Hacker Newsnew | comments | show | ask | jobs | submit login

The latest version of Safari shows no warning on fullscreen, making users very vulnerable. The only indication is a short, half-second animation (it's much shorter than the usual OS X fullscreen animation). After that, there's no indication that you're in fullscreen mode.

Safari also completely disallows keyboard input in fullscreen mode, which majorly mitigates the vulnerability.


Does it also disable using any kind of keyboard event? Because if so, that cuts out a ton of legitimate use cases for full screen. If not, it just makes the vulnerability slightly more of a pain to exploit.


Applications are open for YC Winter 2016

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact