Fullscreen a Cross-Origin iframe

I inject a content script into all urls, all frames. A user event on the main page must fullscreen an element in a cross-origin iframe.

  • postMessage() does not count as a “short-running user-generated” event nor is it secure since the add-on cannot specify itself as a uniqe target origin.
  • Custom events cannot be put on cross-origin windows, and have the same problem as above.
  • runtime.sendMessage() is global, and leads to many listeners. Also same problem as above.