On Mon, Jun 20, 2011 at 10:18 AM, Adam Barth <w...@adambarth.com> wrote: > So it sounds like we don't have a security model but we're hoping UA > implementors can dream one up by combining enough heuristics.
A model which I suggested privately, and which I believe others have suggested publicly, is this: 1. While fullscreen is enabled, you can lock the mouse to the fullscreened element without a prompt or persistent message. A temporary message may still be shown. The lock is automatically released if the user exits fullscreen. 2. During a user-initiated click, you can lock the mouse to the target or an ancestor without a permissions prompt, but with a persistent message, either as an overlay or in the browser's chrome. 3. Otherwise, any attempt to lock the mouse triggers a permissions prompt, and while the lock is active a persistent message is shown. These wouldn't be normative, of course, because different platforms may have different permissions models, but they seem like a good outline for balancing user safety with author convenience/lack of user annoyance. ~TJ