Intent to Implement and Ship: window.focus() exits HTML5 fullscreen

48 views
Skip to first unread message

Avi Drissman

unread,
Jan 12, 2018, 12:39:00 PM1/12/18
to blink-dev
(now with correct subject line, as requested)

Contact emails
Summary
If a page calls |window.focus()| on a popup, it is exited from fullscreen.

Motivation
Fullscreen and window focusing do not mix well. Window focusing can interfere with the signals that Chromium uses to tell the user that they are in fullscreen (for those with security privileges, see https://crbug.com/776418).

HTML5 fullscreen is an immersive experience with one window taking over the entire screen. window.focus() is a request to change the focused window. Because they have different goals (immersion vs multi-window operation), this intervention should not affect legitimate sites.

We currently exit fullscreen for JavaScript dialogs and we currently exit fullscreen for popups (this behavior is so old it predates chromestatus.com). This intent is a follow-up to those features.

Compatibility risk
Low. As described, because these two features have two different goals, legitimate sites should not be affected.

Ongoing technical constraints
none

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Yes.

Launch tracking bug

Link to entry on the Chrome Platform Status

Requesting approval to ship?
Yes.

Daniel Bratell

unread,
Jan 15, 2018, 11:10:03 AM1/15/18
to blink-dev, Avi Drissman
I think you may have used an old version of the Intent to Ship template at https://docs.google.com/document/d/1vlTlsQKThwaX0-lj_iZbVTzyqY7LioqERU8DK3u3XjI/edit# . In particular the Intent is missing the risks section and the test section. 

The spec support for this is this statement I guess:
"The user agent may end any fullscreen session without instruction from the end user or call to exitFullscreen() whenever the user agent deems it necessary.". And I assume it will only close fullscreen if window.focus() would have actually move focus?

But let's get it done in the right template (yes, yes, this is annoying but there is a reason for the template sections . ;-) 

/Daniel - generally approves of the idea
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACWgwAaXKmAJSxRfWeyeT4sXwFOkig5QRpDwbxnvyM_4%2BS4XbA%40mail.gmail.com.



--
/* Opera Software, Linköping, Sweden: CET (UTC+1) */

Jochen Eisinger

unread,
Jan 15, 2018, 11:30:22 AM1/15/18
to Daniel Bratell, blink-dev, Avi Drissman
lgtm1

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/op.zcv4iqgvrbppqq%40cicero2.linkoping.osa.

Philip Jägenstedt

unread,
Jan 16, 2018, 9:04:59 AM1/16/18
to Daniel Bratell, blink-dev, Avi Drissman
I'll make an attempt at answering those bits in a non-templatey way.

The compat risk here would be that some content is doing window.focus(), perhaps back and forth, and expecting that to work. That would be possible to measure, but sufficiently far fetched that I think we need not. If we did measure it with use counters, we still couldn't tell if the usage was "good" or not, and only a very large usage would be reason to suspect we've missed something.

The interop risk with this and the previous modal dialogs change is that only Chrome decides to exit fullscreen in these conditions, and that some content that "accidentally" uses window.focus() would either come to depend on it doing nothing in the browser they tested (plausible) or depend on it actually existing fullscreen (quite implausible).

Unlike the modal dialogs, where Firefox and Safari have "in-page" modal dialogs and thus less reason to exit fullscreen, this is a case where maybe everyone would agree and we should just have the spec require it.

So I think we should do this, either taking the "user agent deems it necessary" route, or better requiring the behavior for all browsers. Avi, do you have a preference? Have you tested what window.focus() does in Edge, Firefox and Safari?

On Mon, Jan 15, 2018 at 5:10 PM Daniel Bratell <bra...@opera.com> wrote:

Ojan Vafai

unread,
Jan 18, 2018, 1:21:44 PM1/18/18
to Philip Jägenstedt, Daniel Bratell, blink-dev, Avi Drissman
LGTM2 once the spec changes are resolved. Agree that requiring the same behavior of all browsers is the preferred solution if that's not contentious.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAARdPYe8xZVpF8i%2Bn4JL3QXJe8t-fB%2BuQ8kdvKSL6PEAQhtLKA%40mail.gmail.com.

Yoav Weiss

unread,
Jan 19, 2018, 8:33:06 AM1/19/18
to Ojan Vafai, Philip Jägenstedt, Daniel Bratell, blink-dev, Avi Drissman
LGTM3 with similar caveats.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANMdWTszSUVwZ8CsTm8X-%3DMUTg8bW8EnZDGz9a4kWP07HokNRg%40mail.gmail.com.

Avi Drissman

unread,
Jan 22, 2018, 3:40:31 PM1/22/18
to Philip Jägenstedt, Daniel Bratell, blink-dev
The reason I am proposing this Intent is because I have an active security bug that I'm working on, where the use of window.focus() is used to attack and subvert our fullscreen security UI. Given that, I was proposing including this under the "UA deems it necessary" clause, but am happy to work on the standard.

To your question of what browsers currently do in this situation:

Chrome
  • If a page is in fullscreen, opening a popup kicks it out of fullscreen.
  • If a page is in fullscreen, attempting to focus a popup
    • Mac: switches screens to the popup as the fullscreen uses the native fullscreen (thus accidentally avoiding the security bug I'm working on)
    • Other: places the popup on top of the fullscreen (security bug)
Firefox
  • If a page is in fullscreen, opening a popup kicks it out of fullscreen.
  • If a page is in fullscreen, attempting to focus a popup places the popup on top of the fullscreen (which actually is exactly the same security bug as Chrome has)
Safari
  • If a page is in fullscreen, opening a popup makes the popup go fullscreen replacing the existing fullscreen page.
  • If a page is in fullscreen, attempting to focus a popup switches screens to the popup as the fullscreen uses the native fullscreen.
Edge
  • If a page is in fullscreen, opening a popup kicks it out of fullscreen.
  • If a page is in fullscreen, attempting to focus a popup kicks it out of fullscreen.
On one hand, this does look like an area where we can unify browser behavior. On the other hand, the behavior is already all over the place and thus pages have no reasonable expectations, plus the change I propose is already implemented by Edge so there's precedent.

Avi


To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.



--
/* Opera Software, Linköping, Sweden: CET (UTC+1) */

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.

Avi Drissman

unread,
Jan 24, 2018, 11:16:59 AM1/24/18
to Philip Jägenstedt, Daniel Bratell, blink-dev
Let's move the standards discussion to https://github.com/whatwg/fullscreen/issues/116 .

Meanwhile, given that this is already quite a disagreement in existing browsers, and we would be aligning ourselves with another major browser, do I have the LGTMs to make this change?

Avi

Philip Jägenstedt

unread,
Jan 24, 2018, 12:22:39 PM1/24/18
to Avi Drissman, Daniel Bratell, blink-dev
Thanks for the detailed summary of behavior on-thread and in the issue, Avi. You have 3xLGTM, but LGTM4 to proceed with the change and the spec discussion in parallel.

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.



--
/* Opera Software, Linköping, Sweden: CET (UTC+1) */

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.

Avi Drissman

unread,
Jan 24, 2018, 1:02:11 PM1/24/18
to Philip Jägenstedt, Daniel Bratell, blink-dev
Thank you. I will proceed.

As a note, since I found that the security bug that this is in response to is present as well in Firefox, I filed a bug with Firefox. It is marked as "Security-Sensitive" but if there are any Firefox security people watching, please take a look.

Avi

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.



--
/* Opera Software, Linköping, Sweden: CET (UTC+1) */

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.

Ojan Vafai

unread,
Jan 24, 2018, 1:39:31 PM1/24/18
to Avi Drissman, Philip Jägenstedt, Daniel Bratell, blink-dev

+1 to doing in parallel. My lgtm still stands.


To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.



--
/* Opera Software, Linköping, Sweden: CET (UTC+1) */

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACWgwAa4X8oD-qpxUjdO___1U9_nd18GY709gy4OQLYgtHLdjQ%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages