Steps to reproduce: 1) Have H.264 enabled. 2) Load http://llvm.org/devmtg/2012-11/videos/Gregor-Modules.mp4 3) Click the button in the video controls to go full screen. Actual results: Firefox asks if you allow llvm.org to go full screen. Expected results: Expected to be able to take the video to full screen without being asked when using the video controls on a video being presented in a generated MediaDocument that's loaded in a top-level browsing context. The UI comes from the browser itself and, since it's not framed, isn't vulnerable to clickjacking attacks, either.

I love removing unnecessary security dialogs. But to make this one unnecessary, we need to: 1. Prevent other forms of clickjacking (navigation, opening/closing windows, calling focus/blur). I think a 500ms timer would be sufficient for the relatively benign action of full-screening a video. 2. Make MediaDocuments not be same-origin with their hosting domain. I really don't want the page you navigated from or navigate to, or the page that opened the media document using window.open(), to be able to manipulate a document that has unprompted access to full-screen. Making top-level MediaDocuments have their own origin probably won't break much of the web. I kinda think we should do the same for framed MediaDocuments as well. Is the concept of "scripts can reach into MediaDocuments" specified and/or interoperable, or are we accidentally exposing implementation details and hoping the web doesn't come to rely on them?

It's specified, and I bet interoperable, but would want someone to check the latter. OF course the spec was written by reverse-engineering implementations. :(

We no longer require any authorization to enter fullscreen after bug 1160017.