Closed Bug 691947 Opened 10 years ago Closed 10 years ago
Relax DOM full-screen API security constraints for requests coming from chrome
document.mozFullScreenEnabled should ignore the mozallowfullscreen (and in future the windowed plugins) check when requests which come from the context-menu. However we should not ignore these checks when we're called from the videocontrols' full-screen button (which is being added to the controlbar in bug 470628). It may be enough to check if caller is chrome in mozFullScreenEnabled, but I'm not sure if this will trigger in the videocontrols' controlbar case.
Assignee: nobody → chris
Target Milestone: --- → mozilla10
Allow chrome code calls to document.mozRequestFullScreen(), document.mozCancelFullScreen() and document.mozFullScreenEnabled to bypass the requirement for being a user-event handler and the plugin/mozallowfullscreen requirement. This does not allow chrome code cannot override the pref full-screen-api.enabled however. This is required for bug 685402, as in the patch I'm about to submit there, we call document.mozCancelFullScreen() from browser.js.
Attachment #571535 - Flags: review?(roc)
Attachment #571535 - Flags: review?(roc) → review+
Oops, forgot to add an early return in GetMozFullScreenEnabled().
Attachment #571550 - Flags: review?(roc) → review+
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.