W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

Re: Mouse Capture for Canvas

From: Charles Pritchard <chuck@jumis.com>
Date: Tue, 08 Feb 2011 20:09:37 -0800
Message-ID: <4D521381.3000109@jumis.com>
To: Glenn Maynard <glenn@zewt.org>
CC: Kenneth Russell <kbr@google.com>, robert@ocallahan.org, Brandon Andrews <warcraftthreeft@sbcglobal.net>, public-webapps@w3.org
On 2/8/2011 8:03 PM, Glenn Maynard wrote:
> On Tue, Feb 8, 2011 at 10:27 PM, Charles Pritchard <chuck@jumis.com 
> <mailto:chuck@jumis.com>> wrote:
>>     - It's a major break from the normal event model.  Merely
>>     defining an event shouldn't cause side-effects.
>     This proposal seems to say that mouse capture is enabled by adding
>     an event handler to an element.  I don't like this:
>     window.open is another item that only fires during an event
>     handle. I'm sure full screen is on that grounds.
>     Drag+drop does that.  [input type=file] is another.
> Sorry, that's not what I meant.  It's OK--if less than ideal--for 
> functionality to *only be available* during certain events.  What I 
> meant was that this proposal seems to cause mouse capture to happen as 
> a side-effect of the event handler being set at all.  Adding the 
> "mousecapture" event causes clicking the element to capture.  That's 
> what I don't like in particular.
I missed that ("mousecapture").

>     User initiated events are part of the security model; and the
>     current issues with mouse capture are about security.
> I typed this before but elided it since my mail got too long: 
> window.open is an example of why restricting these things to clicks 
> doesn't work very well.  Browsers tried to prevent unwanted popups by 
> only allowing them during clicks, and now instead of popups opening 
> when you load a page, they open the first time you click anywhere in 
> the window.
I've found it to be an improvement. If I don't click on a page, it's not 
going to spring nastiness on me.
Passive indicators provide some middle ground, though I find it to be a 
little difficult with [html manifest] in Firefox, but it's still an 

> That said, it would still help prevent non-malicious but misbehaving 
> scripts from accidentally taking over the browser, which can happen 
> anywhere, even on "trusted" sites.  However, that's just one possible 
> way of dealing with that problem, and browsers should be able to look 
> for less restrictive solutions (which is what I had in mind when I 
> referred to how operating systems deal with this).

"Trusted" sites aren't well defined, so for the time being, I'm fine 
with them taking over the browser.

As I understand things, operating systems have their function keys: the 
Windows key, the Mac key, the single special button on the iPhone, and 
so on.
(I use Win all the time when things go wrong)

Otherwise, they haven't gotten any further on the issue. Well... there's 
also the reset key, the power button, and the plug that runs out of the 
or the switch that releases the battery.
Received on Wednesday, 9 February 2011 04:10:06 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:30 UTC