Security/Reviews/ReviewNotes/MouseLock: Difference between revisions

Jump to navigation Jump to search

Security/Reviews/ReviewNotes/MouseLock (view source)

Revision as of 00:24, 20 September 2011

953 bytes added ,  20 September 2011
no edit summary
No edit summary
Line 1: Line 1:
= Security Review Pre-Work =
== Introduce Feature ==
 
=== Mouse ===
== Overview ==
* https://wiki.mozilla.org/Security/Reviews/ReviewNotes/MouseLock
Ability for a page to get direct access to mouse movements, without interference by things like accelleration, scrolling physics etc. Also provide access to mouse movements that aren't interfered by screen edges etc, this is useful when implementing controls for 3D environments.
* https://bugzilla.mozilla.org/show_bug.cgi?id=633602
 
* http://www.w3.org/Bugs/Public/show_bug.cgi?id=9557
* {{bug|633602}}
=== Goal of Feature, what is trying to be achieved (problem solved, use cases, etc) ===
* [https://docs.google.com/a/sicking.cc/document/d/1uV4uDVIe9-8XdVndW8nNGWBfqn9ieeop-5TRfScOG_o/edit?hl=en_US&authkey=CM-dw7QG spec draft from google]
* Google has a spec for Chrome
* [http://www.w3.org/Bugs/Public/show_bug.cgi?id=9557 W3C bug]
** https://docs.google.com/document/d/1uV4uDVIe9-8XdVndW8nNGWBfqn9ieeop-5TRfScOG_o/edit?hl=en_US&authkey=CM-dw7QG
 
* move mouse around without bumping into an "edge", the movement goes "forever"
== Threats ==
* mouse locked to an element
 
===- What solutions/approaches were considered other than the proposed solution? ===
* Prevent user from getting back control of his/her mouse
* Driven by W3C specs
 
=== Why was this solution chosen? ===
= Topics To Discuss During The Review =
=== Any security threats already considered in the design and why? ===
 
* Prevent user from getting back control of his/her mouse  
= Review comments =
[From Google Doc]
''Notes and bug numbers will be recorded here.  Let's try not to spend too much time on any one topic during the meeting.''
* User gestures may be misdirected to elements the user did not intend to interact with.
* Mouse Lock will remove the ability of a user to interact with user agent and operating system controls
* Mouse Lock can be called repeated by script after user exits mouse lock, blocking user from meaningful progress.
* Full  screen exit instructions are displayed in some user agents when the  mouse is moved to the top of the screen. During mouse lock that gesture  is not possible.
== Threat Brainstorming==
* request for mouselock when not in full screen
** some kind of notification (door hanger?)
** somewhat dependant on what kind of user interaction to enter full-screen
** esc should work, but other mouse commands (like scroll to top) many not
== Conclusions / Action Items ==
* This should only work in Full Screen and switching to another tab/context then this should be lost
** ability to ESC out
** part of initial bug
Curtisk
canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/349431"

Navigation menu