Scripts can put a window in fullscreen mode

VERIFIED FIXED in mozilla1.0

Status

()

Core
DOM: Core & HTML
VERIFIED FIXED
16 years ago
16 years ago

People

(Reporter: Jonas Jørgensen, Assigned: Mitchell Stoltz (not reading bugmail))

Tracking

Trunk
mozilla1.0
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

674 bytes, patch
Mitchell Stoltz (not reading bugmail)
: review+
Details | Diff | Splinter Review
(Reporter)

Description

16 years ago
I learned from bug 116503 comment 6 that

var win = window.open();
win.fullScreen = true;

will open a new window and put it in fullscreen mode. That scripts are able to
do that when the user hasn't explicitly allowed it to, I consider a bug.

Comment 1

16 years ago
i mentioned the same concern in my original suggestion of this feature in <a
href="http://bugzilla.mozilla.org/show_bug.cgi?id=127366">bug 127366</a>.
maybe the default 'right' for a script should be to open fullscreen windows
onClick/MouseDown/MouseUp, only, not onLoad etc.

Comment 2

16 years ago
... this bugzilla thingy is smart ... ;-)
I agree with Jonas on general principle.  More importantly, Mitch has in the
past expressed security concerns over scripts being able to resize the window
such that the titlebar is offscreen, which is precisely what full screen mode
does (bug 127444).  Finally there is bug 126720 (no lock icon in fullscreen mode).

I feel that until these major security issues are resolved fullscreen mode
should be noAccess by default.  Once they _are_ resolved, it may be OK sense to
make it sameOrigin or allAccess.

Comment 4

16 years ago
IE allows scripts to open full-screen windows, and advertisers abuse it all the
time in order to make their pop-ups harder to close.  I've never seen a site use
the IE feature with any intent other than to make it more difficult for the user
to leave.  (Mozilla at least keeps the minimize/restore/close buttons visible,
so it's not as bad as IE in this regard.)

What concerns me the most is that full-screen mode hides the Windows taskbar,
allowing a web site to spoof the taskbar.  Before window.fullScreen, the taskbar
was one of the hardest areas of the screen to cover or spoof (bug 82130 comment
10), and that should be restored.

Comment 5

16 years ago
Why is it always about advertisiers? Scripting to full screen mode is good for 
many future real world applications using web browser technology. I do not 
really think this concerns any privacy issue just because one or two evil 
advertisiers uses it for their malicious purposes. 
(Reporter)

Comment 6

16 years ago
Nominating for nsbeta1.
Keywords: nsbeta1

Comment 7

16 years ago
I understand that the content opened in the main window shouldnt be allow to
script itself to fullscreen; however, opening child windows in full screen
should be allowed. It would be possible to put a preferences option much like
'dont open child windows', so that user can select that option banning child
windows going full screen. In that case child windows wanting to open full
screen can be showed as maximized titled windows. 

Comment 8

16 years ago
The plan in bug 68136 which was where the feature was implemented was for
content to have noAccess level access to the property.

All that needs to be done is to replace the letters "all" with "no" in
"allAccess" in
http://lxr.mozilla.org/mozilla/source/modules/libpref/src/init/all.js#283
(Reporter)

Comment 9

16 years ago
Created attachment 71318 [details] [diff] [review]
you mean... like this?
(Reporter)

Updated

16 years ago
Keywords: patch, review
bora123@yahoo.com, if a person is using this in an application, then they should
let users know to turn the feature on for web content.  In other bugs you
comment about fullscreen being used for presentations.  In those cases one can
_certainly_ set up a security policy that will allow a particular site or set of
sites (the ones involved in the presentation) to put the window in fullscreen
mode.

The thought about only allowing full-screen mode for child windows is a decent
one....
(Reporter)

Comment 11

16 years ago
bzbarsky, could you review the patch, please?
The patch is fine, but hewitt, jst, and mstoltz should just make a call about
what the right thing to do here is.  _Then_ we can get to fixing this bug.

All that said, has someone tested full screen mode on mac (run the js in
question from the URL bar or something)?  The current impl has been tested only
on Windows, since there is only UI to start it on Windows.  Hence on other
platforms it may have issues...

Comment 13

16 years ago
Full Screen mode just plain doesn't work on Mac/Linux.  It wouldn't be overly
difficult to make it work, though.

I am highly in favor of allowing scripts to put the window in full screen mode.
 In the interest of security, I think the best safeguard would be to present the
user with a dialog saying that the web page wants to use full screen, with
Yes/No and [] Remember next time.
Well... on linux right now it will hide all your chrome and super-maximize your
window (it's actually bigger than maximized).   So it's pretty darn close to
working....

A "yes/no/remember next time" is fine as long as something like:

while (!window.fullScreen)
 window.fullScreen = true;

doesn't pop up dialogs in an infinite loop....
(Assignee)

Comment 15

16 years ago
Read my lips - no new dialogs. Dialogs are CYA security, not real security, and
they detract from the user experience. Rather than include a potentially unsafe
mode and warn the user about it, let's make a safer full-screen mode, say, one
that still displays a titlebar and lock icon - on all platforms and window
managers. If that's too hard, then let's prevent scripts from invoking
full-screen mode, which seriously lowers the bar on spoofing attacks. In fact,
I'd like to check in this patch, at least until we've resolved the issue.
(Assignee)

Updated

16 years ago
Attachment #71318 - Flags: review+
(Assignee)

Comment 16

16 years ago
r=mstoltz
Another solution is to leave scripts being able to start full-screen mode on
Windows (where the mode is presumably well-tested and such) and disable access
in unix.js/macprefs.js....

Comment 18

16 years ago
Web pages can already get "Full screen mode but with a title bar and task bar":
javascript:window.open("","","no").  If a site needs 16 more pixels, it can ask
the user to press F11.
Mitch, I'm giving this to you since you seem to have ideas on this, if you don't
want to do the legwork on this one hand it over to hewitt who implemented
fullscreen mode in the first place.
Assignee: jst → mstoltz
(Assignee)

Comment 20

16 years ago
Me and my big mouth :)

If by "legwork" you mean checking in Jonas's patch, sure. Can you sr?
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.0
Comment on attachment 71318 [details] [diff] [review]
you mean... like this?

sr=jst
Attachment #71318 - Flags: superreview+

Comment 22

16 years ago
Comment on attachment 71318 [details] [diff] [review]
you mean... like this?

a=asa (on behalf of drivers) for checkin to the 1.0 trunk
Attachment #71318 - Flags: approval+
(Reporter)

Comment 23

16 years ago
According to bonsai, this was checked in at 2002-03-08 14:04. Marking FIXED.

http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&subdir=mozilla/modules/libpref/src/init&command=DIFF_FRAMESET&file=all.js&rev1=3.341&rev2=3.342&root=/cvsroot
Status: ASSIGNED → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
(Reporter)

Comment 24

16 years ago
Marking VERIFIED FIXED.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.