I think what I outlined in my e-mail (basically the security that's there already) does that. Require the user to be directly interacting with the Flash applet before allowing fullscreen (fullscreen API only works in keyboard/mouse events). The first time a Flash applet goes fullscreen from a domain name have the player itself prompt the user (similar deal as for webcams and mics).
Hell, I'd be fine with disallowing transparent backgrounds in fullscreen apps, that's not something I want and I don't think that most legitimate users of fullscreen want a transparent window. Of course, couldn't your banner ad already do what you describe? Probably not since Flash-based banner ads usually sit in IFRAMES so they're blocked by security domain, but I don't have to go fullscreen to do what you describe: that's all inside the web browser's window and that already works fine. The only problems I could see with fullscreen would largely be griefing from the apps, just like what popups do, and you combat it in the same way: default to blocking it, prompt the user to unblock it, allow them to unblock it permanently site-by-site (which is inline with all of the other security restrictions in the Flash player). It just kinda baffles me that its easier to capture *video* and *audio* from the user's machine than it is to interact with them fullscreen. Seems kinda backwards if security/privacy is a focus! ;-) Troy. On 9/14/07, Alex Harui <[EMAIL PROTECTED]> wrote: > > If you can propose a way that users can know that their input is going to > go to some other place on the screen or some hidden process in a browser, > then we can allow keyboard access. Otherwise, my banner add will place a > transparent window over your yahoo login and phish your password. Mean > people suck, and prevent us from giving out functionality as we'd like to. > We always opt for very conservative security in first releases of new > functionality like fullscreen, until we can figure out how to relax some of > those restrictions without inviting mean people to harm others. > > > ------------------------------ > > *From:* [email protected] [mailto:[EMAIL PROTECTED] *On > Behalf Of *Troy Gilbert > *Sent:* Friday, September 14, 2007 9:26 AM > *To:* [email protected] > *Subject:* Re: [flexcoders] Full Screen Mode > > > > I know Adobe has heard an earful on this, but I'd like to stress it again > since the issue has again been raised: > > Fullscreen mode without keyboard support is virtually worthless for almost > any app other than playing fullscreen video. Now, I understand that > fullscreen video is the primary reason for inclusion of this functionality. > Fine. > > But Adobe needs to pay some serious attention to the world of online games > which heavily use the Flash platform. Fullscreen games would be huge, but > without keyboard support it simply won't happen. Fullscreen web apps like > Picnik would be huge, but without keyboard support its limiting. > > I think the security requirement that an app can only go to fullscreen > inside of a mouse or keyboard event is perfect. I think the security > requirement that the ESCAPE key will *always* take the user out of the > fullscreen is fine. I'd even be fine with the Flash Player popping open a > confirmation dialog when the user wanted to go fullscreen just to be sure > (with a corresponding "always for this website" option, just like popup > blockers). > > But preventing all keyboard usage? It just renders fullscreen a completely > worthless feature for our products. We would embrace it and brag about it > and usher in some spectacular web-based experiences only possible because of > the Flash platform, but simply won't be able to because we need a minimum > amount of keyboard functionality (filling in a few forms, cursor keys, > etc.). > > AIR isn't the answer for us as the whole reason we've gone with the Flash > platform is the instant accessibility (no downloads). > > Please, please, please Adobe... please give us keyboard access in > fullscreen! Please! > > Troy. > > On 9/14/07, *Nick Collins* <[EMAIL PROTECTED]> wrote: > > Within the browser, no, but within AIR, yes. Since the Adobe AIR runtime > sandbox extends to the local desktop, you can access the file system, and > you can run full screen while still being able to use the keyboard and text > inputs. > > > > On 9/14/07, *Yigit Boyar* < [EMAIL PROTECTED]> wrote: > > yeah; it is sth that annoyed me; like years ago the removal of file access > at flash. (i guess it was flash 4 to 5) > > anyway; security comes first of course, but there must be a way to enable > these options, like a certificate or sth else.. > adobe? > Charlie Skinner wrote: > > Could anyone shed any light on what exactly the security issues are with > Full Screen Mode? > > > > I was really excited about this functionality when I first read about it. > But on further exploration I discover that: > > > > *Users cannot enter text in text input fields while in full-screen mode. > All keyboard input and key-related ActionScript is disabled while in > full-screen mode, with the exception of the keyboard shortcuts that take the > viewer out of full-screen mode.* > > * * > > I'm working on a large CMS in Flex and not being able to use the keyboard > or text input boxes makes the application pretty pointless. > > > > > > > > >
