- From: Hallvord R. M. Steen <hsteen@mozilla.com>
- Date: Tue, 16 Sep 2014 23:44:14 -0700 (PDT)
- To: "Brian Matthews (brmatthe)" <brmatthe@cisco.com>
- Cc: Ben Peters <Ben.Peters@microsoft.com>, "James M. Greene" <james.m.greene@gmail.com>, Perry Smith <pedzsan@gmail.com>, public-webapps@w3.org
>> Not quite :) Check the list of events - mousemove isn't included: >> http://www.w3.org/TR/html5/browsers.html#allowed-to-show-a-popup > I was just going by where I¹ve seen pages pop up windows, and I¹ve seen > pages that pop up windows just by moving the mouse across them. If you see that again, please report a bug to your browser vendor so it can be properly analysed. >> Keeping in mind that Flash has had similar policies for a while > Isn¹t Flash limited to a region of the page? Not necessarily. For example, it's trivial to make a transparent Flash thingy that follows your mouse when you move it to catch any clicks. > And I suppose that¹s the answer here too, > someone will write an extension to block a page from modifying or reading > the clipboard and I¹ll just use that. Although that doesn¹t help on mobile > browsers that don¹t allow extensions. On the timeline of a spec and its implementations, I'm almost certain you'll have a choice of mobile browsers with extension support when this spec is widely implemented in full detail ;). Now, security/usability is a matter of trade-offs and balances. It's valuable to try to imagine all sorts of abuse that might occur, but it's also a bit like thinking of all the bad things that *might* happen if you left the house. Most of us still go outside many times a week. -Hallvord
Received on Wednesday, 17 September 2014 06:44:42 UTC