In this add-on, we’d like to allow loading of private internal resources (
resource://), which we usually block, into a tab not controllable by any site. Active documents such as (X)HTML or SVG are insecure. JSON preview, image preview and movies on tabs are supposedly not controllable by a website and we intend to whitelist them. All of the insecure and secure documents have a content principal but we need to distinguish tabs that websites can’t access.