[whatwg] Full Screen API Feedback

Robert O'Callahan robert at ocallahan.org
Thu May 12 19:18:44 PDT 2011


On Fri, May 13, 2011 at 12:29 PM, Aryeh Gregor <Simetrical+w3c at gmail.com>wrote:

> On Thu, May 12, 2011 at 7:02 PM, Robert O'Callahan <robert at ocallahan.org>
> wrote:
> > For this case, I think probably a better UI would be what Flash has, to
> > actually go full-screen immediately but temporarily show a message
> telling
> > the user they're in fullscreen mode and how to get out. But I still
> strongly
> > feel that the API should be constrained so that passive confirmation
> won't
> > break sites, in case that turns out to be necessary in the future.
>
> What possible future scenario are you envisioning where passive
> confirmation might turn out to be necessary in the future?  In
> particular, Flash has allowed this for years, with 95%+ penetration
> rates, so we should already have a good idea of how this feature can
> be exploited in practice.  (Or at least someone at Adobe should.
> Maybe we could ask them?  They have people in the HTMLWG.)
>

Clickjacking and CSS history sniffing were possible (and known about) for
several years before they became popular. I've become paranoid about
assuming that a feature won't be abused because it hasn't been so far.

Rob
-- 
"Now the Bereans were of more noble character than the Thessalonians, for
they received the message with great eagerness and examined the Scriptures
every day to see if what Paul said was true." [Acts 17:11]



More information about the whatwg mailing list