- From: Philip Jägenstedt <philipj@opera.com>
- Date: Thu, 19 May 2011 13:30:14 +0200
On Thu, 19 May 2011 12:22:44 +0200, Robert O'Callahan <robert at ocallahan.org> wrote: > On Thu, May 19, 2011 at 9:34 PM, Philip J?genstedt > <philipj at opera.com>wrote: > >> Regarding user prompts, I am tentatively in favor of the approach that >> Jer >> appears to be arguing for, which is to never prompt the user but rather >> simply require direct user interaction in order to go to fullscreen > > > The rest sounds reasonable, but I doubt "requiring direct user > interaction" > (by which I assume you mean requiring the user to click somewhere > (anywhere) > in the page) provides any meaningful security benefit. I certainly think > I'd > have a hard time convincing our security people of that! That would not be the only line of defense and is as much an anti-annoyance feature like pop-up blocking as it is part of making it abundantly clear to the user what page has gone into fullscreen and why. This is certainly *relevant* to security, although not the only component. Are there security issues with this setup? * fullscreen can only be requested by direct user interaction * fullscreen is entered with an animation * after entering fullscreen (for the first time on a site, or whatever rules the UA imposes), it's impossible to interact with the page until the user acknowledges that they want to stay in fullscreen, with the page dimmed in the background. The last point could be replaced by whatever the UA thinks is enough to be sure that the user realizes what has happened, prompting wouldn't be mandatory. -- Philip J?genstedt Core Developer Opera Software
Received on Thursday, 19 May 2011 04:30:14 UTC