On Fri, Sep 5, 2014 at 11:14 AM, Mounir Lamouri <mou...@lamouri.fr> wrote:
> Note that the Permissions API model isn't requiring all APIs to abide by > its model. Having no permissions at all for an API is a decent model if > possible. For example, having a permission concept for <input > type='file'> doesn't make much sense. Other APIs could use the > permission model but have some UA mostly returning 'granted' because > they have an opt-out model instead of opt-in, such as most > implementations of fullscreen. > A thought on that. Entering fullscreen/pointerlock is still annoying (because it comes up with that dialog). But the user has already signaled his intent by pressing a button. The problem the dialogs show is to prevent users from being tricked/clickjacked (at least somewhat). At least for fullscreen this could be made smoother by having a permissible UI overlay or something, of elements that you can't style but put into your webpage (for instance a canonical fullscreen button). When the user clicks it, fullscreen is entered, and no further prompts would be required.