Closed Bug 691947 Opened 8 years ago Closed 8 years ago

Relax DOM full-screen API security constraints for requests coming from chrome

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla10

People

(Reporter: cpearce, Assigned: cpearce)

References

Details

Attachments

(1 file, 1 obsolete file)

document.mozFullScreenEnabled should ignore the mozallowfullscreen (and in future the windowed plugins) check when requests which come from the context-menu. However we should not ignore these checks when we're called from the videocontrols' full-screen button (which is being added to the controlbar in bug 470628).

It may be enough to check if caller is chrome in mozFullScreenEnabled, but I'm not sure if this will trigger in the videocontrols' controlbar case.
Assignee: nobody → chris
Blocks: 685402
Target Milestone: --- → mozilla10
Attached patch Patch v1 (obsolete) — Splinter Review
Allow chrome code calls to document.mozRequestFullScreen(), document.mozCancelFullScreen() and document.mozFullScreenEnabled to bypass the requirement for being a user-event handler and the plugin/mozallowfullscreen requirement. This does not allow chrome code cannot override the pref full-screen-api.enabled however.

This is required for bug 685402, as in the patch I'm about to submit there, we call document.mozCancelFullScreen() from browser.js.
Attachment #571535 - Flags: review?(roc)
Attached patch Patch v2.Splinter Review
Oops, forgot to add an early return in GetMozFullScreenEnabled().
Attachment #571535 - Attachment is obsolete: true
Attachment #571550 - Flags: review?(roc)
https://hg.mozilla.org/mozilla-central/rev/ab06f7315bd7
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Whiteboard: [inbound]
No longer blocks: 693728
You need to log in before you can comment on or make changes to this bug.