[whatwg] Full Screen API Feedback

On Fri, May 13, 2011 at 4:48 AM, Jer Noble <jer.noble at apple.com> wrote:

> I don't consider the following to be a "usable" UI:
>
> - User clicks a full screen button
> - Content resizes to occupy full window
> - Browser pops up a permissions dialog
> - User has to click the "Allow" button*
> - Window then becomes full screen
>
> * This line is especially egregious.  I can understand asking for
> permission if the original full screen request did not originate with a
> mouse click.  Heck, I'm fine with /requiring/ full screen to initiate with a
> mouse click.  But asking the user to confirm "did you really mean to do
> this?" for an easily reversable action is poor UI.  If the browser
> inadvertantly exposes the user's geolocation to a website, that's an action
> that can never be undone.  The same is not true for the full screen case.
>

It's easy to get a user to click in a page so requiring mouse clicks isn't a
lot of protection. The scenario people are worried about is that the user
clicks, the page goes full-screen and initiates some kind of spoofing
attack, the user doesn't realize what is going on and gets phished or
something like that --- and that is irreversible.

For this case, I think probably a better UI would be what Flash has, to
actually go full-screen immediately but temporarily show a message telling
the user they're in fullscreen mode and how to get out. But I still strongly
feel that the API should be constrained so that passive confirmation won't
break sites, in case that turns out to be necessary in the future.

Rob
-- 
"Now the Bereans were of more noble character than the Thessalonians, for
they received the message with great eagerness and examined the Scriptures
every day to see if what Paul said was true." [Acts 17:11]

Received on Thursday, 12 May 2011 16:02:09 UTC