W3C home > Mailing lists > Public > whatwg@whatwg.org > May 2011

[whatwg] Full Screen API Feedback

From: Eric Carlson <eric.carlson@apple.com>
Date: Fri, 13 May 2011 09:17:47 -0700
Message-ID: <8CBA8C5E-89B9-4399-9337-A71BA0D9D5C6@apple.com>

On May 13, 2011, at 12:46 AM, Henri Sivonen wrote:

> On Thu, 2011-05-12 at 20:29 -0400, Aryeh Gregor wrote:
>> In
>> particular, Flash has allowed this for years, with 95%+ penetration
>> rates, so we should already have a good idea of how this feature can
>> be exploited in practice.
> 
> I don't know of exploits in the wild, but I've read about
> proof-of-concept exploits that overwhelmed the user's attention visually
> so that the user didn't notice the "Press ESC to exit full screen"
> message. This allowed subsequent UI spoofing. (I was unable to find the
> citation for this.)
> 
  Maybe you were thinking of this: http://www.bunnyhero.org/2008/05/10/scaring-people-with-fullscreen/.

eric
Received on Friday, 13 May 2011 09:17:47 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:06 UTC