[whatwg] Full Screen API Feedback
Eric Carlson
eric.carlson at apple.com
Fri May 13 09:17:47 PDT 2011
On May 13, 2011, at 12:46 AM, Henri Sivonen wrote:
> On Thu, 2011-05-12 at 20:29 -0400, Aryeh Gregor wrote:
>> In
>> particular, Flash has allowed this for years, with 95%+ penetration
>> rates, so we should already have a good idea of how this feature can
>> be exploited in practice.
>
> I don't know of exploits in the wild, but I've read about
> proof-of-concept exploits that overwhelmed the user's attention visually
> so that the user didn't notice the "Press ESC to exit full screen"
> message. This allowed subsequent UI spoofing. (I was unable to find the
> citation for this.)
>
Maybe you were thinking of this: http://www.bunnyhero.org/2008/05/10/scaring-people-with-fullscreen/.
eric
More information about the whatwg
mailing list