W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2012

Re: Defenses against phishing via the fullscreen api (was Re: full screen api)

From: Florian Bösch <pyalot@gmail.com>
Date: Tue, 23 Oct 2012 01:38:08 +0200
Message-ID: <CAOK8ODjHJ22x-3p7PazJy59rKMNx1yf9SZVGznxEGTocWfB4dw@mail.gmail.com>
To: Maciej Stachowiak <mjs@apple.com>
Cc: Chris Pearce <cpearce@mozilla.com>, Anne van Kesteren <annevk@annevk.nl>, "Carr, Wayne" <wayne.carr@intel.com>, "public-webapps@w3.org" <public-webapps@w3.org>, Feross Aboukhadijeh <feross@feross.org>, Jonas Sicking <jonas@sicking.cc>
On Tue, Oct 23, 2012 at 12:50 AM, Maciej Stachowiak <mjs@apple.com> wrote:

> Based on all this, I continue to think that requesting keyboard access
> should involve separate API, so that it can be feature-detected and given
> different security treatment by vendors as desired. This is what Flash
> does, and they have the most experience dealing with the security
> implications of fullscreen on the Web.
>
I support the notion that if not all vendors can agree on the exact
behavior/restrictions that an API is required to make this transparent to
the application developer both before attempting to request fullscreen
(capability discovery) and as a parameter to request fullscreen (which will
only succeed if that capability is offered).
Received on Monday, 22 October 2012 23:38:37 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:55 GMT