Algorithm of how fullscreen enabled flag is handled is not web-compatible #1481
Comments
|
There is a testcase which shows the difference of behavior in that bug. And I worte a test in web-platform-tests for the current spec behavior when I did the change. |
|
Is this basically #1240? If not, what is the difference? |
|
No, they are different. #1240 is about updating sandbox flags for the browsing context, this is about the fullscreen enabled flag on document. |
|
I think, the spec should be changed to that, I guess it might be fine to leave sandbox thing as is currently. Probably we should still introduce an independent keyword to |
|
You mean something like |
|
Yeah, I guess something like that, given there are outside reference to that property... It doesn't make sense that when sandbox from CSP is applied, fullscreen can never be allowed. |
|
I guess that's a reasonable solution given that it was never implemented properly. It's a little sad that it works differently from how sandboxing does in the normal case, but I guess we have to live with that. |
annevk
added
the
compat
|
Blink does not implement a Given that it's already opt-in on the frame, it might be a better idea to just drop the sandbox flag entirely and leave things as a runtime check. shrug CCing @foolip who's doing work on fullscreen (I think?), and might have stronger opinions one way or the other. |
Fullscreen sandboxing was never implemented and it appears there are no immediate plans for it by either Google or Mozilla. So let’s remove it. Fixes #1240. Furthermore, the way allowfullscreen works in implementations is by dynamically checking the attribute. That requires moving to an “allowed to use” algorithm rather than using a fullscreen enabled flag. (Aside, the fullscreen enabled flag logic got broken in 688df43 but that no longer matters.) Fixes #1481. This change also aligns the recently introduced allowusermedia with that model since it seems unlikely implementers want to do something different there.
Fullscreen sandboxing was never implemented and it appears there are no immediate plans for it by either Google or Mozilla. So let’s remove it. Fixes #1240. This also removes sandboxing for getUserMedia() as that meant to follow the example set by fullscreen. A feature that can be allowed in nested browsing contexts, is not by default, and does not require sandboxing to be enabled for it to be allowed. Furthermore, the way allowfullscreen works in implementations is by dynamically checking the attribute. That requires moving to an “allowed to use” algorithm rather than using a fullscreen enabled flag. The fullscreen enabled flag was determined upon creation of the document and frozen afterwards. This new model allows setting the attribute at any point. (Note that this is different from how sandboxing works, which is frozen upon creation, but now they are no longer tied that matters less.) Fixes #1481. (Aside, the fullscreen enabled flag logic got broken in 688df43, but that no longer matters.) This change also aligns the recently introduced allowusermedia with that model since implementers likely want that to remain matching allowfullscreen.
Fullscreen sandboxing was never implemented and it appears there are no immediate plans for it by either Google or Mozilla. So let’s remove it. Fixes #1240. This also removes sandboxing for getUserMedia() as that meant to follow the example set by fullscreen. A feature that can be allowed in nested browsing contexts, is not by default, and does not require sandboxing to be enabled for it to be allowed. Furthermore, the way allowfullscreen works in implementations is by dynamically checking the attribute. That requires moving to an “allowed to use” algorithm rather than using a fullscreen enabled flag. The fullscreen enabled flag was determined upon creation of the document and frozen afterwards. This new model allows setting the attribute at any point. (Note that this is different from how sandboxing works, which is frozen upon creation, but now they are no longer tied that matters less.) Fixes #1481. (Aside, the fullscreen enabled flag logic got broken in 688df43, but that no longer matters.) This change also aligns the recently introduced allowusermedia with that model since implementers likely want that to remain matching allowfullscreen.
Fullscreen sandboxing was never implemented and it appears there are no immediate plans for it by either Google or Mozilla. So let’s remove it. Fixes whatwg#1240. This also removes sandboxing for getUserMedia() as that meant to follow the example set by fullscreen. A feature that can be allowed in nested browsing contexts, is not by default, and does not require sandboxing to be enabled for it to be allowed. Furthermore, the way allowfullscreen works in implementations is by dynamically checking the attribute. That requires moving to an “allowed to use” algorithm rather than using a fullscreen enabled flag. The fullscreen enabled flag was determined upon creation of the document and frozen afterwards. This new model allows setting the attribute at any point. (Note that this is different from how sandboxing works, which is frozen upon creation, but now they are no longer tied that matters less.) Fixes whatwg#1481. (Aside, the fullscreen enabled flag logic got broken in 688df43, but that no longer matters.) This change also aligns the recently introduced allowusermedia with that model since implementers likely want that to remain matching allowfullscreen.
This is unused since commit 9f6b91c. Follow-up to whatwg#1481.
Recently, I changed Gecko to only set fullscreen enabled flag when the document is loaded based on the algorithm in the HTML spec. But this seems to break some websites.
We received a bug report that videos opened in IMDB's homepage cannot go fullscreen after this change, and I suspect this would not be the only affected site.
It seems all other browsers have the same behavior as what Gecko had previously, which dynamically detect the presence of
allowfullscreenattribute on theiframeelement. I think the spec should probably reflect that behavior rather than binding fullscreen enabled flag with sandbox flags.What I'm not sure is, what should we do with the "sandboxed fullscreen browsing context flag"? It seems no browser (except Gecko with the recent fix) follows the algorithm of that flag. Should we remove it to match implementations as well? Or do we think this wouldn't break web compability? Or probably we just don't care any compability issue caused by a stronger sandbox?
cc @annevk @bzbarsky @foolip
The text was updated successfully, but these errors were encountered: