fullscreen

fullscreen copied to clipboard

In #93, a general clause was added that the user agent could unilaterally decide to end fullscreen if it deemed it in the best interests of the user. In that issue, @domenic wrote:

We could go a step further though and also try to get cross-browser agreement on specific points at which you fully exit fullscreen

I'd like to change the spec to align browsers in the case of popups vs fullscreen.

❦❦❦❦❦❦

Fullscreen is an immersive environment and, towards achieving that immersion, removes window chrome. Popups are a feature that allow one page to open another, and thus inherently relies on the windowing system with its accompanying window chrome. The concepts of fullscreen and popups are incompatible. In addition, the Chromium security team has seen attacks to subvert our fullscreen security UI using popups.

There are two questions here. What should happen when...

1. A page opens a popup while in fullscreen?
2. A page focuses a popup while in fullscreen?

Current browser behavior: Chrome

1. If a page is in fullscreen, opening a popup kicks it out of fullscreen.
2. If a page is in fullscreen, attempting to focus a popup...
   • Mac: switches screens to the popup as the fullscreen uses the native fullscreen (thus accidentally avoiding a security bug I'm working on)
   • Other: places the popup on top of the fullscreen (this is the security bug I'm working on)

Firefox

1. If a page is in fullscreen, opening a popup kicks it out of fullscreen.
2. If a page is in fullscreen, attempting to focus a popup places the popup on top of the fullscreen (which actually is exactly the same security bug as Chrome has)

Safari

1. If a page is in fullscreen, opening a popup makes the popup go fullscreen replacing the existing fullscreen page.
2. If a page is in fullscreen, attempting to focus a popup switches screens to the popup as the fullscreen uses the native fullscreen.

Edge

1. If a page is in fullscreen, opening a popup kicks it out of fullscreen.
2. If a page is in fullscreen, attempting to focus a popup kicks it out of fullscreen.

The behavior I'd like to align everyone on is the Edge behavior. I think it's simple to understand: if a fullscreen page plays with popups, it loses fullscreen.

(+ @foolip as one of the blink-dev peeps/fullscreen peeps)

To answer questions:

Why not Safari's behavior? Because it relies on the way the Mac does fullscreen. When a Mac app goes fullscreen, it moves to its own space, apart from other windows. Other operating systems do not function in this way. Therefore, we can't align on that behavior because we can't have the spec relying on a platform-specific behavior.

Why not Firefox's behavior? It has the same security issue that Chrome has, with a popup overlaying the fullscreen page. In addition, it's inconsistent. A page cannot overlay a popup onto a fullscreen page by opening the popup, but if the page creates the popup and then focuses it, it can achieve that goal?

The Edge behavior wins by being consistent and simple.

Aligning on Edge's behavior makes good sense to me. I think these are the bits in HTML that would need calls to this spec:

• opening a popup: window open steps and/or the rules for choosing a browsing context and/or navigate
• focusing a popup: focus(options) or focusing steps

@avidrissman, do you already know which steps you want to add there?

@toddreifsteck, can you help us check what Edge does, if there's anything that isn't quite what it seems like from black box testing?

The step would be something along the lines of "if the document is in fullscreen, exit fullscreen". I don't know the standardese phrasing.

For Firefox... I don't really recall we have any code to kick off fullscreen when opening popup...

Could you provide more information about what security issue this is about? Preferably file a security-sensitive bug to our Bugzilla and cc me there (:xidorn).

@upsuper I filed it as https://bugzilla.mozilla.org/show_bug.cgi?id=1432856 .

Thanks.