Created attachment 569856 [details] testcase == Steps == 1. Set these prefs: user_pref("full-screen-api.allow-trusted-requests-only", false); user_pref("full-screen-api.enabled", true); 2. Load the testcase. == Result == 1. Firefox enters full-screen mode. 2. ###!!! ASSERTION: Document should report fullscreen: 'fullscreen', file content/html/content/src/nsGenericHTMLElement.cpp, line 3413 3. ###!!! ASSERTION: Should be in full screen state!: 'doc->IsFullScreenDoc()', file content/html/content/src/nsGenericHTMLElement.cpp, line 3414 == Expected == 1. The requestFullScreen call should throw. == Security impact == This might be bypass for lack of mozallowfullscreen attribute.
I'll reopen this bug and resolve it separately from bug 685402 to simplify patches, reviews, and landings.
Created attachment 570173 [details] [diff] [review] Patch v1 Patch, with Jesse's testcase. Based on top of bug 688648 and bug 685779, so will hold of on requesting review until they're reviewed.
Created attachment 570855 [details] [diff] [review] Patch v2 Rebased on top of patch in bug 685779 and bug 688468. Includes test.
Comment on attachment 570855 [details] [diff] [review] Patch v2 r=me