Brief review for screen orientation API The feature basically allows content to request to lock the orientation of the screen. Untrusted content needs to ask, installed apps can do it without asking (or that's the proposal) Minimal security threats? Creating this review for the sake of completeness.

Don't think there are any security threats here. Regular content can only lock orientation when they have already been granted fullscreen and when fullscreen is exited, orientation is reverted. Even if content was able to lock the screen the risk wouldnt be much beyond annoyance. The only potential threat I can think of is one of privacy based on mulitple windows correlating the timing of screen orientation events to de-anonymise a user. This has been discussed at length in the idle api, but I suspect there are many APIs that share the trait of being global events. I'll raise a seperate bug to discuss this further.