Under SetFullScreen(), if IsCallerTrustedForWrite returns false, we still return NS_OK. This is wrong, we should return a security error so callers know that they don't have the right to set it.

Huh, I thought I attached this patch...

.fullscreen is supported by IE too, right? Does it throw something when web pages try to set it? If it doesn't, I think we shouldn't either.

Comment on attachment 275750 [details] [diff] [review] Patch (In reply to comment #2) > .fullscreen is supported by IE too, right? Does it throw something when web > pages > try to set it? If it doesn't, I think we shouldn't either. I don't think its supported is modern IE's, but now that you mentioned it I guess that is an obstacle. If we ultimately don't take this patch then current behaviour should probably be documented.

This is still working: http://people.mozilla.com/~mwargers/tests/dom/fullscreenyes.htm So this document is currently completely wrong: https://developer.mozilla.org/en/DOM/window.fullScreen I guess it should also be described here then that you can use the fullScreen property: https://developer.mozilla.org/en/DOM/Using_full-screen_mode

Is this bug still relevant now that that other bug has been fixed?