I currently use something like this:

newChannel: function(aURI) {
var ioService =
var channel =
ioService.newChannel("chrome://mychrome/content/error.xhtml", null, null);
channel.originalURI = aURI;
return channel;

but I wonder about the security policy used here, which seems alright,
but how can I change / limit it? Should I change the third parameter to
about:blank as nsIURI or what else should I do?

Please advise,

Michael Vincent van Rantwijk
- MultiZilla Project Team Lead
- XUL Boot Camp Staff member (ActiveState Training Partner)
- iPhone Application Developer