Re: [Bug 19297] New: May user agents apply additional restrictions on entering pointer lock?

2012-10-09 Thread Florian Bösch
Cheer up everyone, we've got somebody dedicated to writing fullscreen exploits now :) http://feross.org/html5-fullscreen-api-attack/ Summary: Change blindness may make phishing attacks feasible (displaying a mock browser/page in fullscreen) Cause: Switch to fullscreen before user consent. Fix:

Re: [Bug 19297] New: May user agents apply additional restrictions on entering pointer lock?

2012-10-09 Thread Charles McCathie Nevile
On Tue, 09 Oct 2012 08:43:13 +0200, Florian Bösch pya...@gmail.com wrote: Cheer up everyone, we've got somebody dedicated to writing fullscreen exploits now :) http://feross.org/html5-fullscreen-api-attack/ Summary: Change blindness may make phishing attacks feasible (displaying a mock

Re: [Bug 19297] New: May user agents apply additional restrictions on entering pointer lock?

2012-10-09 Thread Florian Bösch
On Tue, Oct 9, 2012 at 11:41 AM, Charles McCathie Nevile cha...@yandex-team.ru wrote: On Tue, 09 Oct 2012 08:43:13 +0200, Florian Bösch pya...@gmail.com wrote: Cheer up everyone, we've got somebody dedicated to writing fullscreen exploits now :)

Re: [Bug 19297] New: May user agents apply additional restrictions on entering pointer lock?

2012-10-09 Thread Florian Bösch
On Tue, Oct 9, 2012 at 1:45 PM, Anne van Kesteren ann...@annevk.nl wrote: On Tue, Oct 9, 2012 at 12:51 PM, Florian Bösch pya...@gmail.com wrote: TL;DR I don't think you lose anything of value if you move the confirmation to before the fullscreen change and you might just inadvertedly