Gecko:FullScreenAPI: Difference between revisions

no edit summary
No edit summary
No edit summary
Line 171: Line 171:
   .advertisement { display:none; }
   .advertisement { display:none; }
  }
  }
== Securtiy ==
Date of discussion: 2011.04.11


Security Concerns:
* Ability of website to enter fullscreen and pre-empt keyboard focus
* User interaction currently not required for entering full screen mode
* Fullscreen could be used as an attack vector
Responses:
* There is a mode called without keys that does not take keyboard input
* Focus is released on tab change or window change
Possible Remediations:
* ESC key should be used to exit, similar to other well known apps users are familiar with
* A user preference should be available for users to say allow full-screen or dis-allow full screen for a given URL domain (Ie. Popup or geolocation preferences)
* Possible use of some indicator to show a user they are in full-screen mode
* Possible use of permission manager
* Plug-ins should be disabled when in full-screen mode
To-Do
* Re-review as spec firms up and code begins to land
== Issues ==
== Issues ==


canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776

edits