[whatwg/fullscreen] Fullscreen request on invisible document should be denied (#58) from Xidorn Quan on 2016-09-29 (public-webapps-github@w3.org from September 2016)

From: Xidorn Quan <notifications@github.com>
Date: Wed, 28 Sep 2016 22:06:00 -0700
To: whatwg/fullscreen <fullscreen@noreply.github.com>
Message-ID: <whatwg/fullscreen/issues/58@github.com>

I suppose that exposes security risks that attacker can open a background window and put it into fullscreen without having user notice it. And then when user switches window, it may start spoofing.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fullscreen/issues/58

Received on Thursday, 29 September 2016 05:06:28 UTC