Rename GetNodePrincipal to NodePrincipal. Bug 327246, r+sr=sicking

2006-04-27 18:21:11 +00:00 · 2006-04-27 18:21:11 +00:00 · 0c3706888c
--- a/content/base/public/nsINode.h
+++ b/content/base/public/nsINode.h
@ -57,10 +57,10 @@ class nsIEventListenerManager;
 class nsIPrincipal;

 // IID for the nsINode interface
-// ec67d9d2-be1e-41d8-b7d0-92f72a2667db
+// f96eef82-43fc-4eee-9784-4259415e98a9
 #define NS_INODE_IID \
-{ 0x2ad78957, 0x52e8, 0x493a, \
-  { 0x8b, 0x5a, 0xe6, 0x91, 0xdc, 0xe3, 0x36, 0xe7 } }
+{ 0xf96eef82, 0x43fc, 0x4eee, \
+ { 0x97, 0x84, 0x42, 0x59, 0x41, 0x5e, 0x98, 0xa9 } }

 // hack to make egcs / gcc 2.95.2 happy
 class nsINode_base : public nsIDOMGCParticipant {
@ -238,12 +238,11 @@ public:
                              nsresult *aStatus = nsnull);
  
  /**
-   * Return the principal of this node.  This may return null; in that case the
-   * caller should assume that all same-origin checks against this node fail
-   * and that this node has no permissions to do anything.
+   * Return the principal of this node.  This is guaranteed to never be a null
+   * pointer.
   */
-  nsIPrincipal* GetNodePrincipal() const {
-    return mNodeInfo->NodeInfoManager()->GetDocumentPrincipal();
+  nsIPrincipal* NodePrincipal() const {
+    return mNodeInfo->NodeInfoManager()->DocumentPrincipal();
  }

  /**
--- a/content/base/public/nsINodeInfo.h
+++ b/content/base/public/nsINodeInfo.h
@ -68,10 +68,10 @@ class nsIURI;
 class nsIPrincipal;

 // IID for the nsINodeInfo interface
-// 37840f19-f65f-4185-baff-c475d9e2b3f2
+// 35e53115-b884-4cfc-aa95-bdf0aa5152cf
 #define NS_INODEINFO_IID      \
-{ 0x37840f19, 0xf65f, 0x4185, \
- { 0xba, 0xff, 0xc4, 0x75, 0xd9, 0xe2, 0xb3, 0xf2 } }
+{ 0x35e53115, 0xb884, 0x4cfc, \
+ { 0xaa, 0x95, 0xbd, 0xf0, 0xaa, 0x51, 0x52, 0xcf } }

 class nsINodeInfo : public nsISupports
 {
@ -286,11 +286,6 @@ public:
    return mOwnerManager->GetDocument();
  }

-  /*
-   * Retrieve a pointer to the principal for the document of this node info.
-   */
-  virtual nsIPrincipal *GetDocumentPrincipal() const = 0;
-
 protected:
  virtual PRBool
    QualifiedNameEqualsInternal(const nsACString& aQualifiedName) const = 0;
--- a/content/base/src/nsContentAreaDragDrop.cpp
+++ b/content/base/src/nsContentAreaDragDrop.cpp
@ -560,29 +560,28 @@ nsContentAreaDragDrop::DragDrop(nsIDOMEvent* inMouseEvent)
      if (url.IsEmpty() || url.FindChar(' ') >= 0)
        return NS_OK;

+      nsCOMPtr<nsIURI> uri;
+      NS_NewURI(getter_AddRefs(uri), url);
+      if (!uri) {
+        // Not actually a URI
+        return NS_OK;
+      }
+
      nsCOMPtr<nsIDOMDocument> sourceDocument;
      session->GetSourceDocument(getter_AddRefs(sourceDocument));

      nsCOMPtr<nsIDocument> sourceDoc(do_QueryInterface(sourceDocument));
-      if (sourceDoc && sourceDoc->GetNodePrincipal()) {
-        nsCOMPtr<nsIURI> sourceUri;
-        sourceDoc->GetNodePrincipal()->GetURI(getter_AddRefs(sourceUri));
+      if (sourceDoc) {
+        rv = nsContentUtils::GetSecurityManager()->
+          CheckLoadURIWithPrincipal(sourceDoc->NodePrincipal(), uri,
+                                    nsIScriptSecurityManager::STANDARD);

-        if (sourceUri) {
-          nsCAutoString sourceUriStr;
-          sourceUri->GetSpec(sourceUriStr);
+        if (NS_FAILED(rv)) {
+          // Security check failed, stop event propagation right here
+          // and return the error.
+          inMouseEvent->StopPropagation();

-          rv = nsContentUtils::GetSecurityManager()->
-            CheckLoadURIStr(sourceUriStr, NS_ConvertUTF16toUTF8(url),
-                            nsIScriptSecurityManager::STANDARD);
-
-          if (NS_FAILED(rv)) {
-            // Security check failed, stop even propagation right here
-            // and return the error.
-            inMouseEvent->StopPropagation();
-
-            return rv;
-          }
+          return rv;
        }
      }

--- a/content/base/src/nsContentSink.cpp
+++ b/content/base/src/nsContentSink.cpp
@ -332,15 +332,10 @@ nsContentSink::ProcessHeaderData(nsIAtom* aHeader, const nsAString& aValue,
    // We use the original codebase in case the codebase was changed
    // by SetDomain

-    nsIPrincipal *docPrincipal = mDocument->GetNodePrincipal();
-    if (!docPrincipal) {
-      return NS_ERROR_FAILURE;
-    }
-
    // Note that a non-codebase principal (eg the system principal) will return
    // a null URI.
    nsCOMPtr<nsIURI> codebaseURI;
-    rv = docPrincipal->GetURI(getter_AddRefs(codebaseURI));
+    rv = mDocument->NodePrincipal()->GetURI(getter_AddRefs(codebaseURI));
    NS_ENSURE_TRUE(codebaseURI, rv);

    nsCOMPtr<nsIPrompt> prompt;
--- a/content/base/src/nsContentUtils.cpp
+++ b/content/base/src/nsContentUtils.cpp
@ -705,11 +705,8 @@ nsContentUtils::CheckSameOrigin(nsIDOMNode *aTrustedNode,
  // Make sure these are both real nodes
  NS_ENSURE_TRUE(trustedNode && unTrustedNode, NS_ERROR_UNEXPECTED);

-  nsIPrincipal* trustedPrincipal = trustedNode->GetNodePrincipal();
-  nsIPrincipal* unTrustedPrincipal = unTrustedNode->GetNodePrincipal();
-
-  // Make sure we have both principals
-  NS_ENSURE_TRUE(trustedPrincipal && unTrustedPrincipal, NS_ERROR_UNEXPECTED);
+  nsIPrincipal* trustedPrincipal = trustedNode->NodePrincipal();
+  nsIPrincipal* unTrustedPrincipal = unTrustedNode->NodePrincipal();

  if (trustedPrincipal == unTrustedPrincipal) {
    return NS_OK;
@ -747,15 +744,8 @@ nsContentUtils::CanCallerAccess(nsIDOMNode *aNode)
  nsCOMPtr<nsINode> node = do_QueryInterface(aNode);
  NS_ENSURE_TRUE(node, PR_FALSE);

-  nsIPrincipal* principal = node->GetNodePrincipal();
-
-  if (!principal) {
-    // We can't get hold of the principal for this node. No access allowed.
-    return PR_FALSE;
-  }
-
-  nsresult rv = sSecurityManager->CheckSameOriginPrincipal(subjectPrincipal,
-                                                           principal);
+  nsresult rv = sSecurityManager->
+    CheckSameOriginPrincipal(subjectPrincipal, node->NodePrincipal());
  if (NS_SUCCEEDED(rv)) {
    return PR_TRUE;
  }
@ -2004,7 +1994,7 @@ nsContentUtils::CanLoadImage(nsIURI* aURI, nsISupports* aContext,
    // Editor apps get special treatment here, editors can load images
    // from anywhere.
    rv = sSecurityManager->
-      CheckLoadURIWithPrincipal(aLoadingDocument->GetNodePrincipal(), aURI,
+      CheckLoadURIWithPrincipal(aLoadingDocument->NodePrincipal(), aURI,
                                nsIScriptSecurityManager::ALLOW_CHROME);
    if (NS_FAILED(rv)) {
      if (aImageBlockingStatus) {
@ -2532,15 +2522,14 @@ nsContentUtils::GetFormControlElements(nsIDocument *aDocument)
 PRBool
 nsContentUtils::IsChromeDoc(nsIDocument *aDocument)
 {
-  nsIPrincipal *principal;
-  if (!aDocument || !(principal = aDocument->GetNodePrincipal())) {
+  if (!aDocument) {
    return PR_FALSE;
  }
-
+  
  nsCOMPtr<nsIPrincipal> systemPrincipal;
  sSecurityManager->GetSystemPrincipal(getter_AddRefs(systemPrincipal));

-  return principal == systemPrincipal;
+  return aDocument->NodePrincipal() == systemPrincipal;
 }

 void
--- a/content/base/src/nsDOMSerializer.cpp
+++ b/content/base/src/nsDOMSerializer.cpp
@ -142,37 +142,32 @@ CheckSameOrigin(nsIDOMNode *aRoot)
    return NS_ERROR_INVALID_POINTER;
  }

-  
-  nsIPrincipal *principal = node->GetNodePrincipal();
+  nsresult rv;
+  nsCOMPtr<nsIScriptSecurityManager> secMan = 
+    do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+  NS_ENSURE_SUCCESS(rv, rv);

-  if (principal) {
-    nsresult rv;
-    nsCOMPtr<nsIScriptSecurityManager> secMan = 
-      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-    NS_ENSURE_SUCCESS(rv, rv);
+  PRBool ubrEnabled = PR_FALSE;
+  rv = secMan->IsCapabilityEnabled("UniversalBrowserRead", &ubrEnabled);
+  NS_ENSURE_SUCCESS(rv, rv);

-    PRBool ubrEnabled = PR_FALSE;
-    rv = secMan->IsCapabilityEnabled("UniversalBrowserRead", &ubrEnabled);
-    NS_ENSURE_SUCCESS(rv, rv);
+  if (ubrEnabled) {
+    // UniversalBrowserRead is enabled (or we're not called from
+    // script), permit access.
+    return NS_OK;
+  }

-    if (ubrEnabled) {
-      // UniversalBrowserRead is enabled (or we're not called from
-      // script), permit access.
-      return NS_OK;
-    }
+  nsCOMPtr<nsIPrincipal> subject;
+  rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
+  NS_ENSURE_SUCCESS(rv, rv);

-    nsCOMPtr<nsIPrincipal> subject;
-    rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    // XXXbz can we happen to not have a subject principal here?
-    // nsScriptSecurityManager::IsCapabilityEnabled doesn't actually use
-    // GetSubjectPrincipal, so not sure...
-    // In any case, no subject principal means access is allowed.
-    if (subject) {
-      // Check if the caller is from the same origin that the root is from.
-      return secMan->CheckSameOriginPrincipal(subject, principal);
-    }
+  // XXXbz can we happen to not have a subject principal here?
+  // nsScriptSecurityManager::IsCapabilityEnabled doesn't actually use
+  // GetSubjectPrincipal, so not sure...
+  // In any case, no subject principal means access is allowed.
+  if (subject) {
+    // Check if the caller is from the same origin that the root is from.
+    return secMan->CheckSameOriginPrincipal(subject, node->NodePrincipal());
  }

  return NS_OK;
--- a/content/base/src/nsDocument.cpp
+++ b/content/base/src/nsDocument.cpp
@ -1246,7 +1246,7 @@ nsDocument::GetLastModified(nsAString& aLastModified)
 nsIPrincipal*
 nsDocument::GetPrincipal()
 {
-  return GetNodePrincipal();
+  return NodePrincipal();
 }

 void
@ -1286,13 +1286,8 @@ nsDocument::SetBaseURI(nsIURI* aURI)
  nsresult rv = NS_OK;

  if (aURI) {
-    nsIPrincipal* principal = GetNodePrincipal();
-    NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
-    
-    nsIScriptSecurityManager* securityManager =
-      nsContentUtils::GetSecurityManager();
-    rv = securityManager->
-      CheckLoadURIWithPrincipal(principal, aURI,
+    rv = nsContentUtils::GetSecurityManager()->
+      CheckLoadURIWithPrincipal(NodePrincipal(), aURI,
                                nsIScriptSecurityManager::STANDARD);
    if (NS_SUCCEEDED(rv)) {
      mDocumentBaseURI = aURI;
@ -2498,7 +2493,7 @@ nsDocument::GetImplementation(nsIDOMDOMImplementation** aImplementation)
  NS_NewURI(getter_AddRefs(uri), "about:blank");
  NS_ENSURE_TRUE(uri, NS_ERROR_OUT_OF_MEMORY);
  
-  *aImplementation = new nsDOMImplementation(uri, uri, GetNodePrincipal());
+  *aImplementation = new nsDOMImplementation(uri, uri, NodePrincipal());
  if (!*aImplementation) {
    return NS_ERROR_OUT_OF_MEMORY;
  }
@ -4462,9 +4457,6 @@ nsDocument::IsScriptEnabled()
  nsCOMPtr<nsIScriptSecurityManager> sm(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
  NS_ENSURE_TRUE(sm, PR_TRUE);

-  nsIPrincipal* principal = GetNodePrincipal();
-  NS_ENSURE_TRUE(principal, PR_TRUE);
-
  nsIScriptGlobalObject* globalObject = GetScriptGlobalObject();
  NS_ENSURE_TRUE(globalObject, PR_TRUE);

@ -4475,7 +4467,7 @@ nsDocument::IsScriptEnabled()
  NS_ENSURE_TRUE(cx, PR_TRUE);

  PRBool enabled;
-  nsresult rv = sm->CanExecuteScripts(cx, principal, &enabled);
+  nsresult rv = sm->CanExecuteScripts(cx, NodePrincipal(), &enabled);
  NS_ENSURE_SUCCESS(rv, PR_TRUE);
  return enabled;
 }
--- a/content/base/src/nsFrameLoader.cpp
+++ b/content/base/src/nsFrameLoader.cpp
@ -164,14 +164,10 @@ nsFrameLoader::LoadURI(nsIURI* aURI)
  nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();

  // Get our principal
-  nsIPrincipal* principal = mOwnerContent->GetNodePrincipal();
-  NS_ASSERTION(principal == doc->GetNodePrincipal(),
+  nsIPrincipal* principal = mOwnerContent->NodePrincipal();
+  NS_ASSERTION(principal == doc->NodePrincipal(),
               "Principal mismatch.  Should not happen");

-  if (!principal) {
-    return NS_ERROR_FAILURE;
-  }
-  
  // Check if we are allowed to load absURL
  rv = secMan->CheckLoadURIWithPrincipal(principal, aURI,
                                         nsIScriptSecurityManager::STANDARD);
--- a/content/base/src/nsGenericElement.cpp
+++ b/content/base/src/nsGenericElement.cpp
@ -2115,7 +2115,7 @@ nsGenericElement::GetBaseURI() const
  if (NS_SUCCEEDED(rv)) {
    // do a security check, almost the same as nsDocument::SetBaseURL()
    rv = nsContentUtils::GetSecurityManager()->
-      CheckLoadURIWithPrincipal(GetNodePrincipal(), ourBase,
+      CheckLoadURIWithPrincipal(NodePrincipal(), ourBase,
                                nsIScriptSecurityManager::STANDARD);
  }

@ -3168,11 +3168,6 @@ nsGenericElement::TriggerLink(nsPresContext* aPresContext,
  nsILinkHandler *handler = aPresContext->GetLinkHandler();
  if (!handler) return NS_OK;

-  nsIPrincipal* principal = GetNodePrincipal();
-  if (!principal) {
-    return NS_OK;
-  }
-
  if (aClick) {
    nsresult proceed = NS_OK;
    // Check that this page is allowed to load this URI.
@ -3183,7 +3178,8 @@ nsGenericElement::TriggerLink(nsPresContext* aPresContext,
                      (PRUint32) nsIScriptSecurityManager::STANDARD :
                      (PRUint32) nsIScriptSecurityManager::DISALLOW_FROM_MAIL;
      proceed =
-        securityManager->CheckLoadURIWithPrincipal(principal, aLinkURI, flag);
+        securityManager->CheckLoadURIWithPrincipal(NodePrincipal(), aLinkURI,
+                                                   flag);
    }

    // Only pass off the click event if the script security manager
--- a/content/base/src/nsNodeInfo.h
+++ b/content/base/src/nsNodeInfo.h
@ -69,11 +69,6 @@ public:
  virtual PRBool
    QualifiedNameEqualsInternal(const nsACString& aQualifiedName) const;

-  nsIPrincipal *GetDocumentPrincipal() const
-  {
-    return mOwnerManager->GetDocumentPrincipal();
-  }
-
  // nsNodeInfo
  // Create objects with Create
 public:
--- a/content/base/src/nsNodeInfoManager.cpp
+++ b/content/base/src/nsNodeInfoManager.cpp
@ -313,6 +313,9 @@ nsNodeInfoManager::SetDocumentPrincipal(nsIPrincipal *aPrincipal)
  if (!aPrincipal) {
    aPrincipal = mDefaultPrincipal;
  }
+
+  NS_ASSERTION(aPrincipal, "Must have principal by this point!");
+  
  NS_ADDREF(mPrincipal = aPrincipal);
 }

--- a/content/base/src/nsNodeInfoManager.h
+++ b/content/base/src/nsNodeInfoManager.h
@ -116,7 +116,8 @@ public:
  /**
   * Gets the principal of the document this nodeinfo manager belongs to.
   */
-  nsIPrincipal *GetDocumentPrincipal() const {
+  nsIPrincipal *DocumentPrincipal() const {
+    NS_ASSERTION(mPrincipal, "How'd that happen?");
    return mPrincipal;
  }

@ -151,7 +152,7 @@ private:
  PLHashTable *mNodeInfoHash;
  nsIDocument *mDocument; // WEAK
  nsIPrincipal *mPrincipal; // STRONG, but not nsCOMPtr to avoid include hell
-                            // while inlining of GetPrincipal().  Never null
+                            // while inlining DocumentPrincipal().  Never null
                            // after Init() succeeds.
  nsCOMPtr<nsIPrincipal> mDefaultPrincipal; // Never null after Init() succeeds
  nsINodeInfo *mTextNodeInfo; // WEAK to avoid circular ownership
--- a/content/base/src/nsObjectLoadingContent.cpp
+++ b/content/base/src/nsObjectLoadingContent.cpp
@ -825,8 +825,7 @@ nsObjectLoadingContent::LoadObject(nsIURI* aURI,
    nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
    NS_ASSERTION(secMan, "No security manager!?");
    nsresult rv =
-      secMan->CheckLoadURIWithPrincipal(thisContent->GetNodePrincipal(),
-                                        aURI, 0);
+      secMan->CheckLoadURIWithPrincipal(thisContent->NodePrincipal(), aURI, 0);
    if (NS_FAILED(rv)) {
      Fallback(PR_FALSE);
      return NS_OK;
--- a/content/base/src/nsScriptLoader.cpp
+++ b/content/base/src/nsScriptLoader.cpp
@ -512,10 +512,8 @@ nsScriptLoader::DoProcessScriptElement(nsIScriptElement *aElement,
  nsCOMPtr<nsIURI> scriptURI = aElement->GetScriptURI();
  if (scriptURI) {
    // Check that the containing page is allowed to load this URI.
-    nsIPrincipal *docPrincipal = mDocument->GetNodePrincipal();
-    NS_ENSURE_TRUE(docPrincipal, NS_ERROR_UNEXPECTED);
    rv = nsContentUtils::GetSecurityManager()->
-      CheckLoadURIWithPrincipal(docPrincipal, scriptURI,
+      CheckLoadURIWithPrincipal(mDocument->NodePrincipal(), scriptURI,
                                nsIScriptSecurityManager::ALLOW_CHROME);

    NS_ENSURE_SUCCESS(rv, rv);
@ -727,11 +725,6 @@ nsScriptLoader::EvaluateScript(nsScriptLoadRequest* aRequest,
    return NS_ERROR_FAILURE;
  }

-  nsIPrincipal *principal = mDocument->GetNodePrincipal();
-  // We can survive without a principal, but we really should
-  // have one.
-  NS_ASSERTION(principal, "principal required for document");
-
  nsCAutoString url;

  if (aRequest->mURI) {
@ -760,8 +753,9 @@ nsScriptLoader::EvaluateScript(nsScriptLoadRequest* aRequest,

  PRBool isUndefined;
  context->EvaluateString(aScript, globalObject->GetGlobalJSObject(),
-                          principal, url.get(), aRequest->mLineNo,
-                          aRequest->mJSVersion, nsnull, &isUndefined);
+                          mDocument->NodePrincipal(), url.get(),
+                          aRequest->mLineNo, aRequest->mJSVersion, nsnull,
+                          &isUndefined);

  // Put the old script back in case it wants to do anything else.
  mCurrentScript = oldCurrent;
@ -1000,18 +994,10 @@ nsScriptLoader::OnStreamComplete(nsIStreamLoader* aLoader,
      nsCOMPtr<nsIPrincipal> principal = do_QueryInterface(owner);

      if (principal) {
-        nsIPrincipal *docPrincipal = mDocument->GetNodePrincipal();
-        if (docPrincipal) {
-          nsCOMPtr<nsIPrincipal> newPrincipal =
-              MaybeDowngradeToCodebase(docPrincipal, principal);
+        nsCOMPtr<nsIPrincipal> newPrincipal =
+          MaybeDowngradeToCodebase(mDocument->NodePrincipal(), principal);

-          mDocument->SetPrincipal(newPrincipal);
-        } else {
-          mPendingRequests.RemoveObject(request);
-          FireScriptAvailable(rv, request, EmptyString());
-          ProcessPendingReqests();
-          return NS_OK;
-        }
+        mDocument->SetPrincipal(newPrincipal);
      }
    }
  }
--- a/content/base/src/nsXMLHttpRequest.cpp
+++ b/content/base/src/nsXMLHttpRequest.cpp
@ -1244,7 +1244,7 @@ nsXMLHttpRequest::OnStartRequest(nsIRequest *request, nsISupports *ctxt)
    nsIURI* uri = GetBaseURI();
    nsIPrincipal* principal = nsnull;
    if (doc) {
-      principal = doc->GetNodePrincipal();
+      principal = doc->NodePrincipal();
    }
    privImpl->Init(uri, uri, principal);
  }
--- a/content/canvas/src/nsCanvasRenderingContext2D.cpp
+++ b/content/canvas/src/nsCanvasRenderingContext2D.cpp
@ -581,12 +581,11 @@ nsCanvasRenderingContext2D::DoDrawImageSecurityCheck(nsIURI* aURI, PRBool forceW
    nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
    nsCOMPtr<nsINode> elem = do_QueryInterface(mCanvasElement);
    if (elem && ssm) {
-        nsIPrincipal* elemPrincipal = elem->GetNodePrincipal();
        nsCOMPtr<nsIPrincipal> uriPrincipal;
        ssm->GetCodebasePrincipal(aURI, getter_AddRefs(uriPrincipal));
-        if (uriPrincipal && elemPrincipal) {
-            nsresult rv =
-                ssm->CheckSameOriginPrincipal(elemPrincipal, uriPrincipal);
+        if (uriPrincipal) {
+            nsresult rv = ssm->CheckSameOriginPrincipal(elem->NodePrincipal(),
+                                                        uriPrincipal);
            if (NS_SUCCEEDED(rv)) {
                // Same origin
                return;
--- a/content/html/content/src/nsHTMLFormElement.cpp
+++ b/content/html/content/src/nsHTMLFormElement.cpp
@ -1400,7 +1400,7 @@ nsHTMLFormElement::GetActionURL(nsIURI** aActionURL)
  nsIScriptSecurityManager *securityManager =
      nsContentUtils::GetSecurityManager();
  rv = securityManager->
-    CheckLoadURIWithPrincipal(GetNodePrincipal(), actionURL,
+    CheckLoadURIWithPrincipal(NodePrincipal(), actionURL,
                              nsIScriptSecurityManager::STANDARD);
  NS_ENSURE_SUCCESS(rv, rv);

--- a/content/html/document/src/nsHTMLContentSink.cpp
+++ b/content/html/document/src/nsHTMLContentSink.cpp
@ -1996,9 +1996,6 @@ IsScriptEnabled(nsIDocument *aDoc, nsIDocShell *aContainer)
 {
  NS_ENSURE_TRUE(aDoc && aContainer, PR_TRUE);

-  nsIPrincipal *principal = aDoc->GetNodePrincipal();
-  NS_ENSURE_TRUE(principal, PR_TRUE);
-
  nsCOMPtr<nsIScriptGlobalObject> globalObject = aDoc->GetScriptGlobalObject();

  // Getting context is tricky if the document hasn't had it's
@ -2018,8 +2015,8 @@ IsScriptEnabled(nsIDocument *aDoc, nsIDocShell *aContainer)
  NS_ENSURE_TRUE(cx, PR_TRUE);

  PRBool enabled = PR_TRUE;
-  nsContentUtils::GetSecurityManager()->CanExecuteScripts(cx, principal,
-                                                          &enabled);
+  nsContentUtils::GetSecurityManager()->
+    CanExecuteScripts(cx, aDoc->NodePrincipal(), &enabled);
  return enabled;
 }

@ -3612,7 +3609,7 @@ HTMLContentSink::ProcessBASEElement(nsGenericHTMLElement* aElement)
        nsContentUtils::GetSecurityManager();

      rv = securityManager->
-        CheckLoadURIWithPrincipal(mDocument->GetNodePrincipal(), baseHrefURI,
+        CheckLoadURIWithPrincipal(mDocument->NodePrincipal(), baseHrefURI,
                                  nsIScriptSecurityManager::STANDARD);
      if (NS_SUCCEEDED(rv)) {
        mBaseHref = baseHrefURI;
--- a/content/html/document/src/nsHTMLDocument.cpp
+++ b/content/html/document/src/nsHTMLDocument.cpp
@ -1547,11 +1547,7 @@ nsHTMLDocument::GetReferrer(nsAString& aReferrer)
 void
 nsHTMLDocument::GetDomainURI(nsIURI **aURI)
 {
-  *aURI = nsnull;
-
-  nsIPrincipal *principal = GetNodePrincipal();
-  if (!principal)
-    return;
+  nsIPrincipal *principal = NodePrincipal();

  principal->GetDomain(aURI);
  if (!*aURI) {
@ -1632,15 +1628,11 @@ nsHTMLDocument::SetDomain(const nsAString& aDomain)
  if (NS_FAILED(NS_NewURI(getter_AddRefs(newURI), newURIString)))
    return NS_ERROR_FAILURE;

-  nsresult rv = NS_ERROR_NOT_AVAILABLE;
-  nsIPrincipal* principal = GetNodePrincipal();
-  if (principal) {
-    rv = principal->SetDomain(newURI);
+  nsresult rv = NodePrincipal()->SetDomain(newURI);

-    // Bug 13871: Frameset spoofing - note that document.domain was set
-    if (NS_SUCCEEDED(rv)) {
-      mDomainWasSet = PR_TRUE;
-    }
+  // Bug 13871: Frameset spoofing - note that document.domain was set
+  if (NS_SUCCEEDED(rv)) {
+    mDomainWasSet = PR_TRUE;
  }

  return rv;
@ -1862,10 +1854,7 @@ nsHTMLDocument::GetCookie(nsAString& aCookie)
    // Get a URI from the document principal. We use the original
    // codebase in case the codebase was changed by SetDomain
    nsCOMPtr<nsIURI> codebaseURI;
-    nsIPrincipal* principal = GetNodePrincipal();
-    if (principal) {
-      principal->GetURI(getter_AddRefs(codebaseURI));
-    }
+    NodePrincipal()->GetURI(getter_AddRefs(codebaseURI));

    if (!codebaseURI) {
      // Document's principal is not a codebase (may be system), so
@ -1895,10 +1884,7 @@ nsHTMLDocument::SetCookie(const nsAString& aCookie)
    }

    nsCOMPtr<nsIURI> codebaseURI;
-    nsIPrincipal* principal = GetNodePrincipal();
-    if (principal) {
-      principal->GetURI(getter_AddRefs(codebaseURI));
-    }
+    NodePrincipal()->GetURI(getter_AddRefs(codebaseURI));

    if (!codebaseURI) {
      // Document's principal is not a codebase (may be system), so
@ -3660,17 +3646,12 @@ nsHTMLDocument::SetDesignMode(const nsAString & aDesignMode)
    return NS_ERROR_FAILURE;

  nsresult rv = NS_OK;
-  // test if the above works if document.domain is set for Midas document
-  // (www.netscape.com --> netscape.com)
-  nsIPrincipal *principal = GetNodePrincipal();
-  if (!principal)
-    return NS_ERROR_FAILURE;
  nsCOMPtr<nsIPrincipal> subject;
  nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
  rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
  NS_ENSURE_SUCCESS(rv, rv);
  if (subject) {
-     rv = secMan->CheckSameOriginPrincipal(subject, principal);
+     rv = secMan->CheckSameOriginPrincipal(subject, NodePrincipal());
     NS_ENSURE_SUCCESS(rv, rv);
  }

--- a/content/html/document/src/nsHTMLFragmentContentSink.cpp
+++ b/content/html/document/src/nsHTMLFragmentContentSink.cpp
@ -312,11 +312,11 @@ nsHTMLFragmentContentSink::ProcessBaseTag(nsIContent* aContent)
    nsIScriptSecurityManager *securityManager =
      nsContentUtils::GetSecurityManager();

-    NS_ASSERTION(aContent->GetNodePrincipal() == mTargetDocument->GetNodePrincipal(),
+    NS_ASSERTION(aContent->NodePrincipal() == mTargetDocument->NodePrincipal(),
                 "How'd that happpen?");
    
    rv = securityManager->
-      CheckLoadURIWithPrincipal(mTargetDocument->GetNodePrincipal(), baseHrefURI,
+      CheckLoadURIWithPrincipal(mTargetDocument->NodePrincipal(), baseHrefURI,
                                nsIScriptSecurityManager::STANDARD);
    if (NS_SUCCEEDED(rv)) {
      mBaseHref = baseHrefURI;
--- a/content/xbl/src/nsXBLBinding.cpp
+++ b/content/xbl/src/nsXBLBinding.cpp
@ -1220,13 +1220,9 @@ nsXBLBinding::AllowScripts()

  nsCOMPtr<nsIDocument> ourDocument;
  mPrototypeBinding->XBLDocumentInfo()->GetDocument(getter_AddRefs(ourDocument));
-  nsIPrincipal* principal = ourDocument->GetNodePrincipal();
-  if (!principal) {
-    return PR_FALSE;
-  }
-
  PRBool canExecute;
-  nsresult rv = mgr->CanExecuteScripts(cx, principal, &canExecute);
+  nsresult rv =
+    mgr->CanExecuteScripts(cx, ourDocument->NodePrincipal(), &canExecute);
  return NS_SUCCEEDED(rv) && canExecute;
 }

--- a/content/xbl/src/nsXBLContentSink.cpp
+++ b/content/xbl/src/nsXBLContentSink.cpp
@ -725,20 +725,17 @@ nsXBLContentSink::ConstructImplementation(const PRUnichar **aAtts)
      // our XBL document has UniversalXPConnect privileges.  No principal
      // means no privs!
      
-      nsIPrincipal* principal = mDocument->GetNodePrincipal();
-      if (principal) {
-        // XXX this api is so badly tied to JS it's not even funny.  We don't
-        // have a concept of enabling capabilities on a per-principal basis,
-        // but only on a per-principal-and-JS-stackframe basis!  So for now
-        // this is basically equivalent to testing that we have the system
-        // principal, since there is no JS stackframe in sight here...
-        PRBool hasUniversalXPConnect;
-        nsresult rv = principal->IsCapabilityEnabled("UniversalXPConnect",
-                                                     nsnull,
-                                                     &hasUniversalXPConnect);
-        if (NS_SUCCEEDED(rv) && hasUniversalXPConnect) {
-          mBinding->ConstructInterfaceTable(nsDependentString(aAtts[1]));
-        }
+      // XXX this api is so badly tied to JS it's not even funny.  We don't
+      // have a concept of enabling capabilities on a per-principal basis,
+      // but only on a per-principal-and-JS-stackframe basis!  So for now
+      // this is basically equivalent to testing that we have the system
+      // principal, since there is no JS stackframe in sight here...
+      PRBool hasUniversalXPConnect;
+      nsresult rv = mDocument->NodePrincipal()->
+        IsCapabilityEnabled("UniversalXPConnect", nsnull,
+                            &hasUniversalXPConnect);
+      if (NS_SUCCEEDED(rv) && hasUniversalXPConnect) {
+        mBinding->ConstructInterfaceTable(nsDependentString(aAtts[1]));
      }
    }
  }
--- a/content/xbl/src/nsXBLDocumentInfo.cpp
+++ b/content/xbl/src/nsXBLDocumentInfo.cpp
@ -343,7 +343,7 @@ nsXBLDocGlobalObject::GetPrincipal()
  rv = docInfo->GetDocument(getter_AddRefs(document));
  NS_ENSURE_SUCCESS(rv, nsnull);

-  return document->GetNodePrincipal();
+  return document->NodePrincipal();
 }

 static PRBool IsChromeURI(nsIURI* aURI)
--- a/content/xbl/src/nsXBLService.cpp
+++ b/content/xbl/src/nsXBLService.cpp
@ -543,10 +543,8 @@ nsXBLService::LoadBindings(nsIContent* aContent, nsIURI* aURL, PRBool aAugmentFl

  // Not everything with a chrome URI has a system principal.  See bug 160042.
  if (NS_FAILED(rv) || !isChrome) {
-    nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
-
-    rv = secMan->
-      CheckLoadURIWithPrincipal(document->GetNodePrincipal(), aURL,
+    rv = nsContentUtils::GetSecurityManager()->
+      CheckLoadURIWithPrincipal(document->NodePrincipal(), aURL,
                                nsIScriptSecurityManager::ALLOW_CHROME);
    if (NS_FAILED(rv))
      return rv;
--- a/content/xml/document/src/nsXMLContentSink.cpp
+++ b/content/xml/document/src/nsXMLContentSink.cpp
@ -600,7 +600,7 @@ nsXMLContentSink::LoadXSLStyleSheet(nsIURI* aUrl)
  }

  return mXSLTProcessor->LoadStyleSheet(aUrl, loadGroup,
-                                        mDocument->GetNodePrincipal());
+                                        mDocument->NodePrincipal());
 }

 nsresult
@ -639,7 +639,7 @@ nsXMLContentSink::ProcessStyleLink(nsIContent* aElement,
    // Do security check
    nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
    rv = secMan->
-      CheckLoadURIWithPrincipal(mDocument->GetNodePrincipal(), url,
+      CheckLoadURIWithPrincipal(mDocument->NodePrincipal(), url,
                                nsIScriptSecurityManager::ALLOW_CHROME);
    NS_ENSURE_SUCCESS(rv, NS_OK);

--- a/content/xml/document/src/nsXMLDocument.cpp
+++ b/content/xml/document/src/nsXMLDocument.cpp
@ -427,7 +427,7 @@ nsXMLDocument::Load(const nsAString& aUrl, PRBool *aReturn)
  // remain. This should be done before the security check is done to
  // ensure that the document is reset even if the new document can't
  // be loaded.
-  nsCOMPtr<nsIPrincipal> principal = GetNodePrincipal();
+  nsCOMPtr<nsIPrincipal> principal = NodePrincipal();
  nsCOMPtr<nsIEventListenerManager> elm(mListenerManager);

  ResetToURI(uri, nsnull);
@ -706,7 +706,7 @@ nsXMLDocument::CloneNode(PRBool aDeep, nsIDOMNode** aReturn)
  // Create an empty document
  rv = NS_NewDOMDocument(getter_AddRefs(newDoc), EmptyString(), EmptyString(),
                         newDocType, nsIDocument::GetDocumentURI(),
-                         nsIDocument::GetBaseURI(), GetNodePrincipal());
+                         nsIDocument::GetBaseURI(), NodePrincipal());
  if (NS_FAILED(rv)) return rv;

  if (aDeep) {
--- a/content/xslt/src/base/txURIUtils.cpp
+++ b/content/xslt/src/base/txURIUtils.cpp
@ -221,10 +221,7 @@ URIUtils::ResetWithSource(nsIDocument *aNewDoc, nsIDOMNode *aSourceNode)
        return;
    }

-    nsIPrincipal* sourcePrincipal = sourceDoc->GetNodePrincipal();
-    if (!sourcePrincipal) {
-        return;
-    }
+    nsIPrincipal* sourcePrincipal = sourceDoc->NodePrincipal();

    // Copy the channel and loadgroup from the source document.
    nsCOMPtr<nsILoadGroup> loadGroup = sourceDoc->GetDocumentLoadGroup();
--- a/content/xslt/src/xslt/txMozillaTextOutput.cpp
+++ b/content/xslt/src/xslt/txMozillaTextOutput.cpp
@ -174,10 +174,7 @@ void txMozillaTextOutput::createResultDocument(nsIDOMDocument* aSourceDocument,

    // Reset and set up document
    nsCOMPtr<nsIDocument> sourceDoc = do_QueryInterface(aSourceDocument);
-    nsIPrincipal* sourcePrincipal = sourceDoc->GetNodePrincipal();
-    if (!sourcePrincipal) {
-        return;
-    }
+    nsIPrincipal* sourcePrincipal = sourceDoc->NodePrincipal();

    nsCOMPtr<nsILoadGroup> loadGroup = sourceDoc->GetDocumentLoadGroup();
    nsCOMPtr<nsIChannel> channel = sourceDoc->GetChannel();
--- a/content/xul/content/src/nsXULElement.cpp
+++ b/content/xul/content/src/nsXULElement.cpp
@ -3080,12 +3080,6 @@ nsXULPrototypeScript::Compile(const PRUnichar* aText,
            return NS_ERROR_UNEXPECTED;
    }

-    // Use the enclosing document's principal
-    // XXX is this right? or should we use the protodoc's?
-    nsIPrincipal *principal = aDocument->GetNodePrincipal();
-    if (!principal)
-        return NS_ERROR_FAILURE;
-
    nsCAutoString urlspec;
    aURI->GetSpec(urlspec);

@ -3110,7 +3104,10 @@ nsXULPrototypeScript::Compile(const PRUnichar* aText,
    rv = context->CompileScript(aText,
                                aTextLength,
                                nsnull,
-                                principal,
+                                // Use the enclosing document's principal
+                                // XXX is this right? or should we use the
+                                // protodoc's?
+                                aDocument->NodePrincipal(),
                                urlspec.get(),
                                aLineNo,
                                mLangVersion,
--- a/content/xul/content/src/nsXULPopupListener.cpp
+++ b/content/xul/content/src/nsXULPopupListener.cpp
@ -240,14 +240,10 @@ XULPopupListenerImpl::PreLaunchPopup(nsIDOMEvent* aMouseEvent)
      // contextmenus.
      nsCOMPtr<nsINode> node = do_QueryInterface(targetNode);
      if (node) {
-        nsIPrincipal* prin = node->GetNodePrincipal();
-
-        nsIScriptSecurityManager *securityManager =
-            nsContentUtils::GetSecurityManager();
-
        nsCOMPtr<nsIPrincipal> system;
-        securityManager->GetSystemPrincipal(getter_AddRefs(system));
-        if (prin != system) {
+        nsContentUtils::GetSecurityManager()->
+          GetSystemPrincipal(getter_AddRefs(system));
+        if (node->NodePrincipal() != system) {
          // This isn't chrome.  Cancel the preventDefault() and
          // let the event go forth.
          preventDefault = PR_FALSE;
--- a/content/xul/document/src/nsXULContentSink.cpp
+++ b/content/xul/document/src/nsXULContentSink.cpp
@ -1259,7 +1259,7 @@ XULContentSinkImpl::OpenScript(const PRUnichar** aAttributes,

                  if (NS_SUCCEEDED(rv)) {
                      rv = mSecMan->
-                          CheckLoadURIWithPrincipal(doc->GetNodePrincipal(),
+                          CheckLoadURIWithPrincipal(doc->NodePrincipal(),
                                                    script->mSrcURI,
                                                    nsIScriptSecurityManager::ALLOW_CHROME);
                  }
--- a/content/xul/templates/src/nsXULTemplateBuilder.cpp
+++ b/content/xul/templates/src/nsXULTemplateBuilder.cpp
@ -972,11 +972,9 @@ nsXULTemplateBuilder::LoadDataSources(nsIDocument* doc)
        mCompDB->SetAllowNegativeAssertions(PR_FALSE);

    // Grab the doc's principal...
-    nsIPrincipal *docPrincipal = doc->GetNodePrincipal();
-    if (!docPrincipal)
-        return NS_ERROR_FAILURE;
+    nsIPrincipal *docPrincipal = doc->NodePrincipal();

-    NS_ASSERTION(docPrincipal == mRoot->GetNodePrincipal(),
+    NS_ASSERTION(docPrincipal == mRoot->NodePrincipal(),
                 "Principal mismatch?  Which one to use?");

    PRBool isTrusted = PR_FALSE;
--- a/content/xul/templates/src/nsXULTreeBuilder.cpp
+++ b/content/xul/templates/src/nsXULTreeBuilder.cpp
@ -808,13 +808,9 @@ nsXULTreeBuilder::SetTree(nsITreeBoxObject* aTree)
    if (! mBoxObject)
        return NS_OK;

-    // Get our root's principal
-    nsIPrincipal* rootPrincipal = mRoot->GetNodePrincipal();
-    if (!rootPrincipal)
-        return NS_ERROR_FAILURE;
-
+    // Is our root's principal trusted?
    PRBool isTrusted = PR_FALSE;
-    nsresult rv = IsSystemPrincipal(rootPrincipal, &isTrusted);
+    nsresult rv = IsSystemPrincipal(mRoot->NodePrincipal(), &isTrusted);
    if (NS_SUCCEEDED(rv) && isTrusted) {
        // Get the datasource we intend to use to remember open state.
        nsAutoString datasourceStr;
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@ -1087,11 +1087,9 @@ nsDocShell::ValidateOrigin(nsIDocShellTreeItem* aOriginTreeItem,
    nsCOMPtr<nsIDocument> targetDocument(do_QueryInterface(targetDOMDocument));
    NS_ENSURE_TRUE(targetDocument, PR_TRUE);

-    nsIPrincipal *targetPrincipal = targetDocument->GetNodePrincipal();
-    NS_ENSURE_TRUE(targetPrincipal, PR_TRUE);
-
    nsCOMPtr<nsIURI> targetPrincipalURI;
-    rv = targetPrincipal->GetURI(getter_AddRefs(targetPrincipalURI));
+    rv = targetDocument->
+        NodePrincipal()->GetURI(getter_AddRefs(targetPrincipalURI));
    NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && targetPrincipalURI, PR_TRUE);

    // Find out if document.domain was set for HTML documents
@ -6648,7 +6646,7 @@ nsDocShell::GetCurrentDocumentOwner(nsISupports ** aOwner)

    //-- Get the document's principal
    if (document) {
-        *aOwner = document->GetNodePrincipal();
+        *aOwner = document->NodePrincipal();
    }

    NS_IF_ADDREF(*aOwner);
--- a/dom/src/base/nsGlobalWindow.cpp
+++ b/dom/src/base/nsGlobalWindow.cpp
@ -487,7 +487,7 @@ nsGlobalWindow::FreeInnerObjects(JSContext *cx)
    NS_ASSERTION(mDoc, "Why is mDoc null?");

    // Remember the document's principal.
-    mDocumentPrincipal = mDoc->GetNodePrincipal();
+    mDocumentPrincipal = mDoc->NodePrincipal();
  }

  // Remove our reference to the document and the document principal.
@ -602,12 +602,6 @@ nsGlobalWindow::WouldReuseInnerWindow(nsIDocument *aNewDocument)
    return PR_FALSE;
  }

-  nsIPrincipal* newPrincipal = aNewDocument->GetNodePrincipal();
-  if (!newPrincipal) {
-    // This really should not be happening.... play it safe.
-    return PR_FALSE;
-  }
-    
  PRBool isAbout;
  if (NS_FAILED(curURI->SchemeIs("about", &isAbout)) || !isAbout) {
    return PR_FALSE;
@ -629,7 +623,7 @@ nsGlobalWindow::WouldReuseInnerWindow(nsIDocument *aNewDocument)
  if (mOpenerScriptPrincipal && nsContentUtils::GetSecurityManager() &&
      NS_SUCCEEDED(nsContentUtils::GetSecurityManager()->
        CheckSameOriginPrincipal(mOpenerScriptPrincipal,
-                                 newPrincipal))) {
+                                 aNewDocument->NodePrincipal()))) {
    // The origin is the same.
    return PR_TRUE;
  }
@ -940,20 +934,15 @@ nsGlobalWindow::SetNewDocument(nsIDocument* aDocument,
  nsIPrincipal *oldPrincipal = nsnull;

  if (oldDoc) {
-    oldPrincipal = oldDoc->GetNodePrincipal();
+    oldPrincipal = oldDoc->NodePrincipal();
  }

  // Drop our reference to the navigator object unless we're reusing
  // the existing inner window or the new document is from the same
  // origin as the old document.
  if (!reUseInnerWindow && mNavigator && oldPrincipal) {
-    nsIPrincipal *newPrincipal = aDocument->GetNodePrincipal();
-    rv = NS_ERROR_FAILURE;
-
-    if (newPrincipal) {
-      rv = nsContentUtils::GetSecurityManager()->
-             CheckSameOriginPrincipal(oldPrincipal, newPrincipal);
-    }
+    rv = nsContentUtils::GetSecurityManager()->
+      CheckSameOriginPrincipal(oldPrincipal, aDocument->NodePrincipal());

    if (NS_FAILED(rv)) {
      // Different origins.  Release the navigator object so it gets
@ -1333,7 +1322,7 @@ nsGlobalWindow::SetDocShell(nsIDocShell* aDocShell)
      NS_ASSERTION(mDoc, "Must have doc!");
      
      // Remember the document's principal.
-      mDocumentPrincipal = mDoc->GetNodePrincipal();
+      mDocumentPrincipal = mDoc->NodePrincipal();

      // Release our document reference
      mDocument = nsnull;
@ -1685,7 +1674,7 @@ nsGlobalWindow::GetPrincipal()
 {
  if (mDoc) {
    // If we have a document, get the principal from the document
-    return mDoc->GetNodePrincipal();
+    return mDoc->NodePrincipal();
  }

  if (mDocumentPrincipal) {
--- a/embedding/components/find/src/nsWebBrowserFind.cpp
+++ b/embedding/components/find/src/nsWebBrowserFind.cpp
@ -742,14 +742,12 @@ nsresult nsWebBrowserFind::SearchInFrame(nsIDOMWindow* aWindow,
      secMan->IsCapabilityEnabled("UniversalXPConnect", &hasCap);

    if (!hasCap) {
-      nsIPrincipal *principal = theDoc->GetNodePrincipal();
-      if (!principal)
-        return NS_ERROR_FAILURE;
      nsCOMPtr<nsIPrincipal> subject;
      rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
      NS_ENSURE_SUCCESS(rv, rv);
      if (subject) {
-        rv = secMan->CheckSameOriginPrincipal(subject, principal);
+        rv = secMan->CheckSameOriginPrincipal(subject,
+                                              theDoc->NodePrincipal());
        NS_ENSURE_SUCCESS(rv, rv);
      }
    }
--- a/extensions/xforms/nsXFormsUtils.cpp
+++ b/extensions/xforms/nsXFormsUtils.cpp
@ -1179,29 +1179,27 @@ nsXFormsUtils::CheckSameOrigin(nsIDocument *aBaseDocument, nsIURI *aTestURI)
  nsresult rv;

  // get the base document's principal
-  nsIPrincipal *basePrincipal = aBaseDocument->GetNodePrincipal();
+  nsIPrincipal *basePrincipal = aBaseDocument->NodePrincipal();

-  if (basePrincipal) {
-    // check for the UniversalBrowserRead capability.
-    PRBool crossSiteAccessEnabled;
-    rv = basePrincipal->IsCapabilityEnabled("UniversalBrowserRead", nsnull,
-                                            &crossSiteAccessEnabled);
-    if (NS_SUCCEEDED(rv) && crossSiteAccessEnabled)
-      return PR_TRUE;
+  // check for the UniversalBrowserRead capability.
+  PRBool crossSiteAccessEnabled;
+  rv = basePrincipal->IsCapabilityEnabled("UniversalBrowserRead", nsnull,
+                                          &crossSiteAccessEnabled);
+  if (NS_SUCCEEDED(rv) && crossSiteAccessEnabled)
+    return PR_TRUE;

-    // check the security manager and do a same original check on the principal
-    nsCOMPtr<nsIScriptSecurityManager> secMan =
-      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
-    if (secMan) {
-      // get a principal for the uri we are testing
-      nsCOMPtr<nsIPrincipal> testPrincipal;
-      rv = secMan->GetCodebasePrincipal(aTestURI, getter_AddRefs(testPrincipal));
+  // check the security manager and do a same original check on the principal
+  nsCOMPtr<nsIScriptSecurityManager> secMan =
+    do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
+  if (secMan) {
+    // get a principal for the uri we are testing
+    nsCOMPtr<nsIPrincipal> testPrincipal;
+    rv = secMan->GetCodebasePrincipal(aTestURI, getter_AddRefs(testPrincipal));

-      if (NS_SUCCEEDED(rv)) {
-        rv = secMan->CheckSameOriginPrincipal(basePrincipal, testPrincipal);
-        if (NS_SUCCEEDED(rv))
-          return PR_TRUE;
-      }
+    if (NS_SUCCEEDED(rv)) {
+      rv = secMan->CheckSameOriginPrincipal(basePrincipal, testPrincipal);
+      if (NS_SUCCEEDED(rv))
+        return PR_TRUE;
    }
  }

--- a/extensions/xmlterm/base/mozLineTerm.cpp
+++ b/extensions/xmlterm/base/mozLineTerm.cpp
@ -224,9 +224,7 @@ NS_IMETHODIMP mozLineTerm::GetSecurePrincipal(nsIDOMDocument *domDoc,
  if (!doc)
    return NS_ERROR_FAILURE;

-  nsIPrincipal *principal = doc->GetNodePrincipal();
-  if (!principal) 
-    return NS_ERROR_FAILURE;
+  nsIPrincipal *principal = doc->NodePrincipal();

 #if 0  // Temporarily commented out, because |ToString()| is not implemented.
  if (NS_FAILED(principal->ToString(aPrincipalStr)) || !*aPrincipalStr)
--- a/extensions/xmlterm/base/mozXMLTermUtils.cpp
+++ b/extensions/xmlterm/base/mozXMLTermUtils.cpp
@ -257,9 +257,7 @@ mozXMLTermUtils::ExecuteScript(nsIDOMDocument* aDOMDocument,
  if (!doc)
    return NS_ERROR_FAILURE;

-  nsIPrincipal *docPrincipal = doc->GetNodePrincipal();
-  if (!docPrincipal) 
-    return NS_ERROR_FAILURE;
+  nsIPrincipal *docPrincipal = doc->NodePrincipal();

  // Get document script context
  nsCOMPtr<nsIScriptContext> scriptContext;
--- a/layout/generic/nsImageFrame.cpp
+++ b/layout/generic/nsImageFrame.cpp
@ -1530,13 +1530,8 @@ nsImageFrame::TriggerLink(nsPresContext* aPresContext,
      if (NS_FAILED(rv))
        return;

-      nsIPrincipal* principal = aTriggerNode->GetNodePrincipal();
-      if (!principal) {
-        return;
-      }
-
      rv = securityManager->
-        CheckLoadURIWithPrincipal(principal, aURI,
+        CheckLoadURIWithPrincipal(aTriggerNode->NodePrincipal(), aURI,
                                  nsIScriptSecurityManager::STANDARD);

      // Only pass off the click event if the script security manager
--- a/modules/plugin/base/src/nsPluginHostImpl.cpp
+++ b/modules/plugin/base/src/nsPluginHostImpl.cpp
@ -3385,7 +3385,7 @@ NS_IMETHODIMP nsPluginHostImpl::InstantiateEmbeddedPlugin(const char *aMimeType,
    if (!doc)
      return NS_ERROR_NULL_POINTER;

-    rv = secMan->CheckLoadURIWithPrincipal(doc->GetNodePrincipal(), aURL, 0);
+    rv = secMan->CheckLoadURIWithPrincipal(doc->NodePrincipal(), aURL, 0);
    if (NS_FAILED(rv))
      return rv;

@ -5758,7 +5758,7 @@ NS_IMETHODIMP nsPluginHostImpl::NewPluginURLStream(const nsString& aURL,
      if (doc)
      {
        // Set the owner of channel to the document principal...
-        channel->SetOwner(doc->GetNodePrincipal());
+        channel->SetOwner(doc->NodePrincipal());
      }

      // deal with headers and post data
@ -5840,7 +5840,7 @@ nsPluginHostImpl::DoURLLoadSecurityCheck(nsIPluginInstance *aInstance,
  if (NS_FAILED(rv))
    return rv;

-  return secMan->CheckLoadURIWithPrincipal(doc->GetNodePrincipal(), targetURL,
+  return secMan->CheckLoadURIWithPrincipal(doc->NodePrincipal(), targetURL,
                                           nsIScriptSecurityManager::STANDARD);

 }
--- a/security/manager/boot/src/nsSecureBrowserUIImpl.cpp
+++ b/security/manager/boot/src/nsSecureBrowserUIImpl.cpp
@ -359,7 +359,7 @@ nsSecureBrowserUIImpl::Notify(nsIContent* formNode,
  nsCOMPtr<nsIDocument> document = formNode->GetDocument();
  if (!document) return NS_OK;

-  nsIPrincipal *principal = formNode->GetNodePrincipal();
+  nsIPrincipal *principal = formNode->NodePrincipal();
  
  if (!principal)
  {