ported follow-ups of "Bug 1143922 - Add AsyncOpen2 to nsIChannel and perform security checks when opening a channel - scriptSecurityManager changes (r=sicking,bholley)":

- Bug 1184387 - Bail out of file:// loads for all non-chrome:// URIs. r=Gijs
- Bug 1224046 - Remove <base href> from directory listings. r=mcmanus

but this doesn't solve ask-to-activate plugin issue.

caps/nsScriptSecurityManager.cpp

@@ -863,18 +863,12 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
             }
         }
 
-        // resource: and chrome: are equivalent, securitywise
-        // That's bogus!!  Fix this.  But watch out for
-        // the view-source stylesheet?
-        bool sourceIsChrome;
-        rv = NS_URIChainHasFlags(sourceURI,
-                                 nsIProtocolHandler::URI_IS_UI_RESOURCE,
-                                 &sourceIsChrome);
-        NS_ENSURE_SUCCESS(rv, rv);
-        if (sourceIsChrome) {
+        // Allow chrome://
+        if (sourceScheme.EqualsLiteral("chrome")) {
             return NS_OK;
         }
 
+        // Nothing else.
         if (reportErrors) {
             ReportError(nullptr, errorTag, sourceURI, aTargetURI);
         }