
JavaScript Full Screen API, Navigation Timing and repeating CSS Gradients - typester
http://peter.sh/2011/01/javascript-full-screen-api-navigation-timing-and-repeating-css-gradients/
======
there
i just downloaded a webkit nightly and tested the full-screen api from his
site.

my first thought was that someone could make a page respond to a user clicking
a link and instead of navigating to it, make the page go full-screen and draw
fake window chrome on the page to trick the user into thinking the browser is
on a new site. it's like the old window.popup() stuff but this time you can
completely remove the browser's own window decorations.

i hope the final implementation gets some kind of prompt or other warning to
the user before going full-screen.

~~~
mnutt
The same attack is also possible with Flash's fullscreen; their "Press Esc to
exit Fullscreen" message would work fine here too.

~~~
sil3ntmac
I don't think so... isn't the keyboard disabled in Flash fullscreen? Same goes
for Silverlight and Java applets.

~~~
trampsymphony
The keyboard remains active in Flash fullscreen, though you cannot bind
anything to the "ESC" key if I'm remembering correctly.

------
bretthopper
This is part of an ongoing series tracking updates to Webkit and Chromium in
case it wasn't clear by the title.

