2009/12/16 Ian Fette (イアンフェッティ) <ife...@google.com>: > 2009/12/16 Jonas Sicking <jo...@sicking.cc> >> >> 2009/12/16 Ian Fette (イアンフェッティ) <ife...@google.com>: >> > I think what I've heard from application developers over and over again >> > is >> > that, while the UA may provide some way to go into full screen from in >> > the >> > browser chrome, it is much more discoverable when that capability exists >> > from within the content area (e.g. people are used to clicking on the >> > full >> > screen button in YouTube, and when you take that away users can no >> > longer >> > figure out how to go full screen). >> > Obviously there are security considerations re: UI spoofing, but I'm >> > beginning to wonder how much we should beat ourselves over this. If >> > there >> > are simple things that we can do to improve upon the model Flash uses >> > (e.g. >> > don't have a translucent overlay but instead use an opaque overlay, or >> > use >> > an overlay that doesn't go away until the user dismisses it, etc) >> > without >> > totally killing current use cases and discoverability, then let's >> > consider >> > that. Overall though, it feels like we are burying our head in the sand >> > a >> > bit by saying "Well, as long as HTML doesn't provide a way to go full >> > screen, the users are safe and it's not *our* fault if anything bad >> > happens," when the reality is that Flash is installed on 98-99% of all >> > machines out there and anyone who is really trying to phish people using >> > this method could easily use flash instead of whatever we provide. (And >> > yes >> > I'm aware people can turn off flash, but those users sophisticated >> > enough to >> > use noflash can probably figure out if they are in full-screen mode or >> > not.) >> > -Ian >> >> In addition to UI spoofing there is also the "annoying websites" >> factor. There is today API for pages to resize the browser window, >> which I know that some pages abuse to resize the browser window to be >> as big as possible. This API is one of very few that Firefox has >> specific API to turn off, because its one of the APIs that annoy users >> the most. >> > > You could tie it to user gestures, e.g. only allow a page to call > fullscreen() in response to a user gesture, much as many browsers will block > popups that do not result from a user gesture. Not perfect, but a large > improvement. > >> >> As for flash going full screen. I heard something regarding that while >> in full screen mode flash disables certain capabilities, in order to >> reduce the risk of spoofing. Such as the ability to receive keyboard >> events. Haven't investigated this at all though. >> > > correct > >> >> I'm also not sure what you mean by "can probably figure out if they >> are in full-screen mode or not". How would you figure this out? Other >> than by installing a non-standard skin for your desktop or browser? >> > > If you can only call fullscreen() in response to a user gesture, and there > is some reasonably obvious thing that happens when you go full screen > (hopefully a bit more obvious than what Flash currently does), then I'm > hoping a sophisticated user who knows about noflash could figure out that > they just went into fullscreen. As for the unsophisticated user, they're > already "at risk" by flash, hopefully we could do better than flash, but if > not, I think I would be willing to accept being on-par with Flash on this > issue.
You need to ensure that the user is actively looking at the screen though. If the user is getting back to a screen that is now in fullscreen mode it seems hard to impossible to tell in the general case. Unless you slab a bar at the top screen that constantly says "Fullscreen mode, take caution". I guess that if you enforced that fullscreen could only happen in response to a click then you are in better shape. I'd say you should try implementing this in chrome :) As for comparisons to flash, one of the goals of the mozilla project is to improve the web, not stay on par with flash ;) / Jonas