W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

Re: Mouse Capture for Canvas

From: Glenn Maynard <glenn@zewt.org>
Date: Tue, 8 Feb 2011 23:03:23 -0500
Message-ID: <AANLkTi=FteetNGwGJjqDsxvb7SrE6aq=ONVT4A11J9q0@mail.gmail.com>
To: Charles Pritchard <chuck@jumis.com>
Cc: Kenneth Russell <kbr@google.com>, robert@ocallahan.org, Brandon Andrews <warcraftthreeft@sbcglobal.net>, public-webapps@w3.org
On Tue, Feb 8, 2011 at 10:27 PM, Charles Pritchard <chuck@jumis.com> wrote:
>  - It's a major break from the normal event model.  Merely defining an
> event shouldn't cause side-effects.
> This proposal seems to say that mouse capture is enabled by adding an event
> handler to an element.  I don't like this:
> window.open is another item that only fires during an event handle. I'm
> sure full screen is on that grounds.
> Drag+drop does that.  [input type=file] is another.

Sorry, that's not what I meant.  It's OK--if less than ideal--for
functionality to *only be available* during certain events.  What I meant
was that this proposal seems to cause mouse capture to happen as a
side-effect of the event handler being set at all.  Adding the
"mousecapture" event causes clicking the element to capture.  That's what I
don't like in particular.

User initiated events are part of the security model; and the current issues
> with mouse capture are about security.

I typed this before but elided it since my mail got too long: window.open is
an example of why restricting these things to clicks doesn't work very
well.  Browsers tried to prevent unwanted popups by only allowing them
during clicks, and now instead of popups opening when you load a page, they
open the first time you click anywhere in the window.

That said, it would still help prevent non-malicious but misbehaving scripts
from accidentally taking over the browser, which can happen anywhere, even
on "trusted" sites.  However, that's just one possible way of dealing with
that problem, and browsers should be able to look for less restrictive
solutions (which is what I had in mind when I referred to how operating
systems deal with this).

Glenn Maynard
Received on Wednesday, 9 February 2011 04:03:56 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:30 UTC