--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACWgwAYaBdYy12OChde_uMDbzU%2B9Jns8u6g5g2QgKxDjeSaYAQ%40mail.gmail.com.
Can you clarify whether print() will also exit fullscreen?
I assume you'll fully exit fullscreen before changing the stacking order for the dialog, right?
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACWgwAY1J%3DHcTTMv1CLSBpVmAZcx9yDdi9STVCczQv%2B4yFiCfA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALjhuien6iuu%2BtiHwwQnJRV4Aw2FsBR_o2v%2BTSaWgGHhsvprOw%40mail.gmail.com.
LGTM2. (For what it's worth... not sure if mine counts.)
Could we get the spec updated? It must be possible for the browser to exit a page out of fullscreen for whatever reason. For example if another tab is focused (which can happen autonomously if an alert is fired from another page), we will today exit full screen. I think the spec should allow the user agent to exit fullscreen at any time.
On Thu, Jun 1, 2017 at 12:53 AM, Matt Giuca <mgi...@chromium.org> wrote:LGTM2. (For what it's worth... not sure if mine counts.)As this is an Intent, I'm looking for API_OWNER approvals. As you were part of the discussion deciding to go this route, I'd hope you were in agreement :)
Could we get the spec updated? It must be possible for the browser to exit a page out of fullscreen for whatever reason. For example if another tab is focused (which can happen autonomously if an alert is fired from another page), we will today exit full screen. I think the spec should allow the user agent to exit fullscreen at any time.I can file a spec bug if that helps. I've filed against https://github.com/whatwg/html; would it be https://github.com/whatwg/fullscreen ?
Avi
the risk of showing an alert over the fullscreen notification is there
There is an escape hatch, however; the user can switch to a different tab or close the tab if a page is being abusive with its use of dialogs.
On Thu, Jun 1, 2017 at 7:53 AM, Matt Giuca <mgi...@chromium.org> wrote:the risk of showing an alert over the fullscreen notification is thereI do not think this is a sound argument. This is a user interface problem (the notification can simply show up on top of the alert, or whatever), not a security risk.
On Wed, May 31, 2017 at 9:38 PM, 'Avi Drissman' via blink-dev <blin...@chromium.org> wrote:There is an escape hatch, however; the user can switch to a different tab or close the tab if a page is being abusive with its use of dialogs.In that sense, the same escape hatch exists in full screen mode as well.The user cannot switch to a different tab or close the tab while an alert() is showing in non-full-screen mode. They can close the alert box (or tick that check box and then close it) and only then they can switch to another tab. That is my observation on Windows.
The problem is that malicious sites can spawn a continuous stream of alerts, thus if the user closes the alert another one pops up.
Contact emailsprimary: a...@chromium.orgsecondary: mgi...@chromium.org, mea...@chromium.orgSpecSummaryIf a page shows a JavaScript dialog while it is in fullscreen (the HTML5 kind), it is exited from fullscreen.MotivationFullscreen is a dual-edged sword. Because it allows a web page to take over the screen, it is immersive. Unfortunately, its immersiveness has the danger of being disorienting, because all the usual user-interface items (taskbar, menu bar, window titlebars) are removed.JavaScript dialogs are also powerful. They block the user from interacting with the web page until the user responds to it. There is an escape hatch, however; the user can switch to a different tab or close the tab if a page is being abusive with its use of dialogs.JavaScript dialogs and fullscreen do not mix well. The primary issue is that if a page enters fullscreen, it removes the dialog escape hatch of the user being able to switch to a different tab or close the tab. In addition, the appearance of the dialog can interfere with the user from being able to see the critical "press [esc] to leave fullscreen" bubble that might be the user's only indication that they have entered fullscreen.Right now dialogs and the fullscreen bubble interfere because they are located at the same place on the screen. However, even if they were changed to not be located at the same place, having two different items appear on the screen at once is bad. One will be missed, because humans simply cannot pay attention to two things at once, and because the "press [esc] to leave fullscreen" bubble is security-critical, we cannot afford to have it be lost.Because of this reasoning, the security UI team has decided that if a page shows a JavaScript dialog while it is in fullscreen, that the page should be exited from fullscreen. This ensures that JavaScript dialogs cannot be used as a weapon to distract users from security-critical UI.Two notes:1. This would not affect a page's ability to show a dialog while in user-initiated fullscreen. In that case, the user knows they're in fullscreen and our concerns do not hold.2. This is being actively abused in the wild.
Interoperability and Compatibility RiskIt is possible that a page is using both fullscreen and dialogs. It's unlikely, though, because the point of fullscreen is to be immersive, and the point of dialogs is to not be immersive but shock the user into action.The fullscreen spec (https://fullscreen.spec.whatwg.org/) does not have any provision for a user agent being allowed to unilaterally force an element to exit fullscreen. This clearly is an oversight. We already allow the user to force an element to exit fullscreen by pressing the escape key, and we advertise this fact; surely the intent of the spec cannot be that the page has a non-overridable ability to be fullscreened.
Edge: No signalsFirefox: No signalsSafari: No signalsWeb developers: No signalsOngoing technical constraintsNone.Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?This will be implemented on desktop platforms.OWP launch tracking bugLink to entry on the feature dashboardRequesting approval to ship?Yes.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACWgwAYaBdYy12OChde_uMDbzU%2B9Jns8u6g5g2QgKxDjeSaYAQ%40mail.gmail.com.
There is a check box that prevents this continuous stream.
Also, does this include the print dialog?
2. Something more handwavy in https://fullscreen.spec.whatwg.org/#ui giving the UA a license to exit whenever it thinks it's in the best interest of the user.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACWgwAbXGdruxLcon2bvMLrjTuexu4t_H5Y4dE7ReAvnd4RApA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFUtAY_-1f%3D1F2sdosUgCNxYMN%2BdcHCc0EXECF%2BEmEmoaYo6%3DA%40mail.gmail.com.