Bug 1302976 part 2 - Not give chrome code privilege to enter fullscreen. r?smaug
MozReview-Commit-ID: EwStcq2BUGS
--- a/dom/base/Element.cpp
+++ b/dom/base/Element.cpp
@@ -3334,21 +3334,17 @@ Element::RequestFullscreen(ErrorResult&
// and it also makes it harder for bad guys' script to go full-screen and
// spoof the browser chrome/window and phish logins etc.
// Note that requests for fullscreen inside a web app's origin are exempt
// from this restriction.
if (const char* error = GetFullScreenError(OwnerDoc())) {
OwnerDoc()->DispatchFullscreenError(error);
return;
}
-
- auto request = MakeUnique<FullscreenRequest>(this);
- request->mIsCallerChrome = nsContentUtils::IsCallerChrome();
-
- OwnerDoc()->AsyncRequestFullScreen(Move(request));
+ OwnerDoc()->AsyncRequestFullScreen(MakeUnique<FullscreenRequest>(this));
}
void
Element::RequestPointerLock()
{
OwnerDoc()->RequestPointerLock(this);
}
--- a/dom/base/nsDocument.cpp
+++ b/dom/base/nsDocument.cpp
@@ -11130,17 +11130,16 @@ IsInActiveTab(nsIDocument* aDoc)
nsresult nsDocument::RemoteFrameFullscreenChanged(nsIDOMElement* aFrameElement)
{
// Ensure the frame element is the fullscreen element in this document.
// If the frame element is already the fullscreen element in this document,
// this has no effect.
nsCOMPtr<nsIContent> content(do_QueryInterface(aFrameElement));
auto request = MakeUnique<FullscreenRequest>(content->AsElement());
- request->mIsCallerChrome = false;
request->mShouldNotifyNewOrigin = false;
RequestFullScreen(Move(request));
return NS_OK;
}
nsresult nsDocument::RemoteFrameFullscreenReverted()
{
@@ -11163,42 +11162,32 @@ HasFullScreenSubDocument(nsIDocument* aD
NS_ASSERTION(count <= 1, "Fullscreen docs should have at most 1 fullscreen child!");
return count >= 1;
}
// Returns nullptr if a request for Fullscreen API is currently enabled
// in the given document. Returns a static string indicates the reason
// why it is not enabled otherwise.
static const char*
-GetFullscreenError(nsIDocument* aDoc, bool aCallerIsChrome)
-{
- if (nsContentUtils::IsFullScreenApiEnabled() && aCallerIsChrome) {
- // Chrome code can always use the full-screen API, provided it's not
- // explicitly disabled. Note IsCallerChrome() returns true when running
- // in a Runnable, so don't use GetMozFullScreenEnabled() from a
- // Runnable!
- return nullptr;
- }
-
+GetFullscreenError(nsIDocument* aDoc)
+{
if (!nsContentUtils::IsFullScreenApiEnabled()) {
return "FullscreenDeniedDisabled";
}
-
// Ensure that all containing elements are <iframe> and have
// allowfullscreen attribute set.
nsCOMPtr<nsIDocShell> docShell(aDoc->GetDocShell());
if (!docShell || !docShell->GetFullscreenAllowed()) {
return "FullscreenDeniedContainerNotAllowed";
}
return nullptr;
}
bool
-nsDocument::FullscreenElementReadyCheck(Element* aElement,
- bool aWasCallerChrome)
+nsDocument::FullscreenElementReadyCheck(Element* aElement)
{
NS_ASSERTION(aElement,
"Must pass non-null element to nsDocument::RequestFullScreen");
if (!aElement || aElement == GetFullscreenElement()) {
return false;
}
if (!aElement->IsInUncomposedDoc()) {
DispatchFullscreenError("FullscreenDeniedNotInDocument");
@@ -11207,17 +11196,17 @@ nsDocument::FullscreenElementReadyCheck(
if (aElement->OwnerDoc() != this) {
DispatchFullscreenError("FullscreenDeniedMovedDocument");
return false;
}
if (!GetWindow()) {
DispatchFullscreenError("FullscreenDeniedLostWindow");
return false;
}
- if (const char* msg = GetFullscreenError(this, aWasCallerChrome)) {
+ if (const char* msg = GetFullscreenError(this)) {
DispatchFullscreenError(msg);
return false;
}
if (!IsVisible()) {
DispatchFullscreenError("FullscreenDeniedHidden");
return false;
}
if (HasFullScreenSubDocument(this)) {
@@ -11418,17 +11407,17 @@ nsDocument::RequestFullScreen(UniquePtr<
if (ShouldApplyFullscreenDirectly(this, rootWin)) {
ApplyFullscreen(*aRequest);
return;
}
// We don't need to check element ready before this point, because
// if we called ApplyFullscreen, it would check that for us.
Element* elem = aRequest->GetElement();
- if (!FullscreenElementReadyCheck(elem, aRequest->mIsCallerChrome)) {
+ if (!FullscreenElementReadyCheck(elem)) {
return;
}
PendingFullscreenRequestList::Add(Move(aRequest));
if (XRE_GetProcessType() == GeckoProcessType_Content) {
// If we are not the top level process, dispatch an event to make
// our parent process go fullscreen first.
nsContentUtils::DispatchEventOnlyToChrome(
@@ -11465,17 +11454,17 @@ ClearPendingFullscreenRequests(nsIDocume
iter.DeleteAndNext();
}
}
bool
nsDocument::ApplyFullscreen(const FullscreenRequest& aRequest)
{
Element* elem = aRequest.GetElement();
- if (!FullscreenElementReadyCheck(elem, aRequest.mIsCallerChrome)) {
+ if (!FullscreenElementReadyCheck(elem)) {
return false;
}
// Stash a reference to any existing fullscreen doc, we'll use this later
// to detect if the origin which is fullscreen has changed.
nsCOMPtr<nsIDocument> previousFullscreenDoc = GetFullscreenLeaf(this);
// Stores a list of documents which we must dispatch "fullscreenchange"
@@ -11599,17 +11588,17 @@ nsDocument::GetMozFullScreenEnabled(bool
NS_ENSURE_ARG_POINTER(aFullScreen);
*aFullScreen = FullscreenEnabled();
return NS_OK;
}
bool
nsDocument::FullscreenEnabled()
{
- return !GetFullscreenError(this, nsContentUtils::IsCallerChrome());
+ return !GetFullscreenError(this);
}
uint16_t
nsDocument::CurrentOrientationAngle() const
{
return mCurrentOrientationAngle;
}
--- a/dom/base/nsDocument.h
+++ b/dom/base/nsDocument.h
@@ -107,19 +107,16 @@ struct FullscreenRequest : public Linked
Element* GetElement() const { return mElement; }
nsDocument* GetDocument() const { return mDocument; }
private:
RefPtr<Element> mElement;
RefPtr<nsDocument> mDocument;
public:
- // This value should be true if the fullscreen request is
- // originated from chrome code.
- bool mIsCallerChrome = false;
// This value denotes whether we should trigger a NewOrigin event if
// requesting fullscreen in its document causes the origin which is
// fullscreen to change. We may want *not* to trigger that event if
// we're calling RequestFullScreen() as part of a continuation of a
// request in a subdocument in different process, whereupon the caller
// need to send some notification itself with the real origin.
bool mShouldNotifyNewOrigin = true;
};
@@ -1059,17 +1056,17 @@ public:
// canceled by the URL classifier (Safebrowsing).
//
already_AddRefed<nsSimpleContentList> BlockedTrackingNodes() const;
static bool IsUnprefixedFullscreenEnabled(JSContext* aCx, JSObject* aObject);
// Do the "fullscreen element ready check" from the fullscreen spec.
// It returns true if the given element is allowed to go into fullscreen.
- bool FullscreenElementReadyCheck(Element* aElement, bool aWasCallerChrome);
+ bool FullscreenElementReadyCheck(Element* aElement);
// This is called asynchronously by nsIDocument::AsyncRequestFullScreen()
// to move this document into full-screen mode if allowed.
void RequestFullScreen(mozilla::UniquePtr<FullscreenRequest>&& aRequest);
// Removes all elements from the full-screen stack, removing full-scren
// styles from the top element in the stack.
void CleanupFullscreenState();