[whatwg] api for fullscreen()

2009/12/17 Jonas Sicking <jonas at sicking.cc>:
> I guess that if you enforced that fullscreen could only happen in
> response to a click then you are in better shape.

Browsers already have heuristics just like this for opening popup
windows, don't they?  They seem to work pretty well to prevent pages
from being too annoying.  I don't think going out of fullscreen is any
more annoying than closing a popup, so I think the only issue is
security.

Requiring a click doesn't seem like it would do anything to stop
spoofing, though.  You could just put an onclick handler on the body.
Users click on the page all the time, to follow links or select text.
Spoofing seems like a hard problem for general-purpose full-screening.

2009/12/17 Ian Fette (????????) <ifette at google.com>:
> maybe there's some dorky
> bar up top that stays around until you click "go away" or "never put up the
> dork bar again for this site".

So they only have to get you to watch one fullscreen video on their
site and reflexively dismiss the dork bar before they can spoof you?

Received on Thursday, 17 December 2009 03:33:14 UTC