tag:blogger.com,1999:blog-5537325711190185140.post4902919565866291625..comments2023-11-21T23:10:10.896+13:00Comments on Thundering Herd: Why does the HTML fullscreen API ask for approval after entering fullscreen, rather than before?Chris Pearcehttp://www.blogger.com/profile/13735147508549619230noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-5537325711190185140.post-67106617011579279402013-12-06T05:48:55.409+13:002013-12-06T05:48:55.409+13:00The current solution makes perfect sense. Geolocat...The current solution makes perfect sense. Geolocation/camera access etc affects the user’s privacy. Full screen does not.Paul Neavehttps://www.blogger.com/profile/09115091575007753527noreply@blogger.comtag:blogger.com,1999:blog-5537325711190185140.post-89168031466983239922013-12-04T10:08:27.035+13:002013-12-04T10:08:27.035+13:00@elmcom: Our implementation used to have a way to ...@elmcom: Our implementation used to have a way to opt-out of alphanumeric input, but we dropped that since it would be confusing to users to have two modes with two different behaviours.Chris Pearcehttps://www.blogger.com/profile/13735147508549619230noreply@blogger.comtag:blogger.com,1999:blog-5537325711190185140.post-90369183338883803512013-12-04T02:06:42.075+13:002013-12-04T02:06:42.075+13:00Isn't there an option to opt out of alphanumer...Isn't there an option to opt out of alphanumeric input so that no prompt is shown (only a warning, automatically dismissed, like Flash)?<br /><br />I think this was planned but never made it?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5537325711190185140.post-80202477583859753962013-12-03T22:22:29.661+13:002013-12-03T22:22:29.661+13:00Yes, it's very important to distinguish cases ...Yes, it's very important to distinguish cases where we can undo an action from those where we can't.<br /><br />Manuel: that's very difficult to make secure. There are lots of ways a page could leak information back to its site. For example you could have a separate tab open to a different site run by the same operator, and the page with the secret information could using a timing channel to leak secret bits to the other tab.Roberthttps://www.blogger.com/profile/01801341049800948737noreply@blogger.comtag:blogger.com,1999:blog-5537325711190185140.post-65665101277251865972013-12-03T21:33:12.420+13:002013-12-03T21:33:12.420+13:00@Jeff Walden that was my thought, too. But the bro...@Jeff Walden that was my thought, too. But the browser would have the power to go an extra mile here: Allow access, but ask for user's permission before the next HTTP request is issued. (Kind of "tainted" flag for page's network access.)<br /><br />The basic result would be mostly similar to the user, because, e.g., re-centering a map will inevitably trigger a HTTP request. But for the app it'd be similar to just a delayed HTTP request, and it could resume as usual with other business.Anonymoushttps://www.blogger.com/profile/14315359938287161853noreply@blogger.comtag:blogger.com,1999:blog-5537325711190185140.post-65944266529608741372013-12-03T15:33:59.134+13:002013-12-03T15:33:59.134+13:00Not to mention, presumably, that fullscreen is som...Not to mention, presumably, that fullscreen is something the browser can "claw back" from the user. :-) But once you tell the site where the user is, it's kind of too late to undo that.Jeff Waldenhttps://www.blogger.com/profile/11969143527962555101noreply@blogger.com