Comment 47 for bug 290867

I don't think we should make it so that allowing popups for one file, enables it for all files. Especially if we add UI for other, more riskier, policies.

Our same-domain policy for file:// is pretty complicated, but if we could make it so that if you apply a policy for file://foo/bar/baz.html, then that policy applies only to file://foo/bar and nothing else.

Btw, we do use the uri of the principal when setting these policies, right? Not the uri of the document?