Needed for 7254: Implement DOM security

reviewed by Ben Goodger <rgoodger@ihug.co.nz> and Seth Spitzer <sspitzer@netscape.com>

Scripts running from chrome are considered super privileged and can perform operations that
scripts from the web cannot. I differentiate chrome scripts from web
scripts by considering all scripts loaded from chrome: URIs to be
privileged.

The problem I'm running into is that the loading of relative urls in
this code ends up going to the file: protocol (which is what the chrome
protocol is converted to internally). This change makes sure we load
from the chrome protocol so that the scripts are privileged and don't
get access errors. It's probably a good idea to load from the chrome
protocol anyway since it may one day be resolved to extracting from a
JAR file rather than accessing a discrete file.

profile/resources/content/createProfileWizard.js

@@ -67,7 +67,7 @@ var testMap = {
     newProfile1_1: { previous: null, next: "newProfile1_2" },
     newProfile1_2: { previous: "newProfile1_1", next: null},
 }
-
+var pagePrefix = "chrome://profile/content/";
 var pagePostfix=".xul";
 var currentPageTag;
 
@@ -200,7 +200,7 @@ function onCancel()
 // utility functions
 function getUrlFromTag(title) 
 {
-    return title + pagePostfix;
+    return pagePrefix + title + pagePostfix;
 }
 
 function Startup()