Closed
Bug 1428913
Opened 7 years ago
Closed 5 years ago
Don't allow entering fullscreen on right / middle click
Categories
(Core :: DOM: UI Events & Focus Handling, defect, P3)
Core
DOM: UI Events & Focus Handling
Tracking
()
RESOLVED
FIXED
mozilla69
| Tracking | Status | |
|---|---|---|
| firefox69 | --- | fixed |
People
(Reporter: kernp25, Assigned: pbz)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:59.0) Gecko/20100101 Firefox/59.0
Build ID: 20180108100050
Steps to reproduce:
This bad site: http://toolantivirusextt.biz/ff/?_subid=3jpku2d46hbgv2g7jbd&_token=uuid_3jpku2d46hbgv2g7jbd_3jpku2d46hbgv2g7jbd5a4a3a2b64a7b0.53500257
Right-clicking or middle-clicking on the page opens it in full screen.
Expected results:
I think Firefox should check which button the user clicked and then decide to open in full screen or not.
Full screen should only work for left-click.
In Microsoft Edge, the site does not enter in full screen mode when clicking on the page.
|
||
Comment 3•7 years ago
|
||
Jonathan, who's working on full screen mode these days?
Flags: needinfo?(gijskruitbosch+bugs) → needinfo?(jkt)
Summary: prevent malicious website from entering fullscreen → Don't allow entering fullscreen on right / middle click
Or what do you think of this idea?
Make full screen only work for button elements?
Is this a good idea?
|
|
||
Comment 5•7 years ago
|
||
(In reply to kernp25 from comment #4)
> Or what do you think of this idea?
> Make full screen only work for button elements?
> Is this a good idea?
That would contravene the spec and probably break genuine websites that use fake buttons implemented in <div> or <a> or whatever.
I don't see a good heuristic way to really do much about these types of sites given the way requestFullScreen currently works. Even checking the size of the element that's requesting full screen won't help because the websites can just tile <body> with single elements that aren't too big.
This site is really bad and should be completely blocked by Firefox.
|
||
Comment 7•7 years ago
|
||
This is one of the eviltraps that we are tracking.
I'm not sure who maintains fullscreen at the moment. I thought for some reason someone was looking into this recently though.
We probably could prevent:
- Right click opening fullscreen
- Fullscreen from opening when another browser prompt is shown
Other than that, this really should be picked up by phishing/malware protection lists which would block sites like this.
Blocks: eviltraps
Flags: needinfo?(jkt)
|
||
Comment 8•7 years ago
|
||
Reproducible on Windows 10 x 64, Windows 7 x32, Mac OS X 10.12 and Ubuntu 16.04 x64 on Firefox nightly 60.0a1 (2018-02-04).
Component: Untriaged → Event Handling
Product: Firefox → Core
|
||
Updated•7 years ago
|
Priority: -- → P3
|
||
Updated•6 years ago
|
Component: Event Handling → User events and focus handling
|
Assignee | |
Updated•6 years ago
|
Assignee: nobody → pbz
|
||
Updated•6 years ago
|
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
|
Assignee | |
Comment 9•6 years ago
|
||
|
||
Updated•6 years ago
|
Attachment #9065441 -
Attachment description: Bug 1428913 - Deny full-screen on right or middle mouse button. r=johannh → Bug 1428913 - Deny full-screen on right or middle mouse button. r=smaug
|
|
Assignee | |
Updated•6 years ago
|
Keywords: checkin-needed
|
||
Comment 10•6 years ago
|
||
Pushed by ccoroiu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/eaafaaab2b4d
Deny full-screen on right or middle mouse button. r=smaug
Keywords: checkin-needed
|
||
Comment 11•5 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox69:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla69
You need to log in
before you can comment on or make changes to this bug.
Description
•