[whatwg] api for fullscreen() - security issues
Boris Zbarsky
bzbarsky at MIT.EDU
Sat Jan 30 20:57:57 PST 2010
On 1/30/10 11:38 PM, Tab Atkins Jr. wrote:
> On Sat, Jan 30, 2010 at 9:08 PM, Simon Fraser<smfr at me.com> wrote:
>> * require that enterFullscreen() is being called inside a user-event handler
>> (e.g. click or keypress) to avoid drive-by fullscreen annoyances.
>
> This one seems kind of weird. Does the spec currently distinguish
> significantly between a user-initiated click and a script-initiated
> one?
Not sure about the spec, but popup blockers sure do.
-Boris
More information about the whatwg
mailing list