W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2010

[whatwg] api for fullscreen() - security issues

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Sat, 30 Jan 2010 23:57:57 -0500
Message-ID: <4B650DD5.7040108@mit.edu>
On 1/30/10 11:38 PM, Tab Atkins Jr. wrote:
> On Sat, Jan 30, 2010 at 9:08 PM, Simon Fraser<smfr at me.com>  wrote:
>> * require that enterFullscreen() is being called inside a user-event handler
>> (e.g. click or keypress) to avoid drive-by fullscreen annoyances.
>
> This one seems kind of weird.  Does the spec currently distinguish
> significantly between a user-initiated click and a script-initiated
> one?

Not sure about the spec, but popup blockers sure do.

-Boris
Received on Saturday, 30 January 2010 20:57:57 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:20 UTC