This page is not complete.

The CheckMayLoad() method is used to determine whether or not a principal can load a specified URI.

If the originating principal is a NullPrincipal, this test returns false, denying the load.

Otherwise, if the principal's codebase URI and the target URI are same origin per the rules specified in the article Same origin policy for JavaScript, the result is true.

If that test is false, then some fairly involved special-casing takes effect to handle the same origin policy for file: URIs.

In general, the load is allowed if both the origin and target are file: URIs, the target isn't a directory, and the target is either in a subdirectory of the origin (when the origin is a directory, which is rare for XBL) or is in a subdirectory of the origin's parent (when the origin is a file).

Document Tags and Contributors

Contributors to this page: Sheppy
Last updated by: Sheppy,