Re: [whatwg/fullscreen] Consume user activation in `element.requestFullscreen()` (#153) from Mustaq Ahmed on 2022-11-02 (public-webapps-github@w3.org from November 2022)

From: Mustaq Ahmed <notifications@github.com>
Date: Wed, 02 Nov 2022 09:00:20 -0700
To: whatwg/fullscreen <fullscreen@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fullscreen/pull/153/c1300762256@github.com>

> Currently, Gecko also consume the user activation as we had received a bug of trapping the user in fullscreen mode, which invites DOS and spoofing possibilities.

Chrome originally proposed this consumption behavior to prevent a spoof, see https://crbug.com/851302.

>> And for pointer lock, we allow it without a vaild user activation if document is in fullscreen mode.
>
> That is contrary to what is in the Pointer Lock spec, right? Why don't we just link the actions together via a mechanism like in https://github.com/whatwg/fullscreen/issues/186?

IIRC Chrome added a similar hack to support some compat argument, can't recall any details!  Yes, #186 would be nice.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fullscreen/pull/153#issuecomment-1300762256
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fullscreen/pull/153/c1300762256@github.com>

Received on Wednesday, 2 November 2022 16:00:32 UTC