[whatwg] Full Screen API Feedback

On May 13, 2011, at 12:46 AM, Henri Sivonen wrote:

> On Thu, 2011-05-12 at 20:29 -0400, Aryeh Gregor wrote:
>> In
>> particular, Flash has allowed this for years, with 95%+ penetration
>> rates, so we should already have a good idea of how this feature can
>> be exploited in practice.
> 
> I don't know of exploits in the wild, but I've read about
> proof-of-concept exploits that overwhelmed the user's attention visually
> so that the user didn't notice the "Press ESC to exit full screen"
> message. This allowed subsequent UI spoofing. (I was unable to find the
> citation for this.)
> 
  Maybe you were thinking of this: http://www.bunnyhero.org/2008/05/10/scaring-people-with-fullscreen/.

eric

Received on Friday, 13 May 2011 09:17:47 UTC