W3C home > Mailing lists > Public > whatwg@whatwg.org > May 2011

[whatwg] Full Screen API Feedback

From: Maciej Stachowiak <mjs@apple.com>
Date: Tue, 17 May 2011 19:13:25 -0700
Message-ID: <8051B2FA-22E4-4E70-99C2-D1E65C687C5E@apple.com>

On May 13, 2011, at 10:01 PM, Robert O'Callahan wrote:

> On Fri, May 13, 2011 at 8:52 PM, Maciej Stachowiak <mjs at apple.com> wrote:
> Limited or no keyboard input also greatly mitigates the risk of a full OS UI spoofing attack. I think there are better ways to address this than prompting the user. For example, for apps requesting full keyboard access, there could be an always-visible onscreen indicator that is not easily covered up. This does not necessarily have to be ugly, or distracting in a game context.
> 
> Can you elaborate on that? I'm having trouble thinking of a generic onscreen indicator that would meet that goal.

For example, a distinctive bar across the top of the screen with a button that clearly takes the user out of fullscreen. It could look similar to the menu bar found on Mac OS X or the status bar found on iOS. It could fade after some period of no user interaction, if that would be helpful for cases. Another possibility is a small square in the corner with a close box appearance.

It's true that this would prevent really true full screen for a game. However, it would be more effective at mitigating full OS UI simulation attacks than a confirmation prompt and would be less likely to confuse the user.

I believe also that for a Web app the user has explicitly chosen to "install", as with the Chrome Web Store, or for the no-keyboard / limited-keyboard case, these kinds of tricks are not even be necessary.

I think not having a full keyboard input mode at all is an option that should be seriously considered. Probably a very small set of keys is sufficient for games.


> 
> Another possibility is to have the indicator appear on mouse move.
> 
> That's fine for video, but not for anything interactive. Do you have in mind a generic onscreen indicator that would work well for, say, Quake?


Regards,
Maciej
Received on Tuesday, 17 May 2011 19:13:25 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:06 UTC