Hacker News new | past | comments | ask | show | jobs | submit login

i just downloaded a webkit nightly and tested the full-screen api from his site.

my first thought was that someone could make a page respond to a user clicking a link and instead of navigating to it, make the page go full-screen and draw fake window chrome on the page to trick the user into thinking the browser is on a new site. it's like the old window.popup() stuff but this time you can completely remove the browser's own window decorations.

i hope the final implementation gets some kind of prompt or other warning to the user before going full-screen.

The same attack is also possible with Flash's fullscreen; their "Press Esc to exit Fullscreen" message would work fine here too.

I don't think so... isn't the keyboard disabled in Flash fullscreen? Same goes for Silverlight and Java applets.

The keyboard remains active in Flash fullscreen, though you cannot bind anything to the "ESC" key if I'm remembering correctly.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact