- From: Adam Barth <w3c@adambarth.com>
- Date: Fri, 20 Aug 2010 22:21:45 -0700
On Fri, Aug 20, 2010 at 7:25 PM, Robert O'Callahan <robert at ocallahan.org> wrote: > On Sat, Aug 21, 2010 at 8:24 AM, Ian Hickson <ian at hixie.ch> wrote: >> One comment: Rather than adding an "allowfullscreen" attribute on >> <iframe>, I would suggest just assuing that sandboxed content (i.e. >> content of iframes with the sandbox="" attribute) can't go fullscreen. I >> can provide a sandbox flag for this state. If we think there are use cases >> for allowing sandboxed iframes to go fullscreen, then I can also add a >> keyword that turns off the flag when present (like "allow-scripts" does >> for scripts). (I'm assuming there are no cases for disabling fullscreen >> for unsandboxed iframes; are there?) > > What about legacy content that doesn't use "sandbox"? It might expect > cross-origin IFRAMEs to not be able to take over its window, but if the > IFRAME content goes fullscreen, it effectively can. > > I think allowing subframes to go fullscreen should always be opt-in. How is going fullscreen different from opening a popup window? Adam
Received on Friday, 20 August 2010 22:21:45 UTC