Closed Bug 116503 Opened 23 years ago Closed 22 years ago

[RFE] Making window.open() in full-screen mode

Categories

(Core :: DOM: Core & HTML, enhancement)

enhancement
Not set
normal

Tracking

()

VERIFIED WONTFIX

People

(Reporter: darkwolf, Assigned: jst)

References

Details

This bug is separate from bug 68136 wich is about the USER fullscreen mode.

I think Mozilla should allow the javascript property to open a new window in 
fullscreen mode like IE does [Ex: window.open('page.html','','fullscreen') ]

Some people asked for it too but their comments got lost in the "user-
fullscreen (bug 68136) or kiosk mode (bug 3341). See my comment : bug 68136 
Comment #240 for a list.

First bug report 4 me, sorry if I made mistakes .. Please correct them.
Browser, not engine. Reassigning to DOM Level 0 for consideration -
Assignee: rogerl → jst
Status: UNCONFIRMED → NEW
Component: Javascript Engine → DOM Level 0
Ever confirmed: true
OS: Windows 2000 → All
QA Contact: pschwartau → desale
Hardware: PC → All
Summary: Making an open.window in full-screen mode → [RFE] Making window.open() in full-screen mode
This cannot be implemented before we have a working fullscreen mode, so marking
dependent on bug 68136. (I hope this never gets implemented, though.)
Depends on: 68136
IMHO Mozilla should allow the javascript property to open a new window in 
fullscreen only when user explicitly allow it -> 'Open fullscreen window' should
be added in Preferences | Advanced | Scripts & Window.

Why bother? Hardly any users will ever do that.
*** Bug 127366 has been marked as a duplicate of this bug. ***
in bug #127366 (duplicate), boris suggested using

var win = window.open();
win.fullScreen = true;

yes that works in mozilla but not in other browsers (tested ie 5.0 & opera6).

ie uses 
window.open('http://www.yahoo.com','yah00','fullscreen=yes')

opera doesn't recognize any of the 2 attempts, although it has a fullscreen
mode, too.
Anti-Boris'-suggestion bug 127405 filed.
var win = window.open('http://www.yahoo.com','yah00','fullscreen=yes')
win.fullScreen = true;

then.  :)

And I agree with Jonas on this one, btw....

var win = window.open('http://www.yahoo.com','yah00','fullscreen=yes')
win.fullScreen = true;

you could do it that way - ie miraculously doesn't complain about the 2nd line
;-). i didn't realize you could do it that way before.
but i think people will try the 1st line, this is the way to do it they are used
to. and will complain that mozilla doesn't support opening new windows
fullscreen. (just as i did yesterday ;-)). 
since displaying a browser window fullscreen is no longer a proprietary feature
(opera,mozilla,ie all do it), IMHO there also should be ONE unified way to
access it.
make opening windows fullscreen available onClick. disable it onLoad.
> since displaying a browser window fullscreen is no longer a proprietary feature
> (opera,mozilla,ie all do it)

Displaying a browser window fullscreen is just a feature. Allowing the webpage
to put a window in fullscreen mode is certanly a proprietary extension of the
DOM. And Opera does *not* allow the webpage to make the window go fullscreen -
you said so yourself in comment 6.
Is window.fullScreen supposed to be a read-write property of the window? It
currently returns false even when in full screen mode. I believe it would be
useful to have the property. If Mozilla is going to support scripts setting full
screen mode, it would make much more sense to me to use the currently known IE
technique in window.open. Setting window.fullScreen could also be supported in
Mozilla, but I'd recommend security constraints be used to allow only
bookmarklets and chrome to set fullscreen mode on existing windows. I can't
think of any reason that I'd ever want scripts to change my existing windows.
jonas, maybe that was a misunderstanding.
opera (since version 4, i think) lets you yourself put a window in fullscreen
mode by pressing F11.
i don't know if it's possible for a script to do that in opera. i tested both
ways we discussed here, none worked. maybe opera software has found a 3rd way to
do so.

plus: even if it's not in the w3c specs, fullscreen mode is something the main
browsers now offer. that's standard enough for me to have a common way of
accessing it.
WONTFIX. A web page must not be allowed to activate full screen automatically.
This would be acceptable only in an internal environment (for presentations and
such), in which case you can set window.fullScreen to allAccess manually.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → WONTFIX
Oh Nooooo! Moz0.9.9 was perfect and you're now removing this feature !

Why didn't you just block it "onload" as someone said (Bug 12740 Comment#1)? 
Also Bug12740 Comment#5 is right, I never saw that even on porn sites, I always 
saw a cross to close it, even once it was a big red winXp-style close button.

So do not remove a designer tool because of some advertiser abuse.

But overall, if IE allow that, why not MOz. I don't mean "do like IE" but 
people can see this as a feature less and not as a protection. This is an 
argument against making compatible web page (remember NS has now a really bad 
reputation among site builders with compatibility).

Well, I wasn't mentionning it as I think you wont like it, but I DO NOT WANT 
THE FULLSCREEN FEATURE, I don't really care about, it can be cool but I won't 
spend time to convince you for it.

BUT, fullscreen allows a trick known as "chromeless window". 
See http://webfx.eae.net/dhtml/splashwin/splashwin.html (He found the trick)
See www.microbians.com He did the famous "chromeless window" lots of people use 
it and as they use it they don't care about NS6/moz.

And now, here are my scripts that i just released :

- Upic : http://udhtml.free.fr/scripts/Upic/UpicDemo.htm (IE5+ / Moz0.9.9)
> After Moz0.9.9 release I spent hours and manage to make it work (well, drag 
still need a fix).
- Upop : http://udhtml.free.fr/scripts/Upop/Upop.htm (IE5+)
> Not released yet, not compatible yet.

Speaking about usability, there are the same fonctionnalities, close-minimise-
maximise and that's a nice (no?). 

I also plan to make a skinnable Upop and have other ideas ... BUT NOTE THERE 
WILL ALWAYS BE A CROSS TO CLOSE.

Why blocking that creativity ?? Why avoiding to free webdesigners from the OS 
chrome (keeping the functionnilities of course). Do not remove this freedom 
because of advertisers. I saw three chromeless ads, they all had a cross, yes 
ADVERTISER USE CROSS ! Hard to believe ? 

Well no more talking sorry for this long post (hope you understood my english).

Please please consider wisely what I said, this is important if my scripts 
spread over the net. Just block the onload it will be perfect!
Nicolas,

> Just block the onload it will be perfect!

It won't. It would be possible to create a fullscreen window onclick with no
close button. I'm not saying most people would do it, I'm just saying it would
be possible. Allowing a web page to open a window covering the entire screen is
totally unacceptable, since it would effectively be a Denial Of Service attack
for normal users (most normal users don't know about Ctrl+W, or any other key
combination for that matter).

> But overall, if IE allow that, why not MOz. I don't mean "do like IE" but
> people can see this as a feature less and not as a protection.

Perhaps. But the same can be said about, say, a security hole which allows pages
to make the browser execute an application automatically. A standard (unpatched)
installation of IE 6 has that "feature". Moz doesn't. But it can be considered a
useful feature in some scenarios. Would you like us to implement that feature as
well?

> Please please consider wisely what I said

I have considered it. And I do see your points. But the security concern is too
important.

Sorry, but marking VERIFIED WONTFIX.
Status: RESOLVED → VERIFIED
*** Bug 265097 has been marked as a duplicate of this bug. ***
*** Bug 272241 has been marked as a duplicate of this bug. ***
Please also see the former discutions in his bug and "my" bug 272241 about using
fullscreen windows. Bug 272241 has be marked duplicate of this one.

I do not think that there is a real security issue about webdesigners using
automatic opening of fullscreen windows. At worse, some sites abuse of this
function, and this is unpleasant. But this does not threatens the computer or
the data.  Anyway there was enough discution on the possible solutions to avoid
this, such as forbidding onload window.open but allowing onclick window.open

So there is nothing serious enough to forbid artistic sites or multimedia sites
which have plenty of legitimate reasons to use fullscreen. See for example on my
site at http://www.shedrupling.org/art/lotr/revelfic.php?lang=en at the bottom
of the page (use internet explorer...) You will note that this image has much
more poetical effect alone on the screen than surrounded with task bars and
other computer gears. 

We cannot censor a major part of the net simply to avoid some advertisers to
abuse. Should we forbid cars simply because some drive drunk?

I feel somewhat deceipted: Firefox was announced as a better alternative to
Internet explorer, but it is even not so good, and when we ask for just standard
features to be correctly implemented, we just get WONTFIX!

And when I tried to reopen the bug, I could not. So I can only consider that the
discution is closed, that the demands of artists and multimedia peoples are
rejected, and that Firefox is not a standard compliant browser, but just another
of the troublesome variations that webdesigners have to bear to try to make
pages which work for everybody. So I switch back to IE, and I bet that many
users will do the same when they will see that sites do not appear corectly. I
am sorry to reply so severely, but INTERNET IS FOR EVERYBODY, not just for
computer geeks or Bush-style security mongers. I shall continue this discution
on my personnal site at
http://www.shedrupling.org/resource/base.php?lang=en&topic1=ordis.htm&topic2=barre.htm&topic3=winlinux.htm#winlinux
The reply of the webdesigners is here
http://www.likpa.com (look at the list of story links)

> But overall, if IE allow that, why not MOz.

>fullscreen allows a trick known as "chromeless window" 

> I do not think that there is a real security issue about webdesigners using
> automatic opening of fullscreen windows.

Nicolas and Richard, you should read carefully
Changes to Functionality in Microsoft Windows XP Service Pack 2
Part 5: Enhanced Browsing Security
Internet Explorer Window Restrictions
in particular the areas where security issues, fooling tricks, deceiving users,
obscure important info, spoof, kiosk mode etc.. are explained in details. 

"When creating a window, the definition of the fullscreen=yes specification is
changed to mean “show the window as maximized,” which will keep the title bar,
address bar, and status bar visible."
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2brows.mspx#ECAA

also:

"window.open() with fullscreen=yes will now result in a maximized window, not a
kiosk mode window." taken from
http://msdn.microsoft.com/security/productinfo/xpsp2/default.aspx?pull=/library/en-us/dnwxp/html/xpsp2web.asp#xpsp_topic5
From Fine-Tune Your Web Site for Windows XP Service Pack 2

I've added other/additional reasons in bug 195867.
With Internet Explorer and Norton Internet Security, we achieve a security 
level comparable or better than with Firefox 1.0 without defacing sites. 

For instance this site http://www.abdel-inn.com/ has a pop-up window and a 
nasty image coming on what you are reading. With IE+ Norton, both disappear 
without loss of useful content.

So I think that before taking dogmatic point of view and reforming the net and 
throwing half of the page to the trash bin, the "community" of Firefox 
developpers should take some inspiration about what the professionnals do. 

Otherwise, it will be for Firefox as it was with Linux: presented as an easy 
and fair running alternative to the complicated and unreliable Windows, it 
turned in facts to be much more complicated and bad working. When I tried 
Mandrake 8 it was just a heap of scrap in which nothing worked properly past 
displaying beautiful windows, and I could do only text processing (even not 
diagrams). If Linux had really be super better than Windows as it claimed to 
be, it would have taken most of the market today. But in reality it stagnates 
in the few per cent, because people who tried it did not adopted it. The same 
will happen with Firefox, unless you do a real better Firefox 2.0, heeding at 
the user's needs and not just relooking Netscape, and adressing security issues 
without impeding the correct working, as Norton does with IE. Otherwise it is 
just losing time to work with you, and the gross result of the open source 
adventure will just be to force Microsoft to better his products. Pitty.
Aside from the merits (or NOT) of being unable to open a 'kiosk-mode' window,
there is still an error!

As I confirmed on a new install of firefox last night at home, the fullscreen
command neither filled the screen nor gave scrollbars (as you might expect if
it's going to make the window smaller) untill I pressed F11. This meant that the
content was chopped off. Annoyingly, screen size detection script may detect
that the screen was large enough, hence go for fullscreen rather than a window
with scrollbars enabled but the firefox error renders the script useless.

This would be no good to most users - IE does NOT do this under SP2, it simply
adds title and status bars but opens the window fullscreen.

By the way if you increase the text size (VIEW > TEXT SIZE > INCREASE) it
doesn't seem to remember when you next open the browser. Haven't filed another
bug but maybe someone else can if they've got time.

Cheers.
*** Bug 260098 has been marked as a duplicate of this bug. ***
*** Bug 132384 has been marked as a duplicate of this bug. ***

I think the reply of  Phillip Oertel is perfect:


"since displaying a browser window fullscreen is no longer a proprietary feature
(opera,mozilla,ie all do it), IMHO there also should be ONE unified way to
access it. make opening windows fullscreen available onClick. disable it onLoad"

Alas, due to the irrationality of certain software companies, only the W3C can 
really impose an unified way to do things. The W3C did a great job recently 
with the CSS style sheets, but Javascript is still forgotten. There is however 
virtually no page without Javascript. Anyway "onClick window.open" IS UNIFIED, 
only Firefox don't do it. 


Jonas, don't you think you exagerate when you say "Allowing a web page to open 
a window covering the entire screen is totally unacceptable, since it would 
effectively be a Denial Of Service attack" There are plenty of legitimate 
reasons to do this, artistic, media content, size, etc. Would not be destroying 
all this content another kind of attack? 

But you are getting true when this practice does not left a mean to close this 
window (cross, "close this window" link, etc). Only abusive advertisers or porn 
sites open in full screen without lefting the user the freedom to close their 
nasty windows. But, you know, porn people and abusive advertisers do not really 
care about our freedom... this is the reason why fullscreen must be available 
only with onClick, not onload.


What I regret is that important decisions like this full screen issue are not 
really discussed, but imposed by only a few people. I found other important 
bugs in Firefox, but in such conditions I do not feel it will be useful if I 
tell them.

Richard Trigaux
You need to log in before you can comment on or make changes to this bug.