Given the extremely widespread use of Fullscreen in techscams <https://textslashplain.com/2023/09/12/attack-techniques-fullscreen-abuse/>, I'm concerned about making things easier for attackers.
Can I use this new API to make it such that every time my victim user clicks in a fullpage attack window a new fullpage attack window opens over top of it? Or does a user only get one full-screen window at a time? On Thursday, September 28, 2023 at 2:17:38 PM UTC-5 [email protected] wrote: > Correction: > > *OriginTrial desktop last: **122* (not 123). > > On Thursday, September 28, 2023 at 11:19:50 AM UTC-7 [email protected] > wrote: > >> +@[email protected] >> >> On Tuesday, September 26, 2023 at 1:16:01 PM UTC-7 [email protected] >> wrote: >> >>> Contact emails >>> >>> [email protected], [email protected] >>> >> >>> Explainer >>> >>> >>> https://github.com/w3c/window-management/blob/main/EXPLAINER_fullscreen_popups.md >>> >>> Specification >>> >>> >>> https://github.com/w3c/window-management/blob/main/EXPLAINER_fullscreen_popups.md#spec-changes >>> >>> Design docs >>> >>> >>> https://github.com/w3c/window-management/blob/main/security_and_privacy_fullscreen_popups.md >>> >>> Summary >>> >>> Adds the ability to open a popup directly to fullscreen. >>> >>> Adds a `fullscreen` option to the `windowFeatures` parameter to the >>> `window.open()` JavaScript API, which allows the caller to open a popup >>> directly to full-screen on the display that would contain the popup (based >>> on `screenX`/`screenY`). This eliminates the need for the developer to >>> manually transition a popup into fullscreen, which could require a separate >>> user activation signal. >>> >>> Blink component >>> >>> Blink>Fullscreen >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EFullscreen>, >>> >>> Blink>WindowDialog >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EWindowDialog>, >>> >>> Blink>Screen>MultiScreen >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component%3ABlink%3EScreen%3EMultiScreen&can=2> >>> >>> TAG review >>> >>> https://github.com/w3ctag/design-reviews/issues/840 >>> >>> TAG review status >>> >>> Pending >>> >>> Risks >>> >>> Interoperability and Compatibility >>> >>> Gecko: No signal ( >>> https://github.com/mozilla/standards-positions/issues/714) >>> >>> WebKit: No signal ( >>> https://github.com/WebKit/standards-positions/issues/101) >>> >>> Web developers: Positive >>> https://github.com/w3c/window-placement/issues/7 >>> https://github.com/w3c/window-placement/issues/98 >>> https://github.com/w3c/window-placement/issues/92 >>> >>> Other signals: >>> >>> WebView application risks >>> >>> This feature is not supported on WebView, attempted usage will fall back >>> to existing behavior. >>> >>> Goals for experimentation >>> >>> Gather feedback from early adopters on the API shape, ease of >>> integration, edge cases that may require attention. Iterate on potential UX >>> improvements related to this alternative fullscreen entrypoint. >>> >>> Ongoing technical constraints >>> >>> None >>> >>> Debuggability >>> >>> This feature utilizes the existing `windowFeatures` string parameter in >>> `window.open()` and does not modify any structured (i.e. WebIDL) API >>> surface. This feature will utilize existing fullscreen APIs which >>> developers can use for debugging (`document.fullscreenElement`, >>> `fullscreenchange`, and `fullscreenerror`, etc.), in the absence of an >>> `Element.requestFullscreen()` promise. >>> >>> Will this feature be supported on all six Blink platforms (Windows, Mac, >>> Linux, Chrome OS, Android, and Android WebView)? >>> >>> No. This feature initially only applies to desktop platforms. Support >>> for mobile platforms may be considered in the future. >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>> ? >>> >>> Mostly. Automated web platform tests are limited to single display >>> environments, so manual execution is required to test fullscreen popups >>> <https://wpt.fyi/results/window-management/multi-screen-window-open-fullscreen.tentative.https.html?label=master&label=experimental&aligned> >>> >>> across displays. (crbug.com/1252062) >>> >>> Flag name on chrome://flags >>> >>> chrome://flags/#fullscreen-popup-windows >>> >>> Finch feature name >>> >>> FullscreenPopupWindows >>> >>> Requires code in //chrome? >>> >>> False >>> >>> Tracking bug >>> >>> https://bugs.chromium.org/p/chromium/issues/detail?id=1142516 >>> >>> Launch bug >>> >>> https://launch.corp.google.com/launch/4263088 >>> >>> Estimated milestones >>> >>> OriginTrial desktop last >>> >>> 123 >>> >>> OriginTrial desktop first >>> >>> 119 >>> >>> DevTrial on desktop >>> >>> 113 >>> >>> Link to entry on the Chrome Platform Status >>> >>> https://chromestatus.com/feature/6002307972464640 >>> >>> Links to previous Intent discussions >>> >>> Intent to prototype: >>> https://groups.google.com/a/chromium.org/g/blink-dev/c/t8lL5RvfLJY >>> >>> Ready for Trial: >>> https://groups.google.com/a/chromium.org/g/blink-dev/c/EnDQsWx8cGQ >>> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/cbeddf81-17d1-47a9-abbb-23b920fbdd2fn%40chromium.org.
