nsContentSecurityManager::IsURIPotentiallyTrustworthy is supposed to be implementing: https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy nsContentSecurityManager::IsURIPotentiallyTrustworthy operates on a URI though, whereas the spec algorithm works on an origin. Working on a URI means that IsURIPotentiallyTrustworthy does not handle blob: URIs correctly as defined here: https://url.spec.whatwg.org/#concept-url-origin

> Working on a URI means that IsURIPotentiallyTrustworthy does not > handle blob: URIs correctly Or more correctly, the code that calls it typically is not.

Comment on attachment 8745329 [details] [diff] [review] patch The IDL comments need to stop mentioning "URI", right? I guess this works because getCodebasePrincipal will actually extract the principal inside the blob: URI... OK. And I guess we can't add an assertion in nsContentSecurityManager::IsOriginPotentiallyTrustworthy that the scheme is never "blob" because someone could mess with a non-blob URI to give it that scheme. :( r=me