Backout ea6db8f420c0 (bug 770831), b51c79ee0883 (bug 774957), 020f6ed5958b (bug 758258), 11d8e19e1fca (bug 758258), 707fc51bfe2e (bug 775354), 489d944a6fe6 (bug 327244), be7df3c9d50f (bug 327244) for m-oth orange
authorEd Morley <emorley@mozilla.com>
Thu, 19 Jul 2012 08:29:48 +0100
changeset 102891 935ab1c410932de11a74d9f29c19ee61e00f1e97
parent 102890 e6068bdf82687537ec1a935d331df10f9a531812
child 102892 adc555d8841c2b79b80df752f1fb050c9dbb9163
push idunknown
push userunknown
push dateunknown
bugs770831, 774957, 758258, 775354, 327244
milestone17.0a1
backs outea6db8f420c08c38009c7674d958e64d1f254579
Backout ea6db8f420c0 (bug 770831), b51c79ee0883 (bug 774957), 020f6ed5958b (bug 758258), 11d8e19e1fca (bug 758258), 707fc51bfe2e (bug 775354), 489d944a6fe6 (bug 327244), be7df3c9d50f (bug 327244) for m-oth orange
caps/idl/nsIScriptSecurityManager.idl
caps/include/nsPrincipal.h
caps/src/nsPrincipal.cpp
caps/src/nsScriptSecurityManager.cpp
caps/tests/mochitest/Makefile.in
caps/tests/mochitest/test_principal_extendedorigin_appid_appstatus.html
content/base/src/contentAreaDropListener.js
content/base/src/nsDocument.cpp
content/base/src/nsFrameLoader.cpp
content/xslt/src/xslt/txMozillaXMLOutput.cpp
docshell/base/nsDSURIContentListener.cpp
docshell/base/nsDocShell.cpp
docshell/base/nsDocShell.h
docshell/base/nsIDocShell.idl
docshell/base/nsIRefreshURI.idl
dom/apps/src/Webapps.jsm
dom/base/nsGlobalWindow.cpp
dom/browser-element/BrowserElementChild.js
dom/interfaces/apps/nsIAppsService.idl
dom/ipc/TabChild.cpp
ipc/testshell/XPCShellEnvironment.cpp
js/xpconnect/shell/xpcshell.cpp
layout/tools/reftest/reftest.js
toolkit/components/social/FrameWorker.jsm
toolkit/content/nsDragAndDrop.js
toolkit/identity/Sandbox.jsm
xpfe/appshell/src/nsContentTreeOwner.cpp
--- a/caps/idl/nsIScriptSecurityManager.idl
+++ b/caps/idl/nsIScriptSecurityManager.idl
@@ -4,17 +4,17 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsISupports.idl"
 #include "nsIPrincipal.idl"
 #include "nsIXPCSecurityManager.idl"
 interface nsIURI;
 interface nsIChannel;
 
-[scriptable, uuid(bd94820d-4fd5-4d57-a40e-406ee72d27b7)]
+[scriptable, uuid(cdb27711-492b-4973-938b-de81ac124658)]
 interface nsIScriptSecurityManager : nsIXPCSecurityManager
 {
     ///////////////// Security Checks //////////////////
     /**
      * Checks whether the running script is allowed to access aProperty.
      */
     [noscript] void checkPropertyAccess(in JSContextPtr aJSContext,
                                         in JSObjectPtr aJSObject,
@@ -80,29 +80,53 @@ interface nsIScriptSecurityManager : nsI
      * @param uri the URI that is being loaded
      * @param flags the permission set, see above
      */
     void checkLoadURIWithPrincipal(in nsIPrincipal aPrincipal,
                                    in nsIURI uri,
                                    in unsigned long flags);
 
     /**
+     * Check that content from "from" can load "uri".
+     *
+     * Will return error code NS_ERROR_DOM_BAD_URI if the load request
+     * should be denied.
+     *
+     * @param from the URI causing the load
+     * @param uri the URI that is being loaded
+     * @param flags the permission set, see above
+     *
+     * @deprecated Use checkLoadURIWithPrincipal instead of this function.
+     */
+    [deprecated] void checkLoadURI(in nsIURI from, in nsIURI uri,
+                                   in unsigned long flags);
+
+    /**
      * Similar to checkLoadURIWithPrincipal but there are two differences:
      *
      * 1) The URI is a string, not a URI object.
      * 2) This function assumes that the URI may still be subject to fixup (and
      * hence will check whether fixed-up versions of the URI are allowed to
      * load as well); if any of the versions of this URI is not allowed, this
      * function will return error code NS_ERROR_DOM_BAD_URI.
      */
     void checkLoadURIStrWithPrincipal(in nsIPrincipal aPrincipal,
                                       in AUTF8String uri,
                                       in unsigned long flags);
 
     /**
+     * Same as CheckLoadURI but takes string arguments for ease of use
+     * by scripts
+     *
+     * @deprecated Use checkLoadURIStrWithPrincipal instead of this function.
+     */
+    [deprecated] void checkLoadURIStr(in AUTF8String from, in AUTF8String uri,
+                                      in unsigned long flags);
+
+    /**
      * Check that the function 'funObj' is allowed to run on 'targetObj'
      *
      * Will return error code NS_ERROR_DOM_SECURITY_ERR if the function
      * should not run
      *
      * @param cx The current active JavaScript context.
      * @param funObj The function trying to run..
      * @param targetObj The object the function will run on.
@@ -231,26 +255,14 @@ interface nsIScriptSecurityManager : nsI
      * Same as getSubjectPrincipal(), only faster. cx must *never* be
      * passed null, and it must be the context on the top of the
      * context stack. Does *not* reference count the returned
      * principal.
      */
     [noscript,notxpcom] nsIPrincipal getCxSubjectPrincipal(in JSContextPtr cx);
     [noscript,notxpcom] nsIPrincipal getCxSubjectPrincipalAndFrame(in JSContextPtr cx,
                                                                    out JSStackFramePtr fp);
-
-
-    const unsigned long NO_APP_ID = 0;
-    const unsigned long UNKNOWN_APP_ID = 4294967295; // PR_UINT32_MAX
-
-    /**
-     * Returns the extended origin for the uri.
-     * appId can be NO_APP_ID, UNKWOWN_APP_ID or a valid app id.
-     * inMozBrowser has to be true if the uri is inside a mozbrowser iframe.
-     */
-    AUTF8String getExtendedOrigin(in nsIURI uri, in unsigned long appId,
-                                  in boolean inMozBrowser);
 };
 
 %{C++
 #define NS_SCRIPTSECURITYMANAGER_CONTRACTID "@mozilla.org/scriptsecuritymanager;1"
 #define NS_SCRIPTSECURITYMANAGER_CLASSNAME "scriptsecuritymanager"
 %}
--- a/caps/include/nsPrincipal.h
+++ b/caps/include/nsPrincipal.h
@@ -148,21 +148,16 @@ public:
                               const char* aDeniedList,
                               nsISupports* aCert,
                               bool aIsCert,
                               bool aTrusted);
 
   virtual void GetScriptLocation(nsACString& aStr) MOZ_OVERRIDE;
   void SetURI(nsIURI* aURI);
 
-  /**
-   * Computes the puny-encoded origin of aURI.
-   */
-  static nsresult GetOriginForURI(nsIURI* aURI, char **aOrigin);
-
   nsCOMPtr<nsIURI> mDomain;
   nsCOMPtr<nsIURI> mCodebase;
   // If mCodebaseImmutable is true, mCodebase is non-null and immutable
   bool mCodebaseImmutable;
   bool mDomainImmutable;
   bool mInitialized;
 };
 
--- a/caps/src/nsPrincipal.cpp
+++ b/caps/src/nsPrincipal.cpp
@@ -651,86 +651,78 @@ nsPrincipal::GetScriptLocation(nsACStrin
 {
   if (mCert) {
     aStr.Assign(mCert->fingerprint);
   } else {
     mCodebase->GetSpec(aStr);
   }
 }
 
-/* static */ nsresult
-nsPrincipal::GetOriginForURI(nsIURI* aURI, char **aOrigin)
+NS_IMETHODIMP
+nsPrincipal::GetOrigin(char **aOrigin)
 {
-  if (!aURI) {
-    return NS_ERROR_FAILURE;
-  }
-
   *aOrigin = nsnull;
 
-  nsCOMPtr<nsIURI> origin = NS_GetInnermostURI(aURI);
+  nsCOMPtr<nsIURI> origin;
+  if (mCodebase) {
+    origin = NS_GetInnermostURI(mCodebase);
+  }
+  
   if (!origin) {
+    NS_ASSERTION(mCert, "No Domain or Codebase for a non-cert principal");
     return NS_ERROR_FAILURE;
   }
 
   nsCAutoString hostPort;
 
   // chrome: URLs don't have a meaningful origin, so make
   // sure we just get the full spec for them.
   // XXX this should be removed in favor of the solution in
   // bug 160042.
   bool isChrome;
   nsresult rv = origin->SchemeIs("chrome", &isChrome);
   if (NS_SUCCEEDED(rv) && !isChrome) {
     rv = origin->GetAsciiHost(hostPort);
     // Some implementations return an empty string, treat it as no support
     // for asciiHost by that implementation.
-    if (hostPort.IsEmpty()) {
+    if (hostPort.IsEmpty())
       rv = NS_ERROR_FAILURE;
-    }
   }
 
   PRInt32 port;
   if (NS_SUCCEEDED(rv) && !isChrome) {
     rv = origin->GetPort(&port);
   }
 
   if (NS_SUCCEEDED(rv) && !isChrome) {
     if (port != -1) {
       hostPort.AppendLiteral(":");
       hostPort.AppendInt(port, 10);
     }
 
     nsCAutoString scheme;
     rv = origin->GetScheme(scheme);
     NS_ENSURE_SUCCESS(rv, rv);
-
     *aOrigin = ToNewCString(scheme + NS_LITERAL_CSTRING("://") + hostPort);
   }
   else {
     // Some URIs (e.g., nsSimpleURI) don't support asciiHost. Just
     // get the full spec.
     nsCAutoString spec;
     // XXX nsMozIconURI and nsJARURI don't implement this correctly, they
     // both fall back to GetSpec.  That needs to be fixed.
     rv = origin->GetAsciiSpec(spec);
     NS_ENSURE_SUCCESS(rv, rv);
-
     *aOrigin = ToNewCString(spec);
   }
 
   return *aOrigin ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
 }
 
 NS_IMETHODIMP
-nsPrincipal::GetOrigin(char **aOrigin)
-{
-  return GetOriginForURI(mCodebase, aOrigin);
-}
-
-NS_IMETHODIMP
 nsPrincipal::Equals(nsIPrincipal *aOther, bool *aResult)
 {
   if (!aOther) {
     NS_WARNING("Need a principal to compare this to!");
     *aResult = false;
     return NS_OK;
   }
 
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@@ -55,17 +55,16 @@
 #include "nsCDefaultURIFixup.h"
 #include "nsIChromeRegistry.h"
 #include "nsIContentSecurityPolicy.h"
 #include "nsIAsyncVerifyRedirectCallback.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/dom/BindingUtils.h"
 #include "mozilla/StandardInteger.h"
 #include "mozilla/ClearOnShutdown.h"
-#include "nsIAppsService.h"
 
 using namespace mozilla;
 using namespace mozilla::dom;
 
 static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID);
 
 nsIIOService    *nsScriptSecurityManager::sIOService = nsnull;
 nsIXPConnect    *nsScriptSecurityManager::sXPConnect = nsnull;
@@ -1258,16 +1257,35 @@ nsScriptSecurityManager::CheckLoadURIFro
         return NS_ERROR_FAILURE;
     nsCAutoString msg("Access to '");
     msg.Append(spec);
     msg.AppendLiteral("' from script denied");
     SetPendingException(cx, msg.get());
     return NS_ERROR_DOM_BAD_URI;
 }
 
+NS_IMETHODIMP
+nsScriptSecurityManager::CheckLoadURI(nsIURI *aSourceURI, nsIURI *aTargetURI,
+                                      PRUint32 aFlags)
+{
+    // FIXME: bug 327244 -- this function should really die...  Really truly.
+    NS_PRECONDITION(aSourceURI, "CheckLoadURI called with null source URI");
+    NS_ENSURE_ARG_POINTER(aSourceURI);
+
+    // Note: this is not _quite_ right if aSourceURI has
+    // NS_NULLPRINCIPAL_SCHEME, but we'll just extract the scheme in
+    // CheckLoadURIWithPrincipal anyway, so this is good enough.  This method
+    // really needs to go away....
+    nsCOMPtr<nsIPrincipal> sourcePrincipal;
+    nsresult rv = CreateCodebasePrincipal(aSourceURI,
+                                          getter_AddRefs(sourcePrincipal));
+    NS_ENSURE_SUCCESS(rv, rv);
+    return CheckLoadURIWithPrincipal(sourcePrincipal, aTargetURI, aFlags);
+}
+
 /**
  * Helper method to handle cases where a flag passed to
  * CheckLoadURIWithPrincipal means denying loading if the given URI has certain
  * nsIProtocolHandler flags set.
  * @return if success, access is allowed. Otherwise, deny access
  */
 static nsresult
 DenyAccessIfURIHasFlags(nsIURI* aURI, PRUint32 aURIFlags)
@@ -1565,16 +1583,40 @@ nsScriptSecurityManager::ReportError(JSC
 #ifdef DEBUG
         fprintf(stderr, "%s\n", NS_LossyConvertUTF16toASCII(message).get());
 #endif
     }
     return NS_OK;
 }
 
 NS_IMETHODIMP
+nsScriptSecurityManager::CheckLoadURIStr(const nsACString& aSourceURIStr,
+                                         const nsACString& aTargetURIStr,
+                                         PRUint32 aFlags)
+{
+    // FIXME: bug 327244 -- this function should really die...  Really truly.
+    nsCOMPtr<nsIURI> source;
+    nsresult rv = NS_NewURI(getter_AddRefs(source), aSourceURIStr,
+                            nsnull, nsnull, sIOService);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    // Note: this is not _quite_ right if aSourceURI has
+    // NS_NULLPRINCIPAL_SCHEME, but we'll just extract the scheme in
+    // CheckLoadURIWithPrincipal anyway, so this is good enough.  This method
+    // really needs to go away....
+    nsCOMPtr<nsIPrincipal> sourcePrincipal;
+    rv = CreateCodebasePrincipal(source,
+                                 getter_AddRefs(sourcePrincipal));
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    return CheckLoadURIStrWithPrincipal(sourcePrincipal, aTargetURIStr,
+                                        aFlags);
+}
+
+NS_IMETHODIMP
 nsScriptSecurityManager::CheckLoadURIStrWithPrincipal(nsIPrincipal* aPrincipal,
                                                       const nsACString& aTargetURIStr,
                                                       PRUint32 aFlags)
 {
     nsresult rv;
     nsCOMPtr<nsIURI> target;
     rv = NS_NewURI(getter_AddRefs(target), aTargetURIStr,
                    nsnull, nsnull, sIOService);
@@ -3547,50 +3589,16 @@ nsScriptSecurityManager::InitPrefs()
         rv = InitPrincipals(prefCount, (const char**)prefNames);
         NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(prefCount, prefNames);
         NS_ENSURE_SUCCESS(rv, rv);
     }
 
     return NS_OK;
 }
 
-NS_IMETHODIMP
-nsScriptSecurityManager::GetExtendedOrigin(nsIURI* aURI,
-                                           PRUint32 aAppId,
-                                           bool aInMozBrowser,
-                                           nsACString& aExtendedOrigin)
-{
-  MOZ_ASSERT(aURI);
-
-  if (aAppId == UNKNOWN_APP_ID) {
-    aExtendedOrigin.Truncate();
-    return NS_OK;
-  }
-
-  // Fallback.
-  if (aAppId == nsIScriptSecurityManager::NO_APP_ID && !aInMozBrowser) {
-    nsCAutoString origin;
-    nsPrincipal::GetOriginForURI(aURI, getter_Copies(origin));
-
-    aExtendedOrigin.Assign(origin);
-    return NS_OK;
-  }
-
-  nsCAutoString origin;
-  nsPrincipal::GetOriginForURI(aURI, getter_Copies(origin));
-
-  // aExtendedOrigin = origin + " " + aAppId + " " + int(aInMozBrowser)
-  aExtendedOrigin.Assign(origin + NS_LITERAL_CSTRING("@"));
-  aExtendedOrigin.AppendInt(aAppId);
-  aExtendedOrigin.Append(aInMozBrowser ? NS_LITERAL_CSTRING("t")
-                                       : NS_LITERAL_CSTRING("f"));
-
-  return NS_OK;
-}
-
 ///////////////////////////////////////////////////////////////////////////////
 // The following code prints the contents of the policy DB to the console.
 #ifdef DEBUG_CAPS_HACKER
 
 //typedef PLDHashOperator
 //(* PLDHashEnumerator)(PLDHashTable *table, PLDHashEntryHdr *hdr,
 //                      PRUint32 number, void *arg);
 static PLDHashOperator
--- a/caps/tests/mochitest/Makefile.in
+++ b/caps/tests/mochitest/Makefile.in
@@ -13,18 +13,15 @@ include $(DEPTH)/config/autoconf.mk
 
 MOCHITEST_FILES = 	test_bug423375.html \
                 test_bug246699.html \
                 test_bug292789.html \
                 test_bug470804.html \
                 test_disallowInheritPrincipal.html \
                 $(NULL)
 
-MOCHITEST_CHROME_FILES = test_principal_extendedorigin_appid_appstatus.html \
-                         $(NULL)
-
 test_bug292789.html : % : %.in
 	$(PYTHON) $(topsrcdir)/config/Preprocessor.py \
 	     $(AUTOMATION_PPARGS) $(DEFINES) $(ACDEFINES) $< > $@
 
 GARBAGE += test_bug292789.html
 
 include $(topsrcdir)/config/rules.mk
deleted file mode 100644
--- a/caps/tests/mochitest/test_principal_extendedorigin_appid_appstatus.html
+++ /dev/null
@@ -1,143 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-https://bugzilla.mozilla.org/show_bug.cgi?id=758258
--->
-<head>
-  <meta charset="utf-8">
-  <title>Test for nsIPrincipal extendedOrigin, appStatus and appId</title>
-  <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
-  <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
-</head>
-<body>
-<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=758258">Mozilla Bug 758258</a>
-<p id="display"></p>
-<div id="content">
-  
-</div>
-<pre id="test">
-<script type="application/javascript">
-
-/** Test for Bug 758258 **/
-
-SimpleTest.waitForExplicitFinish();
-
-var gData = [
-  {
-    app: "http://example.org/manifest.webapp",
-    origin: "http://example.org",
-  },
-  {
-    app: "https://example.com:443/manifest.webapp",
-    origin: "https://example.com",
-  },
-  {
-    app: "http://test1.example.org/manifest.webapp",
-    origin: "http://test1.example.org",
-  },
-  {
-    app: "http://test1.example.org:8000/manifest.webapp",
-    origin: "http://test1.example.org:8000",
-  },
-  {
-    app: "http://sub1.test1.example.org/manifest.webapp",
-    origin: "http://sub1.test1.example.org",
-  },
-  {
-    app: "http://example.org/foo/manifest.webapp",
-    origin: "http://example.org",
-  },
-  {
-    app: "http://example.org/bar/manifest.webapp",
-    origin: "http://example.org",
-  },
-  {
-    browser: true,
-    origin: "http://example.org",
-  },
-  {
-    origin: "http://example.org",
-  },
-  {
-    app: "http://example.org/wedonthaveanyappinthatdirectory/manifest.webapp",
-    origin: "http://example.org",
-  },
-  {
-    app: "http://example.org/manifest.webapp",
-    origin: "data:text/html,foobar",
-    test: [ "todo-origin" ],
-  },
-  {
-    app: "http://example.org/manifest.webapp",
-    origin: "data:text/html,foobar2",
-    test: [ "todo-origin" ],
-  },
-  {
-    origin: "file:///",
-  },
-  {
-    origin: "file:///tmp",
-  },
-  {
-    app: "http://example.org/manifest.webapp",
-    origin: "file:///",
-  },
-  {
-    app: "http://example.org/manifest.webapp",
-    origin: "file:///tmp",
-  },
-];
-
-var content = document.getElementById('content');
-var checkedCount = 0;
-var checksTodo = gData.length;
-
-function checkPrincipalForIFrame(aFrame, data) {
-  var principal = aFrame.contentDocument.nodePrincipal;
-
-  // TODO: TEMP.
-  if (!data.test) {
-    data.test = [];
-  }
-
-  if (data.test.indexOf('todo-origin') == -1) {
-    is(principal.URI.origin, data.origin, 'the correct URL should have been loaded');
-  }
-
-  checkedCount++;
-  if (checkedCount == checksTodo) {
-    SimpleTest.finish();
-  }
-}
-
-is('appStatus' in document.nodePrincipal, false,
-   'appStatus should not be present in nsIPrincipal');
-is('extendedOrigin' in document.nodePrincipal, false,
-   'extendedOrigin should not be present in nsIPrincipal');
-is('appId' in document.nodePrincipal, false,
-   'appId should not be present in nsIPrincipal');
-
-gData.forEach(function(data) {
-  var iframe = document.createElement('iframe');
-  iframe.checkPrincipal = function() {
-    checkPrincipalForIFrame(this, data);
-  };
-
-  if (data.app) {
-    iframe.setAttribute('mozapp', data.app);
-    iframe.setAttribute('mozbrowser', '');
-  } else if (data.browser) {
-    iframe.setAttribute('mozbrowser', '');
-  }
-
-  iframe.src = data.origin;
-
-  iframe.addEventListener('load', iframe.checkPrincipal.bind(iframe));
-
-  content.appendChild(iframe);
-});
-
-</script>
-</pre>
-</body>
-</html>
--- a/content/base/src/contentAreaDropListener.js
+++ b/content/base/src/contentAreaDropListener.js
@@ -61,39 +61,39 @@ ContentAreaDropListener.prototype =
 
     // Strip leading and trailing whitespace, then try to create a
     // URI from the dropped string. If that succeeds, we're
     // dropping a URI and we need to do a security check to make
     // sure the source document can load the dropped URI.
     uriString = uriString.replace(/^\s*|\s*$/g, '');
 
     let uri;
-    let ioService = Cc["@mozilla.org/network/io-service;1"]
-                      .getService(Components.interfaces.nsIIOService);
     try {
       // Check that the uri is valid first and return an empty string if not.
       // It may just be plain text and should be ignored here
-      uri = ioService.newURI(uriString, null, null);
+      uri = Cc["@mozilla.org/network/io-service;1"].
+              getService(Components.interfaces.nsIIOService).
+              newURI(uriString, null, null);
     } catch (ex) { }
     if (!uri)
       return uriString;
 
     // uriString is a valid URI, so do the security check.
     let secMan = Cc["@mozilla.org/scriptsecuritymanager;1"].
                    getService(Ci.nsIScriptSecurityManager);
     let sourceNode = dataTransfer.mozSourceNode;
     let flags = secMan.STANDARD;
     if (disallowInherit)
       flags |= secMan.DISALLOW_INHERIT_PRINCIPAL;
 
     // Use file:/// as the default uri so that drops of file URIs are always allowed
-    let principal = sourceNode ? sourceNode.principal
-                               : secMan.getCodebasePrincipal(ioService.newURI("file:///", null, null));
-
-    secMan.checkLoadURIStrWithPrincipal(principal, uriString, flags);
+    if (sourceNode)
+      secMan.checkLoadURIStrWithPrincipal(sourceNode.nodePrincipal, uriString, flags);
+    else
+      secMan.checkLoadURIStr("file:///", uriString, flags);
 
     return uriString;
   },
 
   canDropLink: function(aEvent, aAllowSameDocument)
   {
     let dataTransfer = aEvent.dataTransfer;
     let types = dataTransfer.types;
--- a/content/base/src/nsDocument.cpp
+++ b/content/base/src/nsDocument.cpp
@@ -3082,17 +3082,17 @@ nsDocument::SetHeaderData(nsIAtom* aHead
     // our container via mDocumentContainer.
     nsCOMPtr<nsIRefreshURI> refresher = do_QueryReferent(mDocumentContainer);
     if (refresher) {
       // Note: using mDocumentURI instead of mBaseURI here, for consistency
       // (used to just use the current URI of our webnavigation, but that
       // should really be the same thing).  Note that this code can run
       // before the current URI of the webnavigation has been updated, so we
       // can't assert equality here.
-      refresher->SetupRefreshURIFromHeader(mDocumentURI, NodePrincipal(),
+      refresher->SetupRefreshURIFromHeader(mDocumentURI,
                                            NS_ConvertUTF16toUTF8(aData));
     }
   }
 
   if (aHeaderField == nsGkAtoms::headerDNSPrefetchControl &&
       mAllowDNSPrefetch) {
     // Chromium treats any value other than 'on' (case insensitive) as 'off'.
     mAllowDNSPrefetch = aData.IsEmpty() || aData.LowerCaseEqualsLiteral("on");
--- a/content/base/src/nsFrameLoader.cpp
+++ b/content/base/src/nsFrameLoader.cpp
@@ -75,17 +75,16 @@
 
 #include "ContentParent.h"
 #include "TabParent.h"
 #include "mozilla/GuardObjects.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/unused.h"
 #include "mozilla/dom/Element.h"
 #include "mozilla/layout/RenderFrameParent.h"
-#include "nsIAppsService.h"
 
 #include "jsapi.h"
 
 using namespace mozilla;
 using namespace mozilla::dom;
 using namespace mozilla::layers;
 using namespace mozilla::layout;
 typedef FrameMetrics::ViewID ViewID;
@@ -1105,39 +1104,24 @@ nsFrameLoader::SwapWithOtherLoader(nsFra
   NS_ASSERTION(otherDoc == otherParentDocument, "Unexpected parent document");
 
   nsIPresShell* ourShell = ourDoc->GetShell();
   nsIPresShell* otherShell = otherDoc->GetShell();
   if (!ourShell || !otherShell) {
     return NS_ERROR_NOT_IMPLEMENTED;
   }
 
-  bool ourContentBoundary, otherContentBoundary;
-  ourDocshell->GetIsContentBoundary(&ourContentBoundary);
-  otherDocshell->GetIsContentBoundary(&otherContentBoundary);
-  if (ourContentBoundary != otherContentBoundary) {
+  bool weAreBrowserFrame = false;
+  bool otherIsBrowserFrame = false;
+  ourDocshell->GetIsBrowserFrame(&weAreBrowserFrame);
+  otherDocshell->GetIsBrowserFrame(&otherIsBrowserFrame);
+  if (weAreBrowserFrame != otherIsBrowserFrame) {
     return NS_ERROR_NOT_IMPLEMENTED;
   }
 
-  if (ourContentBoundary) {
-    bool ourIsBrowser, otherIsBrowser;
-    ourDocshell->GetIsBrowserElement(&ourIsBrowser);
-    otherDocshell->GetIsBrowserElement(&otherIsBrowser);
-    if (ourIsBrowser != otherIsBrowser) {
-      return NS_ERROR_NOT_IMPLEMENTED;
-    }
-
-    bool ourIsApp, otherIsApp;
-    ourDocshell->GetIsApp(&ourIsApp);
-    otherDocshell->GetIsApp(&otherIsApp);
-    if (ourIsApp != otherIsApp) {
-      return NS_ERROR_NOT_IMPLEMENTED;
-    }
-  }
-
   if (mInSwap || aOther->mInSwap) {
     return NS_ERROR_NOT_IMPLEMENTED;
   }
   mInSwap = aOther->mInSwap = true;
 
   // Fire pageshow events on still-loading pages, and then fire pagehide
   // events.  Note that we do NOT fire these in the normal way, but just fire
   // them on the chrome event handlers.
@@ -1472,34 +1456,16 @@ nsFrameLoader::MaybeCreateDocShell()
     doc->GetContainer();
   nsCOMPtr<nsIWebNavigation> parentAsWebNav = do_QueryInterface(container);
   NS_ENSURE_STATE(parentAsWebNav);
 
   // Create the docshell...
   mDocShell = do_CreateInstance("@mozilla.org/docshell;1");
   NS_ENSURE_TRUE(mDocShell, NS_ERROR_FAILURE);
 
-  if (OwnerIsBrowserFrame() &&
-      mOwnerContent->HasAttr(kNameSpaceID_None, nsGkAtoms::mozapp)) {
-    nsCOMPtr<nsIAppsService> appsService =
-      do_GetService(APPS_SERVICE_CONTRACTID);
-    if (!appsService) {
-      NS_ERROR("Apps Service is not available!");
-      return NS_ERROR_FAILURE;
-    }
-
-    nsAutoString manifest;
-    mOwnerContent->GetAttr(kNameSpaceID_None, nsGkAtoms::mozapp, manifest);
-
-    PRUint32 appId;
-    appsService->GetAppLocalIdByManifestURL(manifest, &appId);
-
-    mDocShell->SetAppId(appId);
-  }
-
   if (!mNetworkCreated) {
     nsCOMPtr<nsIDocShellHistory> history = do_QueryInterface(mDocShell);
     if (history) {
       history->SetCreatedDynamically(true);
     }
   }
 
   // Get the frame name and tell the docshell about it.
@@ -1592,17 +1558,17 @@ nsFrameLoader::MaybeCreateDocShell()
     // Do not call Destroy() here. See bug 472312.
     NS_WARNING("Something wrong when creating the docshell for a frameloader!");
     return NS_ERROR_FAILURE;
   }
 
   EnsureMessageManager();
 
   if (OwnerIsBrowserFrame()) {
-    mDocShell->SetIsBrowser();
+    mDocShell->SetIsBrowserFrame(true);
 
     nsCOMPtr<nsIObserverService> os = services::GetObserverService();
     if (os) {
       os->NotifyObservers(NS_ISUPPORTS_CAST(nsIFrameLoader*, this),
                           "in-process-browser-frame-shown", NULL);
     }
 
     if (mMessageManager) {
--- a/content/xslt/src/xslt/txMozillaXMLOutput.cpp
+++ b/content/xslt/src/xslt/txMozillaXMLOutput.cpp
@@ -236,17 +236,16 @@ txMozillaXMLOutput::endDocument(nsresult
 
     if (!mRefreshString.IsEmpty()) {
         nsPIDOMWindow *win = mDocument->GetWindow();
         if (win) {
             nsCOMPtr<nsIRefreshURI> refURI =
                 do_QueryInterface(win->GetDocShell());
             if (refURI) {
                 refURI->SetupRefreshURIFromHeader(mDocument->GetDocBaseURI(),
-                                                  mDocument->NodePrincipal(),
                                                   mRefreshString);
             }
         }
     }
 
     if (mNotifier) {
         mNotifier->OnTransformEnd();
     }
--- a/docshell/base/nsDSURIContentListener.cpp
+++ b/docshell/base/nsDSURIContentListener.cpp
@@ -306,19 +306,19 @@ bool nsDSURIContentListener::CheckOneFra
 
         // Traverse up the parent chain and stop when we see a docshell whose
         // parent has a system principal, or a docshell corresponding to
         // <iframe mozbrowser>.
         while (NS_SUCCEEDED(curDocShellItem->GetParent(getter_AddRefs(parentDocShellItem))) &&
                parentDocShellItem) {
 
             nsCOMPtr<nsIDocShell> curDocShell = do_QueryInterface(curDocShellItem);
-            bool isContentBoundary;
-            curDocShell->GetIsContentBoundary(&isContentBoundary);
-            if (isContentBoundary) {
+            bool browserFrame = false;
+            curDocShell->GetIsBrowserFrame(&browserFrame);
+            if (browserFrame) {
               break;
             }
 
             bool system = false;
             topDoc = do_GetInterface(parentDocShellItem);
             if (topDoc) {
                 if (NS_SUCCEEDED(ssm->IsSystemPrincipal(topDoc->NodePrincipal(),
                                                         &system)) && system) {
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -758,17 +758,16 @@ nsDocShell::nsDocShell():
     mURIResultedInDocument(false),
     mIsBeingDestroyed(false),
     mIsExecutingOnLoadHandler(false),
     mIsPrintingOrPP(false),
     mSavingOldViewer(false),
 #ifdef DEBUG
     mInEnsureScriptEnv(false),
 #endif
-    mAppId(nsIScriptSecurityManager::NO_APP_ID),
     mParentCharsetSource(0)
 {
     mHistoryID = ++gDocshellIDCounter;
     if (gDocShellCount++ == 0) {
         NS_ASSERTION(sURIFixup == nsnull,
                      "Huh, sURIFixup not null in first nsDocShell ctor!");
 
         CallGetService(NS_URIFIXUP_CONTRACTID, &sURIFixup);
@@ -5524,17 +5523,16 @@ nsDocShell::ForceRefreshURI(nsIURI * aUR
      */
     LoadURI(aURI, loadInfo, nsIWebNavigation::LOAD_FLAGS_NONE, true);
 
     return NS_OK;
 }
 
 nsresult
 nsDocShell::SetupRefreshURIFromHeader(nsIURI * aBaseURI,
-                                      nsIPrincipal* aPrincipal,
                                       const nsACString & aHeader)
 {
     // Refresh headers are parsed with the following format in mind
     // <META HTTP-EQUIV=REFRESH CONTENT="5; URL=http://uri">
     // By the time we are here, the following is true:
     // header = "REFRESH"
     // content = "5; URL=http://uri" // note the URL attribute is
     // optional, if it is absent, the currently loaded url is used.
@@ -5566,18 +5564,16 @@ nsDocShell::SetupRefreshURIFromHeader(ns
     // "go.html;" since ';' and ',' are valid uri characters.
     // 
     // Note that we need to remove any tokens wrapping the URI.
     // These tokens currently include spaces, double and single
     // quotes.
 
     // when done, seconds is 0 or the given number of seconds
     //            uriAttrib is empty or the URI specified
-    MOZ_ASSERT(aPrincipal);
-
     nsCAutoString uriAttrib;
     PRInt32 seconds = 0;
     bool specifiesSeconds = false;
 
     nsACString::const_iterator iter, tokenStart, doneIterating;
 
     aHeader.BeginReading(iter);
     aHeader.EndReading(doneIterating);
@@ -5732,18 +5728,19 @@ nsDocShell::SetupRefreshURIFromHeader(ns
     }
 
     if (NS_SUCCEEDED(rv)) {
         nsCOMPtr<nsIScriptSecurityManager>
             securityManager(do_GetService
                             (NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv));
         if (NS_SUCCEEDED(rv)) {
             rv = securityManager->
-                CheckLoadURIWithPrincipal(aPrincipal, uri,
-                                          nsIScriptSecurityManager::LOAD_IS_AUTOMATIC_DOCUMENT_REPLACEMENT);
+                CheckLoadURI(aBaseURI, uri,
+                             nsIScriptSecurityManager::
+                             LOAD_IS_AUTOMATIC_DOCUMENT_REPLACEMENT);
 
             if (NS_SUCCEEDED(rv)) {
                 bool isjs = true;
                 rv = NS_URIChainHasFlags(uri,
                   nsIProtocolHandler::URI_OPENING_EXECUTES_SCRIPT, &isjs);
                 NS_ENSURE_SUCCESS(rv, rv);
 
                 if (isjs) {
@@ -5769,26 +5766,18 @@ NS_IMETHODIMP nsDocShell::SetupRefreshUR
     nsresult rv;
     nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(aChannel, &rv));
     if (NS_SUCCEEDED(rv)) {
         nsCAutoString refreshHeader;
         rv = httpChannel->GetResponseHeader(NS_LITERAL_CSTRING("refresh"),
                                             refreshHeader);
 
         if (!refreshHeader.IsEmpty()) {
-            nsCOMPtr<nsIScriptSecurityManager> secMan =
-                do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-            NS_ENSURE_SUCCESS(rv, rv);
-
-            nsCOMPtr<nsIPrincipal> principal;
-            rv = secMan->GetChannelPrincipal(aChannel, getter_AddRefs(principal));
-            NS_ENSURE_SUCCESS(rv, rv);
-
             SetupReferrerFromChannel(aChannel);
-            rv = SetupRefreshURIFromHeader(mCurrentURI, principal, refreshHeader);
+            rv = SetupRefreshURIFromHeader(mCurrentURI, refreshHeader);
             if (NS_SUCCEEDED(rv)) {
                 return NS_REFRESHURI_HEADER_FOUND;
             }
         }
     }
     return rv;
 }
 
@@ -12019,150 +12008,57 @@ nsDocShell::GetCanExecuteScripts(bool *a
 #endif // DEBUG
       } while (treeItem && docshell);
   }
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
-nsDocShell::SetIsBrowser()
-{
-    if (mIsBrowserFrame) {
-        NS_ERROR("You should not call SetIsBrowser() more than once.");
-        return NS_OK;
-    }
-
-    mIsBrowserFrame = true;
-
+nsDocShell::GetIsBrowserFrame(bool *aOut)
+{
+  NS_ENSURE_ARG_POINTER(aOut);
+  *aOut = mIsBrowserFrame;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetIsBrowserFrame(bool aValue)
+{
+  // Disallow transitions from browser frame to not-browser-frame.  Once a
+  // browser frame, always a browser frame.  (Otherwise, observers of
+  // docshell-marked-as-browser-frame would have to distinguish between
+  // newly-created browser frames and frames which went from true to false back
+  // to true.)
+  NS_ENSURE_STATE(!mIsBrowserFrame || aValue);
+
+  bool wasBrowserFrame = mIsBrowserFrame;
+  mIsBrowserFrame = aValue;
+  if (aValue && !wasBrowserFrame) {
     nsCOMPtr<nsIObserverService> os = services::GetObserverService();
     if (os) {
-        os->NotifyObservers(GetAsSupports(this),
-                            "docshell-marked-as-browser-frame", NULL);
-    }
-
-    return NS_OK;
-}
-
-nsDocShell::FrameType
-nsDocShell::GetInheritedFrameType()
-{
-    FrameType type = GetFrameType();
-
-    if (type != eFrameTypeRegular) {
-        return type;
+      os->NotifyObservers(GetAsSupports(this),
+                          "docshell-marked-as-browser-frame", NULL);
+    }
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetContainedInBrowserFrame(bool *aOut)
+{
+    *aOut = false;
+
+    if (mIsBrowserFrame) {
+        *aOut = true;
+        return NS_OK;
     }
 
     nsCOMPtr<nsIDocShellTreeItem> parentAsItem;
     GetSameTypeParent(getter_AddRefs(parentAsItem));
 
     nsCOMPtr<nsIDocShell> parent = do_QueryInterface(parentAsItem);
-    if (!parent) {
-        return eFrameTypeRegular;
-    }
-
-    return static_cast<nsDocShell*>(parent.get())->GetInheritedFrameType();
-}
-
-nsDocShell::FrameType
-nsDocShell::GetFrameType()
-{
-    if (mAppId != nsIScriptSecurityManager::NO_APP_ID) {
-        return eFrameTypeApp;
-    }
-
-    return mIsBrowserFrame ? eFrameTypeBrowser : eFrameTypeRegular;
-}
-
-NS_IMETHODIMP
-nsDocShell::GetIsBrowserElement(bool* aIsBrowser)
-{
-    *aIsBrowser = (GetFrameType() == eFrameTypeBrowser);
-
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-nsDocShell::GetIsApp(bool* aIsApp)
-{
-    *aIsApp = (GetFrameType() == eFrameTypeApp);
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-nsDocShell::GetIsContentBoundary(bool* aIsContentBoundary)
-{
-    switch (GetFrameType()) {
-        case eFrameTypeRegular:
-            *aIsContentBoundary = false;
-            break;
-        case eFrameTypeBrowser:
-        case eFrameTypeApp:
-            *aIsContentBoundary = true;
-            break;
-    }
-
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-nsDocShell::GetIsInBrowserElement(bool* aIsInBrowserElement)
-{
-    *aIsInBrowserElement = (GetInheritedFrameType() == eFrameTypeBrowser);
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-nsDocShell::GetIsInApp(bool* aIsInApp)
-{
-    *aIsInApp = (GetInheritedFrameType() == eFrameTypeApp);
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-nsDocShell::GetIsBelowContentBoundary(bool* aIsInContentBoundary)
-{
-    switch (GetInheritedFrameType()) {
-        case eFrameTypeRegular:
-            *aIsInContentBoundary = false;
-            break;
-        case eFrameTypeBrowser:
-        case eFrameTypeApp:
-            *aIsInContentBoundary = true;
-            break;
-    }
-
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-nsDocShell::SetAppId(PRUint32 aAppId)
-{
-    MOZ_ASSERT(mAppId == nsIScriptSecurityManager::NO_APP_ID);
-    MOZ_ASSERT(aAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID);
-
-    mAppId = aAppId;
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-nsDocShell::GetAppId(PRUint32* aAppId)
-{
-    if (mAppId != nsIScriptSecurityManager::NO_APP_ID) {
-        MOZ_ASSERT(GetFrameType() == eFrameTypeApp);
-
-        *aAppId = mAppId;
-        return NS_OK;
-    }
-
-    MOZ_ASSERT(GetFrameType() != eFrameTypeApp);
-
-    nsCOMPtr<nsIDocShellTreeItem> parentAsItem;
-    GetSameTypeParent(getter_AddRefs(parentAsItem));
-
-    nsCOMPtr<nsIDocShell> parent = do_QueryInterface(parentAsItem);
-    if (!parent) {
-        *aAppId = nsIScriptSecurityManager::NO_APP_ID;
-        return NS_OK;
-    }
-
-    return parent->GetAppId(aAppId);
-}
+    if (parent) {
+        return parent->GetContainedInBrowserFrame(aOut);
+    }
+
+    return NS_OK;
+}
--- a/docshell/base/nsDocShell.h
+++ b/docshell/base/nsDocShell.h
@@ -659,25 +659,16 @@ protected:
         RestorePresentationEvent(nsDocShell *ds) : mDocShell(ds) {}
         void Revoke() { mDocShell = nsnull; }
     private:
         nsRefPtr<nsDocShell> mDocShell;
     };
 
     bool JustStartedNetworkLoad();
 
-    enum FrameType {
-        eFrameTypeRegular  = 0x0, // 0000
-        eFrameTypeBrowser  = 0x1, // 0001
-        eFrameTypeApp      = 0x2  // 0010
-    };
-
-    FrameType GetInheritedFrameType();
-    FrameType GetFrameType();
-
     // hash of session storages, keyed by domain
     nsInterfaceHashtable<nsCStringHashKey, nsIDOMStorage> mStorages;
 
     // Dimensions of the docshell
     nsIntRect                  mBounds;
     nsString                   mName;
     nsString                   mTitle;
 
@@ -819,18 +810,16 @@ protected:
     bool                       mInEnsureScriptEnv;
 #endif
     PRUint64                   mHistoryID;
 
     static nsIURIFixup *sURIFixup;
 
     nsRefPtr<nsDOMNavigationTiming> mTiming;
 
-    PRUint32 mAppId;
-
 private:
     nsCOMPtr<nsIAtom> mForcedCharset;
     nsCOMPtr<nsIAtom> mParentCharset;
     nsTObserverArray<nsWeakPtr> mPrivacyObservers;
     PRInt32           mParentCharsetSource;
     nsCString         mOriginalUriString;
 
 #ifdef DEBUG
--- a/docshell/base/nsIDocShell.idl
+++ b/docshell/base/nsIDocShell.idl
@@ -34,17 +34,17 @@ interface nsISHEntry;
 interface nsILayoutHistoryState;
 interface nsISecureBrowserUI;
 interface nsIDOMStorage;
 interface nsIPrincipal;
 interface nsIWebBrowserPrint;
 interface nsIVariant;
 interface nsIPrivacyTransitionObserver;
 
-[scriptable, builtinclass, uuid(c98f0f21-fe96-4f06-9978-0a9422a789fa)]
+[scriptable, builtinclass, uuid(89ea9f32-18ec-413b-9e2c-ce9a4c851b1c)]
 interface nsIDocShell : nsISupports
 {
   /**
    * Loads a given URI.  This will give priority to loading the requested URI
    * in the object implementing	this interface.  If it can't be loaded here
    * however, the URL dispatcher will go through its normal process of content
    * loading.
    *
@@ -584,69 +584,26 @@ interface nsIDocShell : nsISupports
   attribute PRInt32 parentCharsetSource;
 
   /**
    * Add an observer to the list of parties to be notified when this docshell's
    * private browsing status is changed. |obs| must support weak references.
    */
   void addWeakPrivacyTransitionObserver(in nsIPrivacyTransitionObserver obs);
 
-  /**
-   * Mark the docshell as a browser frame.
-   * This should be used for <iframe mozbrowser> but not for <iframe mozapp>.
+  /*
+   * Is this docshell a browser frame (i.e., does it correspond to an <iframe
+   * mozbrowser>)?  The frameloader is responsible for setting this property
+   * when it initializes the docshell.
    *
-   * This method should not be called more than once.
-   */
-  void setIsBrowser();
-
-  /**
-   * Returns true iff the docshell is marked as a browser frame.
+   * If so, this docshell should act like a chrome/content boundary for the
+   * purposes of window.top and window.parent.
+   *
+   * See also nsIMozBrowserFrame.
    */
-  readonly attribute boolean isBrowserElement;
-
-  /**
-   * Returns true iif the docshell is marked as an app frame.
-   */
-  readonly attribute boolean isApp;
-
-  /**
-   * Returns true iif the docshell is marked as a type that behaves like a
-   * content boundary.
-   */
-  readonly attribute boolean isContentBoundary;
-
-  /**
-   * Returns true iif the docshell is inside a browser element.
-   */
-  readonly attribute boolean isInBrowserElement;
+  attribute bool isBrowserFrame;
 
-  /**
-   * Returns true iif the docshell is inside an application.
-   * However, it will return false if the docshell is inside a browser element
-   * that is inside an application.
-   */
-  readonly attribute boolean isInApp;
-
-  /**
-   * Returns if the docshell has a docshell that behaves as a content boundary
-   * in his parent hierarchy.
+  /*
+   * Is this docshell contained in an <iframe mozbrowser>, either directly or
+   * indirectly?
    */
-  readonly attribute boolean isBelowContentBoundary;
-
-  /**
-   * Set the app id this docshell is associated with. It has to be a valid app
-   * id. If the docshell isn't associated with any app, the value should be
-   * nsIScriptSecurityManager::NO_APP_ID.
-   * However, this is the default value if nothing is set.
-   *
-   * This method is [noscript] to reduce the scope. It should be used at very
-   * specific moments.
-   *
-   * Calling setAppId() will mark the frame as an app frame.
-   */
-  [noscript] void setAppId(in unsigned long appId);
-
-  /**
-   * Returns the app id of the app the docshell is in.
-   * Returns nsIScriptSecurityManager::NO_APP_ID If the docshell is not in an app.
-   */
-  readonly attribute unsigned long appId;
+  readonly attribute bool containedInBrowserFrame;
 };
--- a/docshell/base/nsIRefreshURI.idl
+++ b/docshell/base/nsIRefreshURI.idl
@@ -2,19 +2,18 @@
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsISupports.idl"
 #include "nsIURI.idl"
 interface nsIChannel;
-interface nsIPrincipal;
 
-[scriptable, uuid(a5e61a3c-51bd-45be-ac0c-e87b71860656)]
+[scriptable, uuid(cb0ad623-6b46-4c09-a473-c1d6ca63d3c7)]
 interface nsIRefreshURI : nsISupports {
     /**
       * Load a uri after waiting for aMillis milliseconds. If the docshell
       * is busy loading a page currently, the refresh request will be
       * queued and executed when the current load finishes. 
       *
       * @param aUri The uri to refresh.
       * @param aMillis The number of milliseconds to wait.
@@ -51,21 +50,20 @@ interface nsIRefreshURI : nsISupports {
 
     /**
       * Parses the passed in header string and sets up a refreshURI if
       * a "refresh" header is found. If docshell is busy loading a page 
       * currently, the request will be queued and executed when 
       * the current page finishes loading. 
       *
       * @param aBaseURI base URI to resolve refresh uri with.
-      * @param principal the associated principal
       * @param aHeader  The meta refresh header string.
       */
-    void setupRefreshURIFromHeader(in nsIURI aBaseURI, in nsIPrincipal principal, in ACString aHeader);
-
+    void setupRefreshURIFromHeader(in nsIURI aBaseURI, in ACString aHeader);
+      
     /**
       * Cancels all timer loads.
       */
     void cancelRefreshURITimers();
 
    /**
      * True when there are pending refreshes, false otherwise.
      */
--- a/dom/apps/src/Webapps.jsm
+++ b/dom/apps/src/Webapps.jsm
@@ -312,18 +312,17 @@ let DOMApplicationRegistry = {
       cacheUpdate.addObserver(new AppcacheObserver(appObject), false);
       if (aOfflineCacheObserver) {
         cacheUpdate.addObserver(aOfflineCacheObserver, false);
       }
     }
   },
 
   _nextLocalId: function() {
-    let maxLocalId = Ci.nsIScriptSecurityManager.NO_APP_ID;
-
+    let maxLocalId = 0;
     for (let id in this.webapps) {
       if (this.webapps[id].localId > maxLocalId) {
         maxLocalId = this.webapps[id].localId;
       }
     }
 
     return maxLocalId + 1;
   },
@@ -631,17 +630,17 @@ let DOMApplicationRegistry = {
 
   getAppLocalIdByManifestURL: function(aManifestURL) {
     for (let id in this.webapps) {
       if (this.webapps[id].manifestURL == aManifestURL) {
         return this.webapps[id].localId;
       }
     }
 
-    return Ci.nsIScriptSecurityManager.NO_APP_ID;
+    return 0;
   },
 
   getAllWithoutManifests: function(aCallback) {
     let result = {};
     for (let id in this.webapps) {
       let app = this._cloneAppObject(this.webapps[id]);
       result[id] = app;
     }
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -2960,19 +2960,19 @@ nsGlobalWindow::GetScriptableParent(nsID
 {
   FORWARD_TO_OUTER(GetScriptableParent, (aParent), NS_ERROR_NOT_INITIALIZED);
 
   *aParent = NULL;
   if (!mDocShell) {
     return NS_OK;
   }
 
-  bool isContentBoundary = false;
-  mDocShell->GetIsContentBoundary(&isContentBoundary);
-  if (isContentBoundary) {
+  bool isMozBrowser = false;
+  mDocShell->GetIsBrowserFrame(&isMozBrowser);
+  if (isMozBrowser) {
     nsCOMPtr<nsIDOMWindow> parent = static_cast<nsIDOMWindow*>(this);
     parent.swap(*aParent);
     return NS_OK;
   }
 
   return GetRealParent(aParent);
 }
 
@@ -6441,23 +6441,22 @@ nsGlobalWindow::CanClose()
   return true;
 }
 
 NS_IMETHODIMP
 nsGlobalWindow::Close()
 {
   FORWARD_TO_OUTER(Close, (), NS_ERROR_NOT_INITIALIZED);
 
-  bool isContentBoundary = false;
+  bool isMozBrowser = false;
   if (mDocShell) {
-    mDocShell->GetIsContentBoundary(&isContentBoundary);
-  }
-
-  if ((!isContentBoundary && IsFrame()) ||
-      !mDocShell || IsInModalState()) {
+    mDocShell->GetIsBrowserFrame(&isMozBrowser);
+  }
+
+  if ((!isMozBrowser && IsFrame()) || !mDocShell || IsInModalState()) {
     // window.close() is called on a frame in a frameset, on a window
     // that's already closed, or on a window for which there's
     // currently a modal dialog open. Ignore such calls.
 
     return NS_OK;
   }
 
   if (mHavePendingClose) {
@@ -6976,19 +6975,19 @@ nsGlobalWindow::GetScriptableFrameElemen
 {
   FORWARD_TO_OUTER(GetScriptableFrameElement, (aFrameElement), NS_ERROR_NOT_INITIALIZED);
   *aFrameElement = NULL;
 
   if (!mDocShell) {
     return NS_OK;
   }
 
-  bool isContentBoundary = false;
-  mDocShell->GetIsContentBoundary(&isContentBoundary);
-  if (isContentBoundary) {
+  bool isMozBrowser = false;
+  mDocShell->GetIsBrowserFrame(&isMozBrowser);
+  if (isMozBrowser) {
     return NS_OK;
   }
 
   return GetFrameElement(aFrameElement);
 }
 
 /**
  * nsIGlobalWindow::GetFrameElement (when called from C++) is just a wrapper
--- a/dom/browser-element/BrowserElementChild.js
+++ b/dom/browser-element/BrowserElementChild.js
@@ -57,17 +57,17 @@ function BrowserElementChild() {
 
 BrowserElementChild.prototype = {
   _init: function() {
     debug("Starting up.");
     sendAsyncMsg("hello");
 
     BrowserElementPromptService.mapWindowToBrowserElementChild(content, this);
 
-    docShell.setIsBrowser();
+    docShell.isBrowserFrame = true;
     docShell.QueryInterface(Ci.nsIWebProgress)
             .addProgressListener(this._progressListener,
                                  Ci.nsIWebProgress.NOTIFY_LOCATION |
                                  Ci.nsIWebProgress.NOTIFY_SECURITY |
                                  Ci.nsIWebProgress.NOTIFY_STATE_WINDOW);
 
     // This is necessary to get security web progress notifications.
     var securityUI = Cc['@mozilla.org/secure_browser_ui;1']
--- a/dom/interfaces/apps/nsIAppsService.idl
+++ b/dom/interfaces/apps/nsIAppsService.idl
@@ -10,21 +10,14 @@ interface mozIDOMApplication;
 #define APPS_SERVICE_CID { 0x05072afa, 0x92fe, 0x45bf, { 0xae, 0x22, 0x39, 0xb6, 0x9c, 0x11, 0x70, 0x58 } }
 #define APPS_SERVICE_CONTRACTID "@mozilla.org/AppsService;1"
 %}
 
 /*
  * This service allows accessing some DOMApplicationRegistry methods from
  * non-javascript code.
  */
-[scriptable, uuid(1210a0f3-add3-4381-b892-9c102e3afc42)]
+[scriptable, uuid(40e580e7-8891-4eb8-b514-0b5796af4df1)]
 interface nsIAppsService : nsISupports
 {
   mozIDOMApplication getAppByManifestURL(in DOMString manifestURL);
-
-  /**
-   * Returns the |localId| of the app associated with the |manifestURL| passed
-   * in parameter.
-   * Returns nsIScriptSecurityManager::NO_APP_ID if |manifestURL| isn't a valid
-   * installed manifest URL.
-   */
   unsigned long getAppLocalIdByManifestURL(in DOMString manifestURL);
 };
--- a/dom/ipc/TabChild.cpp
+++ b/dom/ipc/TabChild.cpp
@@ -332,22 +332,22 @@ TabChild::ProvideWindow(nsIDOMWindow* aP
                         nsIDOMWindow** aReturn)
 {
     *aReturn = nsnull;
 
     // If aParent is inside an <iframe mozbrowser> and this isn't a request to
     // open a modal-type window, we're going to create a new <iframe mozbrowser>
     // and return its window here.
     nsCOMPtr<nsIDocShell> docshell = do_GetInterface(aParent);
-    bool isInContentBoundary = false;
+    bool inBrowserFrame = false;
     if (docshell) {
-      docshell->GetIsBelowContentBoundary(&isInContentBoundary);
+      docshell->GetContainedInBrowserFrame(&inBrowserFrame);
     }
 
-    if (isInContentBoundary &&
+    if (inBrowserFrame &&
         !(aChromeFlags & (nsIWebBrowserChrome::CHROME_MODAL |
                           nsIWebBrowserChrome::CHROME_OPENAS_DIALOG |
                           nsIWebBrowserChrome::CHROME_OPENAS_CHROME))) {
 
       // Note that BrowserFrameProvideWindow may return NS_ERROR_ABORT if the
       // open window call was canceled.  It's important that we pass this error
       // code back to our caller.
       return BrowserFrameProvideWindow(aParent, aURI, aName, aFeatures,
--- a/ipc/testshell/XPCShellEnvironment.cpp
+++ b/ipc/testshell/XPCShellEnvironment.cpp
@@ -709,24 +709,40 @@ NS_IMETHODIMP
 FullTrustSecMan::CheckLoadURIWithPrincipal(nsIPrincipal *aPrincipal,
                                            nsIURI *uri,
                                            PRUint32 flags)
 {
     return NS_OK;
 }
 
 NS_IMETHODIMP
+FullTrustSecMan::CheckLoadURI(nsIURI *from,
+                              nsIURI *uri,
+                              PRUint32 flags)
+{
+    return NS_OK;
+}
+
+NS_IMETHODIMP
 FullTrustSecMan::CheckLoadURIStrWithPrincipal(nsIPrincipal *aPrincipal,
                                               const nsACString & uri,
                                               PRUint32 flags)
 {
     return NS_OK;
 }
 
 NS_IMETHODIMP
+FullTrustSecMan::CheckLoadURIStr(const nsACString & from,
+                                 const nsACString & uri,
+                                 PRUint32 flags)
+{
+    return NS_OK;
+}
+
+NS_IMETHODIMP
 FullTrustSecMan::CheckFunctionAccess(JSContext * cx,
                                      void * funObj,
                                      void * targetObj)
 {
     return NS_OK;
 }
 
 NS_IMETHODIMP
@@ -859,25 +875,16 @@ FullTrustSecMan::GetCxSubjectPrincipal(J
 NS_IMETHODIMP_(nsIPrincipal *)
 FullTrustSecMan::GetCxSubjectPrincipalAndFrame(JSContext *cx,
                                                JSStackFrame **fp)
 {
     *fp = nsnull;
     return mSystemPrincipal;
 }
 
-NS_IMETHODIMP
-FullTrustSecMan::GetExtendedOrigin(nsIURI* aURI, PRUint32 aAppId,
-                                   bool aInMozBrowser,
-                                   nsACString& aExtendedOrigin)
-{
-  aExtendedOrigin.Truncate();
-  return NS_OK;
-}
-
 NS_IMETHODIMP_(nsrefcnt)
 XPCShellDirProvider::AddRef()
 {
     return 2;
 }
 
 NS_IMETHODIMP_(nsrefcnt)
 XPCShellDirProvider::Release()
--- a/js/xpconnect/shell/xpcshell.cpp
+++ b/js/xpconnect/shell/xpcshell.cpp
@@ -1327,25 +1327,40 @@ FullTrustSecMan::CheckLoadURIFromScript(
 /* void checkLoadURIWithPrincipal (in nsIPrincipal aPrincipal, in nsIURI uri, in unsigned long flags); */
 NS_IMETHODIMP
 FullTrustSecMan::CheckLoadURIWithPrincipal(nsIPrincipal *aPrincipal,
                                            nsIURI *uri, PRUint32 flags)
 {
     return NS_OK;
 }
 
+/* void checkLoadURI (in nsIURI from, in nsIURI uri, in unsigned long flags); */
+NS_IMETHODIMP
+FullTrustSecMan::CheckLoadURI(nsIURI *from, nsIURI *uri, PRUint32 flags)
+{
+    return NS_OK;
+}
+
 /* void checkLoadURIStrWithPrincipal (in nsIPrincipal aPrincipal, in AUTF8String uri, in unsigned long flags); */
 NS_IMETHODIMP
 FullTrustSecMan::CheckLoadURIStrWithPrincipal(nsIPrincipal *aPrincipal,
                                               const nsACString & uri,
                                               PRUint32 flags)
 {
     return NS_OK;
 }
 
+/* void checkLoadURIStr (in AUTF8String from, in AUTF8String uri, in unsigned long flags); */
+NS_IMETHODIMP
+FullTrustSecMan::CheckLoadURIStr(const nsACString & from,
+                                 const nsACString & uri, PRUint32 flags)
+{
+    return NS_OK;
+}
+
 /* [noscript] void checkFunctionAccess (in JSContextPtr cx, in voidPtr funObj, in voidPtr targetObj); */
 NS_IMETHODIMP
 FullTrustSecMan::CheckFunctionAccess(JSContext * cx, void * funObj,
                                      void * targetObj)
 {
     return NS_OK;
 }
 
@@ -1482,25 +1497,16 @@ FullTrustSecMan::GetCxSubjectPrincipal(J
 
 NS_IMETHODIMP_(nsIPrincipal *)
 FullTrustSecMan::GetCxSubjectPrincipalAndFrame(JSContext *cx, JSStackFrame **fp)
 {
     *fp = nsnull;
     return mSystemPrincipal;
 }
 
-NS_IMETHODIMP
-FullTrustSecMan::GetExtendedOrigin(nsIURI* aURI, PRUint32 aAppId,
-                                   bool aInMozBrowser,
-                                   nsACString& aExtendedOrigin)
-{
-  aExtendedOrigin.Truncate();
-  return NS_OK;
-}
-
 /***************************************************************************/
 
 // #define TEST_InitClassesWithNewWrappedGlobal
 
 #ifdef TEST_InitClassesWithNewWrappedGlobal
 // XXX hacky test code...
 #include "xpctest.h"
 
--- a/layout/tools/reftest/reftest.js
+++ b/layout/tools/reftest/reftest.js
@@ -804,39 +804,37 @@ function ReadManifest(aURL, inherited_st
             if (items.length > 1 && !items[1].match(gProtocolRE)) {
                 items[1] = urlprefix + items[1];
             }
             if (items.length > 2 && !items[2].match(gProtocolRE)) {
                 items[2] = urlprefix + items[2];
             }
         }
 
-        var principal = secMan.getCodebasePrincipal(aURL);
-
         if (items[0] == "include") {
             if (items.length != 2 || runHttp)
                 throw "Error 2 in manifest file " + aURL.spec + " line " + lineNo;
             var incURI = gIOService.newURI(items[1], null, listURL);
-            secMan.checkLoadURIWithPrincipal(principal, incURI,
-                                             CI.nsIScriptSecurityManager.DISALLOW_SCRIPT);
+            secMan.checkLoadURI(aURL, incURI,
+                                CI.nsIScriptSecurityManager.DISALLOW_SCRIPT);
             ReadManifest(incURI, expected_status);
         } else if (items[0] == TYPE_LOAD) {
             if (items.length != 2 ||
                 (expected_status != EXPECTED_PASS &&
                  expected_status != EXPECTED_DEATH))
                 throw "Error 3 in manifest file " + aURL.spec + " line " + lineNo;
             var [testURI] = runHttp
-                            ? ServeFiles(principal, httpDepth,
+                            ? ServeFiles(aURL, httpDepth,
                                          listURL, [items[1]])
                             : [gIOService.newURI(items[1], null, listURL)];
             var prettyPath = runHttp
                            ? gIOService.newURI(items[1], null, listURL).spec
                            : testURI.spec;
-            secMan.checkLoadURIWithPrincipal(principal, testURI,
-                                             CI.nsIScriptSecurityManager.DISALLOW_SCRIPT);
+            secMan.checkLoadURI(aURL, testURI,
+                                CI.nsIScriptSecurityManager.DISALLOW_SCRIPT);
             gURLs.push( { type: TYPE_LOAD,
                           expected: expected_status,
                           allowSilentFail: allow_silent_fail,
                           prettyPath: prettyPath,
                           minAsserts: minAsserts,
                           maxAsserts: maxAsserts,
                           needsFocus: needs_focus,
                           slow: slow,
@@ -845,24 +843,24 @@ function ReadManifest(aURL, inherited_st
                           fuzzyMaxDelta: fuzzy_max_delta,
                           fuzzyMaxPixels: fuzzy_max_pixels,
                           url1: testURI,
                           url2: null } );
         } else if (items[0] == TYPE_SCRIPT) {
             if (items.length != 2)
                 throw "Error 4 in manifest file " + aURL.spec + " line " + lineNo;
             var [testURI] = runHttp
-                            ? ServeFiles(principal, httpDepth,
+                            ? ServeFiles(aURL, httpDepth,
                                          listURL, [items[1]])
                             : [gIOService.newURI(items[1], null, listURL)];
             var prettyPath = runHttp
                            ? gIOService.newURI(items[1], null, listURL).spec
                            : testURI.spec;
-            secMan.checkLoadURIWithPrincipal(principal, testURI,
-                                             CI.nsIScriptSecurityManager.DISALLOW_SCRIPT);
+            secMan.checkLoadURI(aURL, testURI,
+                                CI.nsIScriptSecurityManager.DISALLOW_SCRIPT);
             gURLs.push( { type: TYPE_SCRIPT,
                           expected: expected_status,
                           allowSilentFail: allow_silent_fail,
                           prettyPath: prettyPath,
                           minAsserts: minAsserts,
                           maxAsserts: maxAsserts,
                           needsFocus: needs_focus,
                           slow: slow,
@@ -871,27 +869,27 @@ function ReadManifest(aURL, inherited_st
                           fuzzyMaxDelta: fuzzy_max_delta,
                           fuzzyMaxPixels: fuzzy_max_pixels,
                           url1: testURI,
                           url2: null } );
         } else if (items[0] == TYPE_REFTEST_EQUAL || items[0] == TYPE_REFTEST_NOTEQUAL) {
             if (items.length != 3)
                 throw "Error 5 in manifest file " + aURL.spec + " line " + lineNo;
             var [testURI, refURI] = runHttp
-                                  ? ServeFiles(principal, httpDepth,
+                                  ? ServeFiles(aURL, httpDepth,
                                                listURL, [items[1], items[2]])
                                   : [gIOService.newURI(items[1], null, listURL),
                                      gIOService.newURI(items[2], null, listURL)];
             var prettyPath = runHttp
                            ? gIOService.newURI(items[1], null, listURL).spec
                            : testURI.spec;
-            secMan.checkLoadURIWithPrincipal(principal, testURI,
-                                             CI.nsIScriptSecurityManager.DISALLOW_SCRIPT);
-            secMan.checkLoadURIWithPrincipal(principal, refURI,
-                                             CI.nsIScriptSecurityManager.DISALLOW_SCRIPT);
+            secMan.checkLoadURI(aURL, testURI,
+                                CI.nsIScriptSecurityManager.DISALLOW_SCRIPT);
+            secMan.checkLoadURI(aURL, refURI,
+                                CI.nsIScriptSecurityManager.DISALLOW_SCRIPT);
             gURLs.push( { type: items[0],
                           expected: expected_status,
                           allowSilentFail: allow_silent_fail,
                           prettyPath: prettyPath,
                           minAsserts: minAsserts,
                           maxAsserts: maxAsserts,
                           needsFocus: needs_focus,
                           slow: slow,
@@ -933,17 +931,17 @@ function BuildUseCounts()
             }
             if (url.prefSettings2.length == 0) {
                 AddURIUseCount(gURLs[i].url2);
             }
         }
     }
 }
 
-function ServeFiles(manifestPrincipal, depth, aURL, files)
+function ServeFiles(manifestURL, depth, aURL, files)
 {
     var listURL = aURL.QueryInterface(CI.nsIFileURL);
     var directory = listURL.file.parent;
 
     // Allow serving a tree that's an ancestor of the directory containing
     // the files so that they can use resources in ../ (etc.).
     var dirPath = "/";
     while (depth > 0) {
@@ -965,18 +963,18 @@ function ServeFiles(manifestPrincipal, d
 
     function FileToURI(file)
     {
         // Only serve relative URIs via the HTTP server, not absolute
         // ones like about:blank.
         var testURI = gIOService.newURI(file, null, testbase);
 
         // XXX necessary?  manifestURL guaranteed to be file, others always HTTP
-        secMan.checkLoadURIWithPrincipal(manifestPrincipal, testURI,
-                                         CI.nsIScriptSecurityManager.DISALLOW_SCRIPT);
+        secMan.checkLoadURI(manifestURL, testURI,
+                            CI.nsIScriptSecurityManager.DISALLOW_SCRIPT);
 
         return testURI;
     }
 
     return files.map(FileToURI);
 }
 
 // Return true iff this window is focused when this function returns.
--- a/toolkit/components/social/FrameWorker.jsm
+++ b/toolkit/components/social/FrameWorker.jsm
@@ -238,17 +238,17 @@ function makeHiddenFrame() {
   let docShell = iframe.contentWindow.QueryInterface(Ci.nsIInterfaceRequestor).getInterface(Ci.nsIDocShell);
   docShell.allowAuth = false;
   docShell.allowPlugins = false;
   docShell.allowImages = false;
   docShell.allowWindowControl = false;
   // TODO: disable media (bug 759964)
   
   // Mark this docShell as a "browserFrame", to break script access to e.g. window.top
-  docShell.setIsBrowser();
+  docShell.isBrowserFrame = true;
 
   return iframe;
 }
 
 function WorkerHandle(port, worker) {
   this.port = port;
   this._worker = worker;
 }
--- a/toolkit/content/nsDragAndDrop.js
+++ b/toolkit/content/nsDragAndDrop.js
@@ -560,20 +560,21 @@ var nsDragAndDrop = {
       // sure the source document can load the dropped URI. We don't
       // so much care about creating the real URI here
       // (i.e. encoding differences etc don't matter), we just want
       // to know if aDraggedText really is a URI.
 
       aDraggedText = aDraggedText.replace(/^\s*|\s*$/g, '');
 
       var uri;
-      var ioService = Components.classes["@mozilla.org/network/io-service;1"]
-                                .getService(Components.interfaces.nsIIOService);
+
       try {
-        uri = ioService.newURI(aDraggedText, null, null);
+        uri = Components.classes["@mozilla.org/network/io-service;1"]
+                        .getService(Components.interfaces.nsIIOService)
+                        .newURI(aDraggedText, null, null);
       } catch (e) {
       }
 
       if (!uri)
         return;
 
       // aDraggedText is a URI, do the security check.
       const nsIScriptSecurityManager = Components.interfaces
@@ -582,22 +583,21 @@ var nsDragAndDrop = {
                              .getService(nsIScriptSecurityManager);
 
       if (!aDragSession)
         aDragSession = this.mDragService.getCurrentSession();
 
       var sourceDoc = aDragSession.sourceDocument;
       // Use "file:///" as the default sourceURI so that drops of file:// URIs
       // are always allowed.
-      var principal = sourceDoc ? sourceDoc.nodePrincipal
-                                : secMan.getCodebasePrincipal(ioService.newURI("file:///", null, null));
+      var sourceURI = sourceDoc ? sourceDoc.documentURI : "file:///";
 
       try {
-        secMan.checkLoadURIStrWithPrincipal(principal, aDraggedText,
-                                            nsIScriptSecurityManager.STANDARD);
+        secMan.checkLoadURIStr(sourceURI, aDraggedText,
+                               nsIScriptSecurityManager.STANDARD);
       } catch (e) {
         // Stop event propagation right here.
         aEvent.stopPropagation();
 
         throw "Drop of " + aDraggedText + " denied.";
       }
     }
 };
--- a/toolkit/identity/Sandbox.jsm
+++ b/toolkit/identity/Sandbox.jsm
@@ -88,17 +88,17 @@ Sandbox.prototype = {
     doc.documentElement.appendChild(frame);
 
     let docShell = frame.contentWindow.QueryInterface(Ci.nsIInterfaceRequestor)
                                       .getInterface(Ci.nsIWebNavigation)
                                       .QueryInterface(Ci.nsIInterfaceRequestor)
                                       .getInterface(Ci.nsIDocShell);
 
     // Mark this docShell as a "browserFrame", to break script access to e.g. window.top
-    docShell.setIsBrowser();
+    docShell.isBrowserFrame = true;
 
     // Stop about:blank from being loaded.
     docShell.stop(Ci.nsIWebNavigation.STOP_NETWORK);
 
     // Disable some types of content
     docShell.allowAuth = false;
     docShell.allowPlugins = false;
     docShell.allowImages = false;
--- a/xpfe/appshell/src/nsContentTreeOwner.cpp
+++ b/xpfe/appshell/src/nsContentTreeOwner.cpp
@@ -837,22 +837,22 @@ nsContentTreeOwner::ProvideWindow(nsIDOM
                                static_cast<nsIDocShellTreeOwner*>(this)),
                "Parent from wrong docshell tree?");
 #endif
 
   // If aParent is inside an <iframe mozbrowser> and this isn't a request to
   // open a modal-type window, we're going to create a new <iframe mozbrowser>
   // and return its window here.
   nsCOMPtr<nsIDocShell> docshell = do_GetInterface(aParent);
-  bool isInContentBoundary = false;
+  bool inBrowserFrame = false;
   if (docshell) {
-    docshell->GetIsBelowContentBoundary(&isInContentBoundary);
+    docshell->GetContainedInBrowserFrame(&inBrowserFrame);
   }
 
-  if (isInContentBoundary &&
+  if (inBrowserFrame &&
       !(aChromeFlags & (nsIWebBrowserChrome::CHROME_MODAL |
                         nsIWebBrowserChrome::CHROME_OPENAS_DIALOG |
                         nsIWebBrowserChrome::CHROME_OPENAS_CHROME))) {
     *aWindowIsNew =
       BrowserElementParent::OpenWindowInProcess(aParent, aURI, aName,
                                                 aFeatures, aReturn);
 
     // If OpenWindowInProcess failed (perhaps because the embedder blocked the