The noscript silliness with nsIPrincipal is just that -- silliness, imo. If we don't want script messing with the principal, we should make all the methods and properties noscript instead.

I made most stuff on nsIPrincipal noscript; the exceptions are equals() (which I think should be scriptable for sure) and the certificate stuff (which I think it makes sense to leave scriptable). I'm open to more things being noscript if desired, though.

Comment on attachment 211948 [details] [diff] [review] Fix If you're going to expose the cert stuff (which is fine) should we also expose the readonly URI for non-cert principals? But then it may be a domain principal, and domain is not readonly. I guess we don't want people to care what's inside a principal. sr=dveditz

I do think eventually we may want to expose a scriptable URI, but when we do I want to return a clone. Right now people can get the "readonly" URI and then modify the object; I don't think we want to support that from script. ;)

Comment on attachment 211948 [details] [diff] [review] Fix r=jst

Revs the nsIScriptSecurityManager IID too.

Except tree's closed, so I did not in fact check this in yet.

Fixed for real.