-
Notifications
You must be signed in to change notification settings - Fork 73
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multi-Screen Window Placement: Fullscreen Companion Window #636
Comments
https://w3c.github.io/window-placement/#security doesn't really detail the main attack I can think of. Which is that you have multiple screens but you don't pay attention to all of them. At some point you click and a site takes over a screen imitating your OS and asks for credentials for something. If the user isn't paying attention, for instance, because they are playing a game (click-a-mole), it seems quite easy for the "[origin] is now fullscreen" message to get ignored. (The security section also does a thing I actively dislike, which is to list a bunch of table stakes measures upfront. Obviously those improve security, but they are so basic that any attacker can get all of them easily so listing them there as if they prevent anything meaningful seems wrong.) |
I understand the concern - but I'm trying to imagine the attack you describe. It depends on a couple of factors, both of which seem unlikely to me.
I just am not sure that such an attack is worth attempting, when there are other things a malicious site could do in any window that would be easier to pull off. |
I'm not privy to all multi-screen setups, but I can imagine you might have some kind of monitoring thing you don't look at often. And it doesn't have to be the OS's usual background, they could also spoof the browser and some website. |
Thanks for this feedback. The second sentence of that Security Considerations section states (emphasis added here):
That was written to capture concerns including the specific scenario you describe here. I started a PR to clarify that paragraph, and even suggest a potential protection. Feedback there or more discussion here is welcome. Thank you! |
This attempts to address feedback raised in mozilla/standards-positions#636
The concern that a user agent's fullscreen message might go unnoticed is valid. The explainer's new Security Considerations section calls this out concretely and suggests a potential mitigation: the user agent could show a similar message when the fullscreen window seems to regain the user's attention. As I mention in standards-position issue for the base API: I welcome the opportunity to continue discussing this topic at TPAC! If anyone is interested, we can add a Second Screen WG/CG agenda topic, or expand the scope of my tentative breakout session. |
…#100) This attempts to address feedback raised in mozilla/standards-positions#636
…#100) This attempts to address feedback raised in mozilla/standards-positions#636
I invite your consideration of w3c/window-management#100 and w3c/window-management#130, which clarify security and privacy considerations and suggest potential mitigations aligned with feedback from this issue and #542. Discussion at the upcoming Second Screen WG/CG - 2023 Q1 virtual meeting #7, in this issue, or elsewhere is greatly appreciated. Thank you! |
Request for Mozilla Position on an Emerging Web Specification
Other information
Fullscreen Companion Window allows sites to place fullscreen content and a popup window on separate screens from a single user activation.
This is a small enhancement of the Multi-Screen Window Placement feature. Please see #542 for details.
The text was updated successfully, but these errors were encountered: