canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Gecko:FullScreenAPI: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 171: | Line 171: | ||
.advertisement { display:none; } | .advertisement { display:none; } | ||
} | } | ||
== Securtiy == | |||
Date of discussion: 2011.04.11 | |||
Security Concerns: | |||
* Ability of website to enter fullscreen and pre-empt keyboard focus | |||
* User interaction currently not required for entering full screen mode | |||
* Fullscreen could be used as an attack vector | |||
Responses: | |||
* There is a mode called without keys that does not take keyboard input | |||
* Focus is released on tab change or window change | |||
Possible Remediations: | |||
* ESC key should be used to exit, similar to other well known apps users are familiar with | |||
* A user preference should be available for users to say allow full-screen or dis-allow full screen for a given URL domain (Ie. Popup or geolocation preferences) | |||
* Possible use of some indicator to show a user they are in full-screen mode | |||
* Possible use of permission manager | |||
* Plug-ins should be disabled when in full-screen mode | |||
To-Do | |||
* Re-review as spec firms up and code begins to land | |||
== Issues == | == Issues == | ||