelPrincipal(channel, getter_AddRefs(principal));
+    }
+
     if (NS_FAILED(rv)) {
       LOG_ERROR(("  Failed to get a principal for the sheet"));
       SheetComplete(aLoadData, rv);
       return rv;
     }
 
     aLoadData->mSheet->SetPrincipal(principal);
 
@@ -1968,54 +1984,61 @@ CSSLoaderImpl::LoadChildSheet(nsICSSStyl
   if (!syncLoad) {
     data->mMustNotify = PR_TRUE;
   }
   return rv;  
 }
 
 NS_IMETHODIMP
 CSSLoaderImpl::LoadSheetSync(nsIURI* aURL, PRBool aAllowUnsafeRules,
+                             PRBool aUseSystemPrincipal,
                              nsICSSStyleSheet** aSheet)
 {
   LOG(("CSSLoaderImpl::LoadSheetSync"));
-  return InternalLoadNonDocumentSheet(aURL, aAllowUnsafeRules, nsnull,
+  return InternalLoadNonDocumentSheet(aURL, aAllowUnsafeRules,
+                                      aUseSystemPrincipal, nsnull,
                                       aSheet, nsnull);
 }
 
 NS_IMETHODIMP
 CSSLoaderImpl::LoadSheet(nsIURI* aURL,
                          nsIPrincipal* aOriginPrincipal,
                          nsICSSLoaderObserver* aObserver,
                          nsICSSStyleSheet** aSheet)
 {
   LOG(("CSSLoaderImpl::LoadSheet(aURL, aObserver, aSheet) api call"));
   NS_PRECONDITION(aSheet, "aSheet is null");
-  return InternalLoadNonDocumentSheet(aURL, PR_FALSE, aOriginPrincipal,
+  return InternalLoadNonDocumentSheet(aURL, PR_FALSE, PR_FALSE,
+                                      aOriginPrincipal,
                                       aSheet, aObserver);
 }
 
 NS_IMETHODIMP
 CSSLoaderImpl::LoadSheet(nsIURI* aURL,
                          nsIPrincipal* aOriginPrincipal,
                          nsICSSLoaderObserver* aObserver)
 {
   LOG(("CSSLoaderImpl::LoadSheet(aURL, aObserver) api call"));
-  return InternalLoadNonDocumentSheet(aURL, PR_FALSE, aOriginPrincipal,
+  return InternalLoadNonDocumentSheet(aURL, PR_FALSE, PR_FALSE,
+                                      aOriginPrincipal,
                                       nsnull, aObserver);
 }
 
 nsresult
 CSSLoaderImpl::InternalLoadNonDocumentSheet(nsIURI* aURL, 
                                             PRBool aAllowUnsafeRules,
+                                            PRBool aUseSystemPrincipal,
                                             nsIPrincipal* aOriginPrincipal,
                                             nsICSSStyleSheet** aSheet,
                                             nsICSSLoaderObserver* aObserver)
 {
   NS_PRECONDITION(aURL, "Must have a URI to load");
   NS_PRECONDITION(aSheet || aObserver, "Sheet and observer can't both be null");
+  NS_PRECONDITION(!aUseSystemPrincipal || !aObserver,
+                  "Shouldn't load system-principal sheets async");
   NS_ASSERTION(mParsingDatas.Length() == 0, "We're in the middle of a parse?");
 
   LOG_URI("  Non-document sheet uri: '%s'", aURL);
   
   if (aSheet) {
     *aSheet = nsnull;
   }
   
@@ -2049,17 +2072,17 @@ CSSLoaderImpl::InternalLoadNonDocumentSh
     if (aSheet) {
       sheet.swap(*aSheet);
     }
     return rv;
   }
 
   SheetLoadData* data =
     new SheetLoadData(this, aURL, sheet, syncLoad, aAllowUnsafeRules,
-                      aObserver, aOriginPrincipal);
+                      aUseSystemPrincipal, aObserver, aOriginPrincipal);
 
   if (!data) {
     sheet->SetComplete();
     return NS_ERROR_OUT_OF_MEMORY;
   }
   
   NS_ADDREF(data);
   rv = LoadSheet(data, state);
--- a/layout/style/nsCSSLoader.h
+++ b/layout/style/nsCSSLoader.h
@@ -130,16 +130,17 @@ public:
                 nsIPrincipal* aLoaderPrincipal);
 
   // Data for loading a non-document sheet
   SheetLoadData(CSSLoaderImpl* aLoader,
                 nsIURI* aURI,
                 nsICSSStyleSheet* aSheet,
                 PRBool aSyncLoad,
                 PRBool aAllowUnsafeRules,
+                PRBool aUseSystemPrincipal,
                 nsICSSLoaderObserver* aObserver,
                 nsIPrincipal* aLoaderPrincipal);
 
   already_AddRefed<nsIURI> GetReferrerURI();
   
   NS_DECL_ISUPPORTS
   NS_DECL_NSIRUNNABLE
   NS_DECL_NSIUNICHARSTREAMLOADEROBSERVER
@@ -202,16 +203,21 @@ public:
   
   // mWasAlternate is true if the sheet was an alternate when the load data was
   // created.
   PRPackedBool               mWasAlternate : 1;
   
   // mAllowUnsafeRules is true if we should allow unsafe rules to be parsed
   // in the loaded sheet.
   PRPackedBool               mAllowUnsafeRules : 1;
+
+  // mUseSystemPrincipal is true if the system principal should be used for
+  // this sheet, no matter what the channel principal is.  Only true for sync
+  // loads.
+  PRPackedBool               mUseSystemPrincipal : 1;
   
   // This is the element that imported the sheet.  Needed to get the
   // charset set on it.
   nsCOMPtr<nsIStyleSheetLinkingElement> mOwningElement;
 
   // The observer that wishes to be notified of load completion
   nsCOMPtr<nsICSSLoaderObserver>        mObserver;
 
@@ -334,16 +340,17 @@ public:
                            PRBool* aIsAlternate);
 
   NS_IMETHOD LoadChildSheet(nsICSSStyleSheet* aParentSheet,
                             nsIURI* aURL, 
                             nsMediaList* aMedia,
                             nsICSSImportRule* aRule);
 
   NS_IMETHOD LoadSheetSync(nsIURI* aURL, PRBool aAllowUnsafeRules,
+                           PRBool aUseSystemPrincipal,
                            nsICSSStyleSheet** aSheet);
 
   NS_IMETHOD LoadSheet(nsIURI* aURL,
                        nsIPrincipal* aOriginPrincipal,
                        nsICSSLoaderObserver* aObserver,
                        nsICSSStyleSheet** aSheet);
 
   NS_IMETHOD LoadSheet(nsIURI* aURL,
@@ -410,16 +417,17 @@ private:
                             nsIDocument* aDocument);
 
   nsresult InsertChildSheet(nsICSSStyleSheet* aSheet,
                             nsICSSStyleSheet* aParentSheet,
                             nsICSSImportRule* aParentRule);
 
   nsresult InternalLoadNonDocumentSheet(nsIURI* aURL,
                                         PRBool aAllowUnsafeRules,
+                                        PRBool aUseSystemPrincipal,
                                         nsIPrincipal* aOriginPrincipal,
                                         nsICSSStyleSheet** aSheet,
                                         nsICSSLoaderObserver* aObserver);
 
   // Post a load event for aObserver to be notified about aSheet.  The
   // notification will be sent with status NS_OK unless the load event is
   // canceled at some point (in which case it will be sent with
   // NS_BINDING_ABORTED).  aWasAlternate indicates the state when the load was
--- a/layout/style/nsICSSLoader.h
+++ b/layout/style/nsICSSLoader.h
@@ -53,20 +53,20 @@ class nsIContent;
 class nsIDocument;
 class nsIUnicharInputStream;
 class nsICSSLoaderObserver;
 class nsMediaList;
 class nsICSSImportRule;
 class nsIPrincipal;
 
 // IID for the nsICSSLoader interface
-// 0c6d7e76-dddc-4727-b557-7ef531127e11
+// 51735c82-f3d9-4237-9a81-f5bdaf4865c5
 #define NS_ICSS_LOADER_IID     \
-{ 0x0c6d7e76, 0xdddc, 0x4727, \
- { 0xb5, 0x57, 0x7e, 0xf5, 0x31, 0x12, 0x7e, 0x11 } }
+{ 0x51735c82, 0xf3d9, 0x4237, \
+ { 0x9a, 0x81, 0xf5, 0xbd, 0xaf, 0x48, 0x65, 0xc5 } }
 
 typedef void (*nsCSSLoaderCallbackFunc)(nsICSSStyleSheet* aSheet, void *aData, PRBool aDidNotify);
 
 class nsICSSLoader : public nsISupports {
 public:
   NS_DECLARE_STATIC_IID_ACCESSOR(NS_ICSS_LOADER_IID)
 
   NS_IMETHOD Init(nsIDocument* aDocument) = 0;
@@ -164,41 +164,44 @@ public:
   /**
    * Synchronously load and return the stylesheet at aURL.  Any child sheets
    * will also be loaded synchronously.  Note that synchronous loads over some
    * protocols may involve spinning up a new event loop, so use of this method
    * does NOT guarantee not receiving any events before the sheet loads.  This
    * method can be used to load sheets not associated with a document.
    *
    * @param aURL the URL of the sheet to load
-   * @param [out] aSheet the loaded, complete sheet.
    * @param aEnableUnsafeRules whether unsafe rules are enabled for this
    * sheet load
    * Unsafe rules are rules that can violate key Gecko invariants if misused.
    * In particular, most anonymous box pseudoelements must be very carefully
    * styled or we will have severe problems. Therefore unsafe rules should
    * never be enabled for stylesheets controlled by untrusted sites; preferably
    * unsafe rules should only be enabled for agent sheets.
+   * @param aUseSystemPrincipal if true, give the resulting sheet the system
+   * principal no matter where it's being loaded from.
+   * @param [out] aSheet the loaded, complete sheet.
    *
    * NOTE: At the moment, this method assumes the sheet will be UTF-8, but
    * ideally it would allow arbitrary encodings.  Callers should NOT depend on
    * non-UTF8 sheets being treated as UTF-8 by this method.
    *
    * NOTE: A successful return from this method doesn't indicate anything about
    * whether the data could be parsed as CSS and doesn't indicate anything
    * about the status of child sheets of the returned sheet.
    */
   NS_IMETHOD LoadSheetSync(nsIURI* aURL, PRBool aEnableUnsafeRules,
+                           PRBool aUseSystemPrincipal,
                            nsICSSStyleSheet** aSheet) = 0;
 
   /**
-   * As above, but aEnableUnsafeRules is assumed false.
+   * As above, but aUseSystemPrincipal and aEnableUnsafeRules are assumed false.
    */
   nsresult LoadSheetSync(nsIURI* aURL, nsICSSStyleSheet** aSheet) {
-    return LoadSheetSync(aURL, PR_FALSE, aSheet);
+    return LoadSheetSync(aURL, PR_FALSE, PR_FALSE, aSheet);
   }
 
   /**
    * Asynchronously load the stylesheet at aURL.  If a successful result is
    * returned, aObserver is guaranteed to be notified asynchronously once the
    * sheet is loaded and marked complete.  This method can be used to load
    * sheets not associated with a document.
    *
--- a/layout/style/nsLayoutStylesheetCache.cpp
+++ b/layout/style/nsLayoutStylesheetCache.cpp
@@ -253,17 +253,18 @@ nsLayoutStylesheetCache::LoadSheet(nsIUR
     NS_ERROR("Null URI. Out of memory?");
     return;
   }
 
   if (!gCSSLoader)
     NS_NewCSSLoader(&gCSSLoader);
 
   if (gCSSLoader) {
-    gCSSLoader->LoadSheetSync(aURI, aEnableUnsafeRules, getter_AddRefs(aSheet));
+    gCSSLoader->LoadSheetSync(aURI, aEnableUnsafeRules, PR_TRUE,
+                              getter_AddRefs(aSheet));
   }
 }  
 
 nsLayoutStylesheetCache*
 nsLayoutStylesheetCache::gStyleCache = nsnull;
 
 nsICSSLoader*
 nsLayoutStylesheetCache::gCSSLoader = nsnull;