[whatwg] Full Screen API Feedback

On Tue, May 17, 2011 at 10:13 PM, Maciej Stachowiak <mjs at apple.com> wrote:
> I think not having a full keyboard input mode at all is an option that should be seriously considered. Probably a very small set of keys is sufficient for games.

For trivial arcade games, maybe.  But RPGs and strategy games, for
example, routinely use up most of the keyboard for hotkeys.

For instance, in RPGs it's conventional that I opens your inventory, J
opens your journal/quest log/whatever, M is the map, and usually at
least a dozen more game-specific things -- switching weapons,
activating spells or healing potions, pausing (the "Pause" key is too
hard to hit), etc.  NetHack is an example of an RPG that's completely
keyboard-based, and where I'm pretty sure every single key is used
(command list: <http://www.nethack.org/v343/Guidebook.html#_TOCentry_7>)
-- although nobody plays that particular RPG fullscreen.

In real-time strategy games you'll often have context-specific hotkeys
that are used very extensively.  Whatever units or buildings you have
selected will usually have a repertoire of commands you can issue, and
they invariably all have hotkeys.  Micromanaging your time is
essential in RTSes, especially multiplayer, so you want to be able to
hit 9ZZZZ to select your Gateway and queue up four Zealots or
something like that without having to scroll around the map and click
buttons.

The same tends to be true for any reasonably complicated game --
they'll all want to be able to use arbitrary parts of the keyboard, or
as close as possible.  Of course, such games might have other
requirements that would mean they'd want to be installed as trusted
apps anyway, for browsers that support that notion.

On Thu, May 19, 2011 at 6:22 AM, Robert O'Callahan <robert at ocallahan.org> wrote:
> The rest sounds reasonable, but I doubt "requiring direct user interaction"
> (by which I assume you mean requiring the user to click somewhere (anywhere)
> in the page) provides any meaningful security benefit. I certainly think I'd
> have a hard time convincing our security people of that!

It's necessary for anti-annoyance alone, but it also might provide a
security benefit.  If script could do fullscreen whenever it liked, it
just has to wait until the user hasn't done anything for a few
minutes, and then hope that the user isn't paying attention and won't
see any messages during the transition.  If it can only try to go
fullscreen from an onclick or similar event handler that corresponds
to actual user interaction, or functions called from such a handler,
then it would have to spin in a busy loop to put a significant delay
between the user interaction and the fullscreening, which would quite
noticeably freeze the page in most browsers (not Opera), which would
increase the chance that the user would close it or at least get
suspicious.

Not that this is something we can depend on in isolation, but as
defense-in-depth, it seems like a meaningful benefit to me.

On Thu, May 19, 2011 at 7:30 AM, Philip J?genstedt <philipj at opera.com> wrote:
> Are there security issues with this setup?
>
> * fullscreen can only be requested by direct user interaction
> * fullscreen is entered with an animation
> * after entering fullscreen (for the first time on a site, or whatever rules
> the UA imposes), it's impossible to interact with the page until the user
> acknowledges that they want to stay in fullscreen, with the page dimmed in
> the background.
>
> The last point could be replaced by whatever the UA thinks is enough to be
> sure that the user realizes what has happened, prompting wouldn't be
> mandatory.

For the biggest use-case, namely video, it would be better if the
third point was replaced by "hitting most keys exits fullscreen,
hitting any key or moving the mouse shows UI to close fullscreen".
It'd be pretty hard to do phishing under those circumstances.

As for games, it might be worth pointing out that gamers tolerate
amazing amounts of annoyance compared to normal users, because they
aren't doing anything important anyway and the momentary annoyance is
quickly eclipsed by the fun of playing the game.  Fullscreen games are
almost always going to be immersive things you play when you have
nothing else to do, so it might be perfectly tolerable to impose UI
that's more annoying than we'd normally tolerate.

For example, to play Vampire: The Masquerade - Bloodlines on Wine, I
had to go through a multi-minute setup procedure to get it to start
properly, but it didn't bother me much, since I'd then play for a few
hours.  I also once played a game to the end which would blue-screen
Windows about once every half-hour, so I'd just quicksave often and
restart the computer when it crashed.  Not to mention the countless
games that crash to desktop regularly, or suffer from other egregious
bugs.  And people put up with some games taking a minute or more to
load individual levels.  Not that any of this is ideal or desired, but
it should be kept in mind that full-screen games have different
requirements from things like video, which *need* to be effortless.

Received on Thursday, 19 May 2011 10:52:20 UTC