[whatwg] api for fullscreen() - security issues

Boris Zbarsky bzbarsky at MIT.EDU
Sat Jan 30 20:57:57 PST 2010


On 1/30/10 11:38 PM, Tab Atkins Jr. wrote:
> On Sat, Jan 30, 2010 at 9:08 PM, Simon Fraser<smfr at me.com>  wrote:
>> * require that enterFullscreen() is being called inside a user-event handler
>> (e.g. click or keypress) to avoid drive-by fullscreen annoyances.
>
> This one seems kind of weird.  Does the spec currently distinguish
> significantly between a user-initiated click and a script-initiated
> one?

Not sure about the spec, but popup blockers sure do.

-Boris



More information about the whatwg mailing list