The default bug view has changed. See this FAQ.

Relax DOM full-screen API security constraints for requests coming from chrome

RESOLVED FIXED in mozilla10

Status

()

Core
DOM: Core & HTML
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: cpearce, Assigned: cpearce)

Tracking

Trunk
mozilla10
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

6 years ago
document.mozFullScreenEnabled should ignore the mozallowfullscreen (and in future the windowed plugins) check when requests which come from the context-menu. However we should not ignore these checks when we're called from the videocontrols' full-screen button (which is being added to the controlbar in bug 470628).

It may be enough to check if caller is chrome in mozFullScreenEnabled, but I'm not sure if this will trigger in the videocontrols' controlbar case.
Blocks: 693728
(Assignee)

Updated

6 years ago
Assignee: nobody → chris
Blocks: 685402
Target Milestone: --- → mozilla10
(Assignee)

Comment 1

6 years ago
Created attachment 571535 [details] [diff] [review]
Patch v1

Allow chrome code calls to document.mozRequestFullScreen(), document.mozCancelFullScreen() and document.mozFullScreenEnabled to bypass the requirement for being a user-event handler and the plugin/mozallowfullscreen requirement. This does not allow chrome code cannot override the pref full-screen-api.enabled however.

This is required for bug 685402, as in the patch I'm about to submit there, we call document.mozCancelFullScreen() from browser.js.
Attachment #571535 - Flags: review?(roc)
Attachment #571535 - Flags: review?(roc) → review+
(Assignee)

Comment 2

6 years ago
Created attachment 571550 [details] [diff] [review]
Patch v2.

Oops, forgot to add an early return in GetMozFullScreenEnabled().
Attachment #571535 - Attachment is obsolete: true
Attachment #571550 - Flags: review?(roc)
Attachment #571550 - Flags: review?(roc) → review+
(Assignee)

Comment 3

6 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/ab06f7315bd7
Whiteboard: [inbound]
https://hg.mozilla.org/mozilla-central/rev/ab06f7315bd7
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Whiteboard: [inbound]

Updated

6 years ago
No longer blocks: 693728
You need to log in before you can comment on or make changes to this bug.