Determining event handler's security principal at the SpiderMonkey compiler entry point

Question

Currently, the nsJSContext::CompileEventHandler function of SpiderMonkey compiles event handlers with null principals . Therefore, at the frontend::CompileFunctionBody function of Spidermonkey, currently there is no way to associate a principal with an event handler. Later, the principal of the event handler function is determined at nsScriptSecurityManager::CheckFunctionAccess.
My question is, can the security principal of the event handler be detected at the compiler's entry point? My intuition behind this is as follows: usually event handlers are attached to DOM elements, whose principal is the container document. Is there any corner case where the event handler is called by a separate principal than the container document? If the above is true, can the principal of the event handler be determined from the "filename" attribute of the frontend::CompileFunctionBody function (e.g., chrome:// URI means system, http:// uri means not system)?
(BTW. how can we detect the principal of about: protocol documents? sometimes they are "system", sometimes not)

Answer 1

A single event handler can be shared across documents with different principals (e.g. via XBL), so you really don't know the principal at compile time. Before the handler is executed it's cloned with the right principal.