On Thu, 19 May 2011 19:52:20 +0200, Aryeh Gregor
<[email protected]> wrote:
On Thu, May 19, 2011 at 7:30 AM, Philip Jägenstedt <[email protected]>
wrote:
Are there security issues with this setup?
* fullscreen can only be requested by direct user interaction
* fullscreen is entered with an animation
* after entering fullscreen (for the first time on a site, or whatever
rules
the UA imposes), it's impossible to interact with the page until the
user
acknowledges that they want to stay in fullscreen, with the page dimmed
in
the background.
The last point could be replaced by whatever the UA thinks is enough to
be
sure that the user realizes what has happened, prompting wouldn't be
mandatory.
For the biggest use-case, namely video, it would be better if the
third point was replaced by "hitting most keys exits fullscreen,
hitting any key or moving the mouse shows UI to close fullscreen".
It'd be pretty hard to do phishing under those circumstances.
About video in particular, why would we not want video to be keyboard
accessible in full-screen? I very often pause/unpause and seek using the
keyboard when using standalone video players, and I'd like to do the same
in the browser as well.
As for games, it might be worth pointing out that gamers tolerate
amazing amounts of annoyance compared to normal users, because they
aren't doing anything important anyway and the momentary annoyance is
quickly eclipsed by the fun of playing the game. Fullscreen games are
almost always going to be immersive things you play when you have
nothing else to do, so it might be perfectly tolerable to impose UI
that's more annoying than we'd normally tolerate.
For example, to play Vampire: The Masquerade - Bloodlines on Wine, I
had to go through a multi-minute setup procedure to get it to start
properly, but it didn't bother me much, since I'd then play for a few
hours. I also once played a game to the end which would blue-screen
Windows about once every half-hour, so I'd just quicksave often and
restart the computer when it crashed. Not to mention the countless
games that crash to desktop regularly, or suffer from other egregious
bugs. And people put up with some games taking a minute or more to
load individual levels. Not that any of this is ideal or desired, but
it should be kept in mind that full-screen games have different
requirements from things like video, which *need* to be effortless.
Do you think we should have different permission levels in full-screen
which come with different levels of user prompting?
I don't think a persistent overlay is acceptable for either games or video
and keyboard input is needed for both. (No, I don't think it's acceptable
to require a mouse for video.)
--
Philip Jägenstedt
Core Developer
Opera Software
