Hacker Newsnew | comments | ask | jobs | submitlogin
feross 556 days ago | link | parent

Good question. The key difference is that using the Fullscreen API let's you fake the "green location bar" which, thanks to hundreds of PSAs from the tech community over the years, has become synonymous with "this site is safe and secure".


ygra 556 days ago | link

The problem is that for many years the browser's chrome/UI was in fact a place not hijackable by web sites. In contrast to things that appear within the normal client area as the often-spoofed yellowish notification bar of old Internet Explorer versions (the newer one at the bottom now sees this as well). I think Firefox opted for a very deliberate design in security-critical cases that will always appear from within the chrome and never overlay the page in a way that could be spoofed by clever CSS.

Of course, now with pages requesting to go fullscreen there isn't a browser UI anymore that could show things that cannot normally appear in the page content. Hitting F11 previously at least was something no web page could ever do by itself. On the other hand, having to wade through warnings like Firefox' SSL warnings probably scares away users from fullscreen games and developers from using the feature.

I wouldn't really have an answer to anything of that. I don't even know whether I embedded a question, I think it was just rambling :-)

-----




Lists | RSS | Bookmarklet | Guidelines | FAQ | DMCA | News News | Feature Requests | Bugs | Y Combinator | Apply | Library

Search: