W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

Re: Mouse Lock

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Mon, 20 Jun 2011 10:48:15 -0700
Message-ID: <BANLkTin-SZC8j-o_XewdibbnOEJKb=zxYKufZKubvAszt2D_qg@mail.gmail.com>
To: Adam Barth <w3c@adambarth.com>
Cc: Vincent Scheib <scheib@google.com>, Brandon Andrews <warcraftthreeft@sbcglobal.net>, "Gregg Tavares (wrk)" <gman@google.com>, Glenn Maynard <glenn@zewt.org>, Charles Pritchard <chuck@jumis.com>, Kenneth Russell <kbr@google.com>, robert@ocallahan.org, public-webapps@w3.org
On Mon, Jun 20, 2011 at 10:18 AM, Adam Barth <w3c@adambarth.com> wrote:
> So it sounds like we don't have a security model but we're hoping UA
> implementors can dream one up by combining enough heuristics.

A model which I suggested privately, and which I believe others have
suggested publicly, is this:

1. While fullscreen is enabled, you can lock the mouse to the
fullscreened element without a prompt or persistent message.  A
temporary message may still be shown.  The lock is automatically
released if the user exits fullscreen.

2. During a user-initiated click, you can lock the mouse to the target
or an ancestor without a permissions prompt, but with a persistent
message, either as an overlay or in the browser's chrome.

3. Otherwise, any attempt to lock the mouse triggers a permissions
prompt, and while the lock is active a persistent message is shown.

These wouldn't be normative, of course, because different platforms
may have different permissions models, but they seem like a good
outline for balancing user safety with author convenience/lack of user
annoyance.

~TJ
Received on Monday, 20 June 2011 17:49:02 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:45 GMT