Make content grab the cached security manager off of nsContentUtils rather than ask the service manager to find one.

Bug 223192; r+sr=bzbarsky
2024-10-09 03:15:11 +00:00 · 2003-10-30 03:01:25 +00:00 · 2003-10-30 03:01:25 +00:00 · 150adb2e29
commit 150adb2e29
parent c698bdce0c
20 changed files with 70 additions and 126 deletions
--- a/content/base/src/nsDocument.cpp
+++ b/content/base/src/nsDocument.cpp
@ -839,14 +839,12 @@ nsDocument::SetBaseURL(nsIURI* aURL)
  nsresult rv = NS_OK;

  if (aURL) {
-    nsCOMPtr<nsIScriptSecurityManager> securityManager =
-      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+    nsIScriptSecurityManager* securityManager =
+      nsContentUtils::GetSecurityManager();
+    rv = securityManager->CheckLoadURI(mDocumentURL, aURL,
+                                       nsIScriptSecurityManager::STANDARD);
    if (NS_SUCCEEDED(rv)) {
-      rv = securityManager->CheckLoadURI(mDocumentURL, aURL,
-                                         nsIScriptSecurityManager::STANDARD);
-      if (NS_SUCCEEDED(rv)) {
-        mDocumentBaseURL = aURL;
-      }
+      mDocumentBaseURL = aURL;
    }
  } else {
    mDocumentBaseURL = nsnull;
--- a/content/base/src/nsFrameLoader.cpp
+++ b/content/base/src/nsFrameLoader.cpp
@ -57,6 +57,7 @@
 #include "nsIDocShellLoadInfo.h"
 #include "nsIBaseWindow.h"
 #include "nsIWebShell.h"
+#include "nsContentUtils.h"

 #include "nsIScriptSecurityManager.h"

@ -182,15 +183,13 @@ nsFrameLoader::LoadFrame()
                 PromiseFlatCString(doc_charset).get(), base_uri);
  NS_ENSURE_SUCCESS(rv, rv);

-  // Check for security
-  nsCOMPtr<nsIScriptSecurityManager> secMan =
-    do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-  NS_ENSURE_SUCCESS(rv, rv);
-
  nsCOMPtr<nsIDocShellLoadInfo> loadInfo;
  mDocShell->CreateLoadInfo(getter_AddRefs(loadInfo));
  NS_ENSURE_TRUE(loadInfo, NS_ERROR_FAILURE);

+  // Check for security
+  nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
+
  // Get referring URL
  nsCOMPtr<nsIURI> referrer;
  nsCOMPtr<nsIPrincipal> principal;
--- a/content/base/src/nsRange.cpp
+++ b/content/base/src/nsRange.cpp
@ -2571,12 +2571,12 @@ nsRange::CreateContextualFragment(const nsAString& aFragment,
      // so that event handlers in the fragment do not get 
      // compiled with the system principal.
      nsCOMPtr<nsIJSContextStack> ContextStack;
-      nsCOMPtr<nsIScriptSecurityManager> secMan;
-      secMan = do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &result);
-      if (document && NS_SUCCEEDED(result)) {
+      if (document) {
        nsCOMPtr<nsIPrincipal> sysPrin;
        nsCOMPtr<nsIPrincipal> subjectPrin;

+        nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
+
        // Just to compare, not to use!
        result = secMan->GetSystemPrincipal(getter_AddRefs(sysPrin));
        if (NS_SUCCEEDED(result))
--- a/content/base/src/nsSyncLoadService.cpp
+++ b/content/base/src/nsSyncLoadService.cpp
@ -58,6 +58,7 @@
 #include "nsIScriptGlobalObject.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsContentCID.h"
+#include "nsContentUtils.h"
 #include "nsNetUtil.h"
 #include "nsIHttpChannel.h"
 #include "nsIScriptLoader.h"
@ -313,14 +314,13 @@ nsSyncLoader::LoadDocument(nsIChannel* aChannel,
    mChannel = aChannel;

    if (aLoaderURI) {
-        nsCOMPtr<nsIScriptSecurityManager> securityManager = 
-            do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-        NS_ENSURE_SUCCESS(rv, rv);
-
        nsCOMPtr<nsIURI> docURI;
        rv = aChannel->GetOriginalURI(getter_AddRefs(docURI));
        NS_ENSURE_SUCCESS(rv, rv);

+        nsIScriptSecurityManager *securityManager =
+            nsContentUtils::GetSecurityManager();
+
        rv = securityManager->CheckLoadURI(aLoaderURI, docURI,
                                           nsIScriptSecurityManager::STANDARD);
        NS_ENSURE_SUCCESS(rv, rv);
@ -497,21 +497,15 @@ nsSyncLoader::OnRedirect(nsIHttpChannel *aHttpChannel,
 {
    NS_ENSURE_ARG_POINTER(aNewChannel);

-    nsresult rv = NS_ERROR_FAILURE;
-
-    nsCOMPtr<nsIScriptSecurityManager> secMan =
-        do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-    NS_ENSURE_SUCCESS(rv, rv);
-
    nsCOMPtr<nsIURI> oldURI;
-    rv = aHttpChannel->GetURI(getter_AddRefs(oldURI)); // The original URI
+    nsresult rv = aHttpChannel->GetURI(getter_AddRefs(oldURI)); // The original URI
    NS_ENSURE_SUCCESS(rv, rv);

    nsCOMPtr<nsIURI> newURI;
    rv = aNewChannel->GetURI(getter_AddRefs(newURI)); // The new URI
    NS_ENSURE_SUCCESS(rv, rv);

-    rv = secMan->CheckSameOriginURI(oldURI, newURI);
+    rv = nsContentUtils::GetSecurityManager()->CheckSameOriginURI(oldURI, newURI);

    NS_ENSURE_SUCCESS(rv, rv);

--- a/content/events/src/nsEventListenerManager.cpp
+++ b/content/events/src/nsEventListenerManager.cpp
@ -1233,20 +1233,18 @@ nsEventListenerManager::RegisterScriptEventListener(nsIScriptContext *aContext,
  rv = holder->GetJSObject(&jsobj);
  NS_ENSURE_SUCCESS(rv, rv);

-  nsCOMPtr<nsIScriptSecurityManager> securityManager =
-    do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-  if (NS_FAILED(rv))
-      return rv;
-
  nsCOMPtr<nsIClassInfo> classInfo = do_QueryInterface(aObject);

  if (sAddListenerID == JSVAL_VOID) {
    sAddListenerID = STRING_TO_JSVAL(::JS_InternString(cx, "addEventListener"));
  }

-  if (NS_FAILED(rv = securityManager->CheckPropertyAccess(cx, jsobj,
-                "EventTarget", sAddListenerID,
-                nsIXPCSecurityManager::ACCESS_SET_PROPERTY))) {
+  rv = nsContentUtils::GetSecurityManager()->
+    CheckPropertyAccess(cx, jsobj,
+                        "EventTarget",
+                        sAddListenerID,
+                        nsIXPCSecurityManager::ACCESS_SET_PROPERTY);
+  if (NS_FAILED(rv)) {
      // XXX set pending exception on the native call context?
    return rv;
  }
--- a/content/events/src/nsEventStateManager.cpp
+++ b/content/events/src/nsEventStateManager.cpp
@ -4450,9 +4450,8 @@ nsEventStateManager::DispatchNewEvent(nsISupports* aTarget, nsIDOMEvent* aEvent,
    if (innerEvent && (innerEvent->eventStructType == NS_KEY_EVENT ||
        innerEvent->eventStructType == NS_MOUSE_EVENT)) {
      //Check security state to determine if dispatcher is trusted
-      nsCOMPtr<nsIScriptSecurityManager>
-      securityManager(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
-      NS_ENSURE_TRUE(securityManager, NS_ERROR_FAILURE);
+      nsIScriptSecurityManager *securityManager =
+        nsContentUtils::GetSecurityManager();

      PRBool enabled;
      nsresult res = securityManager->IsCapabilityEnabled("UniversalBrowserWrite", &enabled);
--- a/content/html/content/src/nsHTMLFormElement.cpp
+++ b/content/html/content/src/nsHTMLFormElement.cpp
@ -1309,12 +1309,8 @@ nsHTMLFormElement::GetActionURL(nsIURI** aActionURL)
  //
  // Get security manager, check to see if access to action URI is allowed.
  //
-  // XXX This code has not been tested.  mailto: does not work in forms.
-  //
-  nsCOMPtr<nsIScriptSecurityManager> securityManager =
-    do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-  NS_ENSURE_SUCCESS(rv, rv);
-
+  nsIScriptSecurityManager *securityManager =
+      nsContentUtils::GetSecurityManager();
  rv = securityManager->CheckLoadURI(docURL, actionURL,
                                     nsIScriptSecurityManager::STANDARD);
  NS_ENSURE_SUCCESS(rv, rv);
--- a/content/html/content/src/nsHTMLInputElement.cpp
+++ b/content/html/content/src/nsHTMLInputElement.cpp
@ -708,13 +708,12 @@ nsHTMLInputElement::SetValue(const nsAString& aValue)
 {
  //check secuity
  if (mType == NS_FORM_INPUT_FILE) {
-    nsresult rv;
-    nsCOMPtr<nsIScriptSecurityManager> securityManager =
-             do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-    NS_ENSURE_SUCCESS(rv, rv);
+    nsIScriptSecurityManager *securityManager =
+      nsContentUtils::GetSecurityManager();

    PRBool enabled;
-    rv = securityManager->IsCapabilityEnabled("UniversalFileRead", &enabled);
+    nsresult rv =
+      securityManager->IsCapabilityEnabled("UniversalFileRead", &enabled);
    NS_ENSURE_SUCCESS(rv, rv);

    if (!enabled) {
--- a/content/html/document/src/nsHTMLContentSink.cpp
+++ b/content/html/document/src/nsHTMLContentSink.cpp
@ -2088,10 +2088,6 @@ IsScriptEnabled(nsIDocument *aDoc, nsIDocShell *aContainer)
 {
  NS_ENSURE_TRUE(aDoc && aContainer, PR_TRUE);

-  nsCOMPtr<nsIScriptSecurityManager> securityManager =
-    do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
-  NS_ENSURE_TRUE(securityManager, PR_TRUE);
-
  nsIPrincipal *principal = aDoc->GetPrincipal();
  NS_ENSURE_TRUE(principal, PR_TRUE);

@ -2115,8 +2111,9 @@ IsScriptEnabled(nsIDocument *aDoc, nsIDocShell *aContainer)
  NS_ENSURE_TRUE(cx, PR_TRUE);

  PRBool enabled = PR_TRUE;
-  securityManager->CanExecuteScripts(cx, principal, &enabled);
-
+  nsContentUtils::GetSecurityManager()->CanExecuteScripts(cx,
+                                                          principal,
+                                                          &enabled);
  return enabled;
 }

@ -3939,11 +3936,8 @@ HTMLContentSink::ProcessBaseHref(const nsAString& aBaseHref)
  } else {
    // NAV compatibility quirk

-    nsCOMPtr<nsIScriptSecurityManager> securityManager =
-      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-    if (NS_FAILED(rv)) {
-      return;
-    }
+    nsIScriptSecurityManager *securityManager =
+      nsContentUtils::GetSecurityManager();

    rv = securityManager->CheckLoadURI(mDocumentBaseURL, baseHrefURI,
                                       nsIScriptSecurityManager::STANDARD);
--- a/content/html/document/src/nsHTMLDocument.cpp
+++ b/content/html/document/src/nsHTMLDocument.cpp
@ -2619,9 +2619,7 @@ nsHTMLDocument::ScriptWriteCommon(PRBool aNewlineTerminate)
    // document for security purposes. Thus a document.write of a script tag
    // ends up producing a script with the same principals as the script
    // that performed the write.
-    nsCOMPtr<nsIScriptSecurityManager> secMan =
-      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-    NS_ENSURE_SUCCESS(rv, rv);
+    nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();

    nsCOMPtr<nsIPrincipal> subject;
    rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
@ -3884,11 +3882,8 @@ nsHTMLDocument::SetDesignMode(const nsAString & aDesignMode)
  if (!url.Equals("about:blank")) {
    // If we're 'about:blank' then we don't care who can edit us.
    // If we're not about:blank, then we need to check sameOrigin.
-    nsCOMPtr<nsIScriptSecurityManager> secMan =
-      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    rv = secMan->CheckSameOrigin(nsnull, mDocumentURL);
+    rv = nsContentUtils::GetSecurityManager()->CheckSameOrigin(nsnull,
+                                                               mDocumentURL);
    if (NS_FAILED(rv))
      return rv;
  }
@ -4129,10 +4124,6 @@ nsHTMLDocument::DoClipboardSecurityCheck(PRBool aPaste)
 {
  nsresult rv = NS_ERROR_FAILURE;

-  nsCOMPtr<nsIScriptSecurityManager> secMan =
-    do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-  NS_ENSURE_SUCCESS(rv, rv);
-
  nsCOMPtr<nsIJSContextStack> stack =
    do_GetService("@mozilla.org/js/xpc/ContextStack;1");

@ -4142,6 +4133,9 @@ nsHTMLDocument::DoClipboardSecurityCheck(PRBool aPaste)

    NS_NAMED_LITERAL_CSTRING(classNameStr, "Clipboard");

+    nsIScriptSecurityManager *secMan =
+      nsContentUtils::GetSecurityManager();
+
    if (aPaste) {
      if (nsHTMLDocument::sPasteInternal_id == JSVAL_VOID) {
        nsHTMLDocument::sPasteInternal_id =
--- a/content/html/document/src/nsWyciwygChannel.cpp
+++ b/content/html/document/src/nsWyciwygChannel.cpp
@ -25,6 +25,7 @@
 #include "nsILoadGroup.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsNetUtil.h"
+#include "nsContentUtils.h"
 #include "nsICacheService.h"
 #include "nsICacheSession.h"

@ -191,11 +192,10 @@ nsWyciwygChannel::GetOwner(nsISupports **aOwner)
    NS_ENSURE_TRUE(mOriginalURI, NS_ERROR_FAILURE); // without an owner or an original URI!

    nsCOMPtr<nsIPrincipal> principal;
-    nsCOMPtr<nsIScriptSecurityManager> secMan(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv));
-    if (secMan) {
-      rv = secMan->GetCodebasePrincipal(mOriginalURI, getter_AddRefs(principal));
-      if (NS_SUCCEEDED(rv))
-        mOwner = principal;
+    nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
+    rv = secMan->GetCodebasePrincipal(mOriginalURI, getter_AddRefs(principal));
+    if (NS_SUCCEEDED(rv)) {
+      mOwner = principal;
    }
  }

--- a/content/html/style/src/nsCSSLoader.cpp
+++ b/content/html/style/src/nsCSSLoader.cpp
@ -39,6 +39,7 @@
 #include "nsIURL.h"
 #include "nsIServiceManager.h"
 #include "nsNetUtil.h"
+#include "nsContentUtils.h"
 #include "nsCRT.h"
 #include "nsCOMArray.h"
 #include "nsCOMPtr.h"
@ -907,13 +908,9 @@ CSSLoaderImpl::CheckLoadAllowed(nsIURI* aSourceURI,
  LOG(("CSSLoaderImpl::CheckLoadAllowed"));
  
  // Check with the security manager
-  nsresult rv;
-  nsCOMPtr<nsIScriptSecurityManager> secMan =
-           do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  rv = secMan->CheckLoadURI(aSourceURI, aTargetURI,
-                            nsIScriptSecurityManager::ALLOW_CHROME);
+  nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
+  nsresult rv = secMan->CheckLoadURI(aSourceURI, aTargetURI,
+                                     nsIScriptSecurityManager::ALLOW_CHROME);
  if (NS_FAILED(rv)) { // failure is normal here; don't warn
    return rv;
  }
--- a/content/html/style/src/nsCSSStyleSheet.cpp
+++ b/content/html/style/src/nsCSSStyleSheet.cpp
@ -2588,12 +2588,8 @@ CSSStyleSheetImpl::GetCssRules(nsIDOMCSSRuleList** aCssRules)
    return NS_ERROR_FAILURE;

  // Get the security manager and do the same-origin check
-  nsCOMPtr<nsIScriptSecurityManager> secMan = 
-    do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  rv = secMan->CheckSameOrigin(cx, mInner->mURL);
-
+  rv = nsContentUtils::GetSecurityManager()->CheckSameOrigin(cx,
+                                                             mInner->mURL);
  if (NS_FAILED(rv)) {
    return rv;
  }
--- a/content/xbl/src/nsXBLService.cpp
+++ b/content/xbl/src/nsXBLService.cpp
@ -573,9 +573,7 @@ nsXBLService::LoadBindings(nsIContent* aContent, nsIURI* aURL, PRBool aAugmentFl
  rv = docURI->SchemeIs("chrome", &isChrome);

  if (NS_FAILED(rv) || !isChrome) {
-    nsCOMPtr<nsIScriptSecurityManager> secMan(
-      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv));
-    NS_ENSURE_SUCCESS(rv, rv);
+    nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();

    rv = secMan->CheckLoadURI(docURI, aURL,
                              nsIScriptSecurityManager::ALLOW_CHROME);
--- a/content/xml/content/src/nsXMLElement.cpp
+++ b/content/xml/content/src/nsXMLElement.cpp
@ -196,8 +196,8 @@ static nsresult CheckLoadURI(const nsString& aSpec, nsIURI *aBaseURI,
  rv = nsContentUtils::NewURIWithDocumentCharset(aAbsURI, aSpec, aDocument,
                                                 aBaseURI);
  if (NS_SUCCEEDED(rv)) {
-    nsCOMPtr<nsIScriptSecurityManager> securityManager = 
-             do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+    nsIScriptSecurityManager *securityManager =
+      nsContentUtils::GetSecurityManager();
    if (NS_SUCCEEDED(rv)) {
      rv = securityManager->CheckLoadURI(aBaseURI, *aAbsURI,
                                         nsIScriptSecurityManager::DISALLOW_FROM_MAIL);
--- a/content/xml/document/src/nsXMLContentSink.cpp
+++ b/content/xml/document/src/nsXMLContentSink.cpp
@ -657,10 +657,7 @@ nsXMLContentSink::ProcessStyleLink(nsIContent* aElement,
    rv = NS_NewURI(getter_AddRefs(url), aHref, nsnull, mDocumentBaseURL);
    NS_ENSURE_SUCCESS(rv, rv);

-    nsCOMPtr<nsIScriptSecurityManager> secMan =
-      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-    NS_ENSURE_SUCCESS(rv, NS_OK);
-
+    nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
    rv = secMan->CheckLoadURI(mDocumentURL, url,
                              nsIScriptSecurityManager::ALLOW_CHROME);
    NS_ENSURE_SUCCESS(rv, NS_OK);
--- a/content/xml/document/src/nsXMLDocument.cpp
+++ b/content/xml/document/src/nsXMLDocument.cpp
@ -296,18 +296,13 @@ nsXMLDocument::OnRedirect(nsIHttpChannel *aHttpChannel, nsIChannel *aNewChannel)
 {
  NS_ENSURE_ARG_POINTER(aNewChannel);

-  nsresult rv;
-
-  nsCOMPtr<nsIScriptSecurityManager> secMan = 
-           do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-  if (NS_FAILED(rv)) 
-    return rv;
-
  nsCOMPtr<nsIURI> newLocation;
-  rv = aNewChannel->GetURI(getter_AddRefs(newLocation)); // The redirected URI
+  nsresult rv = aNewChannel->GetURI(getter_AddRefs(newLocation)); // The redirected URI
  if (NS_FAILED(rv)) 
    return rv;

+  nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
+
  if (mScriptContext && !mCrossSiteAccessEnabled) {
    nsCOMPtr<nsIJSContextStack> stack(do_GetService("@mozilla.org/js/xpc/ContextStack;1", & rv));
    if (NS_FAILED(rv))
--- a/content/xul/document/src/nsXULPrototypeDocument.cpp
+++ b/content/xul/document/src/nsXULPrototypeDocument.cpp
@ -625,12 +625,9 @@ nsXULPrototypeDocument::GetDocumentPrincipal()
 {
    NS_PRECONDITION(mNodeInfoManager, "missing nodeInfoManager");
    if (!mDocumentPrincipal) {
-        nsresult rv;
-        nsCOMPtr<nsIScriptSecurityManager> securityManager = 
-                 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-
-        if (NS_FAILED(rv))
-            return nsnull;
+        nsIScriptSecurityManager *securityManager =
+            nsContentUtils::GetSecurityManager();
+        nsresult rv = NS_OK;

        // XXX This should be handled by the security manager, see bug 160042
        PRBool isChrome = PR_FALSE;
--- a/layout/style/nsCSSLoader.cpp
+++ b/layout/style/nsCSSLoader.cpp
@ -39,6 +39,7 @@
 #include "nsIURL.h"
 #include "nsIServiceManager.h"
 #include "nsNetUtil.h"
+#include "nsContentUtils.h"
 #include "nsCRT.h"
 #include "nsCOMArray.h"
 #include "nsCOMPtr.h"
@ -907,13 +908,9 @@ CSSLoaderImpl::CheckLoadAllowed(nsIURI* aSourceURI,
  LOG(("CSSLoaderImpl::CheckLoadAllowed"));
  
  // Check with the security manager
-  nsresult rv;
-  nsCOMPtr<nsIScriptSecurityManager> secMan =
-           do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  rv = secMan->CheckLoadURI(aSourceURI, aTargetURI,
-                            nsIScriptSecurityManager::ALLOW_CHROME);
+  nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
+  nsresult rv = secMan->CheckLoadURI(aSourceURI, aTargetURI,
+                                     nsIScriptSecurityManager::ALLOW_CHROME);
  if (NS_FAILED(rv)) { // failure is normal here; don't warn
    return rv;
  }
--- a/layout/style/nsCSSStyleSheet.cpp
+++ b/layout/style/nsCSSStyleSheet.cpp
@ -2588,12 +2588,8 @@ CSSStyleSheetImpl::GetCssRules(nsIDOMCSSRuleList** aCssRules)
    return NS_ERROR_FAILURE;

  // Get the security manager and do the same-origin check
-  nsCOMPtr<nsIScriptSecurityManager> secMan = 
-    do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  rv = secMan->CheckSameOrigin(cx, mInner->mURL);
-
+  rv = nsContentUtils::GetSecurityManager()->CheckSameOrigin(cx,
+                                                             mInner->mURL);
  if (NS_FAILED(rv)) {
    return rv;
  }