I currently use something like this:

newChannel: function(aURI) {
var ioService =
Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService);
var channel =
ioService.newChannel("chrome://mychrome/content/error.xhtml", null, null);
channel.originalURI = aURI;
return channel;
},

but I wonder about the security policy used here, which seems alright,
but how can I change / limit it? Should I change the third parameter to
about:blank as nsIURI or what else should I do?

Please advise,
Thanks,

--
Michael Vincent van Rantwijk
- MultiZilla Project Team Lead
- XUL Boot Camp Staff member (ActiveState Training Partner)
- iPhone Application Developer