Last Comment Bug 691947 - Relax DOM full-screen API security constraints for requests coming from chrome
: Relax DOM full-screen API security constraints for requests coming from chrome
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: DOM: Core & HTML (show other bugs)
: Trunk
: All All
: -- normal (vote)
: mozilla10
Assigned To: Chris Pearce (:cpearce)
:
Mentors:
Depends on:
Blocks: 470628 545812 685402
  Show dependency treegraph
 
Reported: 2011-10-04 15:29 PDT by Chris Pearce (:cpearce)
Modified: 2011-11-06 05:18 PST (History)
7 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Patch v1 (1.69 KB, patch)
2011-11-02 19:03 PDT, Chris Pearce (:cpearce)
roc: review+
Details | Diff | Splinter Review
Patch v2. (1.71 KB, patch)
2011-11-02 21:11 PDT, Chris Pearce (:cpearce)
roc: review+
Details | Diff | Splinter Review

Description Chris Pearce (:cpearce) 2011-10-04 15:29:20 PDT
document.mozFullScreenEnabled should ignore the mozallowfullscreen (and in future the windowed plugins) check when requests which come from the context-menu. However we should not ignore these checks when we're called from the videocontrols' full-screen button (which is being added to the controlbar in bug 470628).

It may be enough to check if caller is chrome in mozFullScreenEnabled, but I'm not sure if this will trigger in the videocontrols' controlbar case.
Comment 1 Chris Pearce (:cpearce) 2011-11-02 19:03:57 PDT
Created attachment 571535 [details] [diff] [review]
Patch v1

Allow chrome code calls to document.mozRequestFullScreen(), document.mozCancelFullScreen() and document.mozFullScreenEnabled to bypass the requirement for being a user-event handler and the plugin/mozallowfullscreen requirement. This does not allow chrome code cannot override the pref full-screen-api.enabled however.

This is required for bug 685402, as in the patch I'm about to submit there, we call document.mozCancelFullScreen() from browser.js.
Comment 2 Chris Pearce (:cpearce) 2011-11-02 21:11:07 PDT
Created attachment 571550 [details] [diff] [review]
Patch v2.

Oops, forgot to add an early return in GetMozFullScreenEnabled().
Comment 4 Marco Bonardo [::mak] 2011-11-03 08:58:37 PDT
https://hg.mozilla.org/mozilla-central/rev/ab06f7315bd7

Note You need to log in before you can comment on or make changes to this bug.