[whatwg] Full screen for the <video> element

On Tue, 30 Oct 2007, Michael A. Puls II wrote:
> >
> > Well the global default would always have to be false, since you never 
> > know when the next site is going to abuse you.
> 
> Well, a user might turn on the global and use a blacklist for any 
> problem sites they encounter. Many already do that for cookies, java, 
> plugins and pics. (There's probably more that do the opposite though and 
> use a whitelist. Just saying that "always" may not be true. The default 
> when you install would have to be unchecked of course except for some 
> specific kiosk deal where the UA can only connect to trusted sites.)

Assuming that we'll need a blacklist even before the feature exists seems 
like admitting that the feature is flawed, which is a good sign that we 
shouldn't include it, IMHO. :-)


> I could even see there being a way to enable full screen for a site via 
> userJS/Greasemonkey scripts.
> 
> (Meaning, there might be a way to do it even if the spec doesn't say 
> there is. If so, it'd be a good thing to study to see if it's worthy of 
> adding to the spec later.)

Agreed.


> > Also, if the setting exists, it's far easier to trick users into 
> > setting it than if it doesn't.
> 
> Out of curiousity, is an automatic switch to full screen without the 
> user's consent considered an annoyance/usability problem or a 
> security/fishing attack/vulnerability problem or both?
> 
> FWIW, it's only the former IMO.

The former, yes.


> Not that it matters, much, but with WMP, a script can use 
> SetDisplaySize(3) to automatically switch to fullscreen without the 
> user's consent. You can do the same with the videolan plugin using 
> player.video.fullscreen = true. No warnings or anything.

Noted.


> If someone does ask why scripts can't switch to full screen, what would 
> the reason(s) be?
> 
> 1. There doesn't seem to be much demand for it.
> 
> 2. It's not clear what would be the best way for UAs to provide the 
> functionality while preventing sites from taking advantage of the 
> feature and annoying users.

Both, and also that it's considered ok for the user to have to tell the UA 
that he wants to go fullfreen (rather than the script having to tell the 
UA that the user wants to go fullscreen).

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Monday, 29 October 2007 22:47:39 UTC