- From: Olli Pettay <Olli.Pettay@helsinki.fi>
- Date: Wed, 22 Jun 2011 18:34:06 +0300
- To: "Tab Atkins Jr." <jackalmage@gmail.com>
- CC: Ryosuke Niwa <rniwa@webkit.org>, Adam Barth <w3c@adambarth.com>, Vincent Scheib <scheib@google.com>, Brandon Andrews <warcraftthreeft@sbcglobal.net>, "Gregg Tavares (wrk)" <gman@google.com>, Glenn Maynard <glenn@zewt.org>, Charles Pritchard <chuck@jumis.com>, Kenneth Russell <kbr@google.com>, robert@ocallahan.org, public-webapps@w3.org
On 06/22/2011 06:17 PM, Tab Atkins Jr. wrote: > On Wed, Jun 22, 2011 at 8:02 AM, Ryosuke Niwa<rniwa@webkit.org> wrote: >> On Mon, Jun 20, 2011 at 10:48 AM, Tab Atkins Jr.<jackalmage@gmail.com> >> wrote: >>> >>> 2. During a user-initiated click, you can lock the mouse to the target >>> or an ancestor without a permissions prompt, but with a persistent >>> message, either as an overlay or in the browser's chrome. >> >> Does this mean that website is forced to release the lock before mouse-up >> happens? Or did you just mean that a website can start the lock during a >> click? > > The latter; the former is useful, but in a different way (it's for > letting people drag something, like a scrollbar, without having to > stay precisely on the element). > > >> If it's latter, I have a problem with that. I know many people who >> select text on a page just to read them. They obviously don't expect their >> cursors being tracked/locked by a website. > > We can't do anything about cursors being "tracked" - that's allowed > already by the existing mouse events. How? If mouse is not pressed and you move mouse outside the browser window, the mouse sure can't be tracked. > > I don't expect authors to lock the mouse arbitrarily with this ability > unless they're being malicious. And we need to protect user from malicious web apps. > The intent is to allow non-fullscreen > games to lock the mouse when the user clicks the "Start Game" button > or similar. (For the malicious authors, see below.) > >> Also, once my mouse is locked, how do I free it? > > That was covered in the paragraph you quoted, though cursorily. If > the mouse is locked in this way, the browser should show a persistent > message (either in its chrome or as an overlay) saying something like > "Your mouse cursor is being hidden by the webpage. Press Esc to show > the cursor.". > > This shouldn't be too annoying for the games case, but should allow > users, even clueless ones, to know when a site is being malicious and > how to fix it. Once they get their cursor back, they can just leave > that page. So we would end up web apps where after clicking anything in the page user needs to use keyboard to get out of the application? Doesn't sound too user friendly. IMO, user really should be informed before locking the mouse. -Olli
Received on Wednesday, 22 June 2011 15:34:57 UTC