[whatwg] api for fullscreen()

Aryeh Gregor Simetrical+w3c at gmail.com
Thu Dec 17 03:33:14 PST 2009


2009/12/17 Jonas Sicking <jonas at sicking.cc>:
> I guess that if you enforced that fullscreen could only happen in
> response to a click then you are in better shape.

Browsers already have heuristics just like this for opening popup
windows, don't they?  They seem to work pretty well to prevent pages
from being too annoying.  I don't think going out of fullscreen is any
more annoying than closing a popup, so I think the only issue is
security.

Requiring a click doesn't seem like it would do anything to stop
spoofing, though.  You could just put an onclick handler on the body.
Users click on the page all the time, to follow links or select text.
Spoofing seems like a hard problem for general-purpose full-screening.

2009/12/17 Ian Fette (イアンフェッティ) <ifette at google.com>:
> maybe there's some dorky
> bar up top that stays around until you click "go away" or "never put up the
> dork bar again for this site".

So they only have to get you to watch one fullscreen video on their
site and reflexively dismiss the dork bar before they can spoof you?



More information about the whatwg mailing list