- From: Philip Jägenstedt <philipj@opera.com>
- Date: Fri, 20 May 2011 11:19:03 +0200
On Thu, 19 May 2011 19:52:20 +0200, Aryeh Gregor <Simetrical+w3c at gmail.com> wrote: > On Thu, May 19, 2011 at 7:30 AM, Philip J?genstedt <philipj at opera.com> > wrote: >> Are there security issues with this setup? >> >> * fullscreen can only be requested by direct user interaction >> * fullscreen is entered with an animation >> * after entering fullscreen (for the first time on a site, or whatever >> rules >> the UA imposes), it's impossible to interact with the page until the >> user >> acknowledges that they want to stay in fullscreen, with the page dimmed >> in >> the background. >> >> The last point could be replaced by whatever the UA thinks is enough to >> be >> sure that the user realizes what has happened, prompting wouldn't be >> mandatory. > > For the biggest use-case, namely video, it would be better if the > third point was replaced by "hitting most keys exits fullscreen, > hitting any key or moving the mouse shows UI to close fullscreen". > It'd be pretty hard to do phishing under those circumstances. About video in particular, why would we not want video to be keyboard accessible in full-screen? I very often pause/unpause and seek using the keyboard when using standalone video players, and I'd like to do the same in the browser as well. > As for games, it might be worth pointing out that gamers tolerate > amazing amounts of annoyance compared to normal users, because they > aren't doing anything important anyway and the momentary annoyance is > quickly eclipsed by the fun of playing the game. Fullscreen games are > almost always going to be immersive things you play when you have > nothing else to do, so it might be perfectly tolerable to impose UI > that's more annoying than we'd normally tolerate. > > For example, to play Vampire: The Masquerade - Bloodlines on Wine, I > had to go through a multi-minute setup procedure to get it to start > properly, but it didn't bother me much, since I'd then play for a few > hours. I also once played a game to the end which would blue-screen > Windows about once every half-hour, so I'd just quicksave often and > restart the computer when it crashed. Not to mention the countless > games that crash to desktop regularly, or suffer from other egregious > bugs. And people put up with some games taking a minute or more to > load individual levels. Not that any of this is ideal or desired, but > it should be kept in mind that full-screen games have different > requirements from things like video, which *need* to be effortless. Do you think we should have different permission levels in full-screen which come with different levels of user prompting? I don't think a persistent overlay is acceptable for either games or video and keyboard input is needed for both. (No, I don't think it's acceptable to require a mouse for video.) -- Philip J?genstedt Core Developer Opera Software
Received on Friday, 20 May 2011 02:19:03 UTC