Closed
Bug 691947
Opened 13 years ago
Closed 13 years ago
Relax DOM full-screen API security constraints for requests coming from chrome
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla10
People
(Reporter: cpearce, Assigned: cpearce)
References
Details
Attachments
(1 file, 1 obsolete file)
|
(deleted),
patch
|
roc
:
review+
|
Details | Diff | Splinter Review |
document.mozFullScreenEnabled should ignore the mozallowfullscreen (and in future the windowed plugins) check when requests which come from the context-menu. However we should not ignore these checks when we're called from the videocontrols' full-screen button (which is being added to the controlbar in bug 470628).
It may be enough to check if caller is chrome in mozFullScreenEnabled, but I'm not sure if this will trigger in the videocontrols' controlbar case.
|
Assignee | |
Updated•13 years ago
|
|
|
Assignee | |
Comment 1•13 years ago
|
||
Allow chrome code calls to document.mozRequestFullScreen(), document.mozCancelFullScreen() and document.mozFullScreenEnabled to bypass the requirement for being a user-event handler and the plugin/mozallowfullscreen requirement. This does not allow chrome code cannot override the pref full-screen-api.enabled however.
This is required for bug 685402, as in the patch I'm about to submit there, we call document.mozCancelFullScreen() from browser.js.
Attachment #571535 -
Flags: review?(roc)
Attachment #571535 -
Flags: review?(roc) → review+
|
|
Assignee | |
Comment 2•13 years ago
|
||
Oops, forgot to add an early return in GetMozFullScreenEnabled().
Attachment #571535 -
Attachment is obsolete: true
Attachment #571550 -
Flags: review?(roc)
Attachment #571550 -
Flags: review?(roc) → review+
|
|
Assignee | |
Comment 3•13 years ago
|
||
Whiteboard: [inbound]
|
||
Comment 4•13 years ago
|
||
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Whiteboard: [inbound]
You need to log in
before you can comment on or make changes to this bug.
Description
•