I’ve just been reading about the new Java popup exploit. It’s one of the “too much space” problems: applications are given the ability to acquire more screen space than is assigned to them. And it’s not only a problem with screen space – it’s certainly most visible there – but it’s also important for keyboard focus stealing.
It’s not only a problem for browsers, it’s a problem with lots of other technologies. I bet the window manager hackers know this: What do you do when a new window pops up (and grabs focus) while I am working in a different window? What does a filled panel do if the notification area or the drivemount applet suddenly get new icons? What do you think about applicatrions that decide to resize their windows without you requesting it? Or notifications that are always in the way? Popup blocking common in browsers tries to address this problem, but the alert() Javascript function can still escape its assigned space and keyboard focus.
Adobe’s Flash has been pretty good in respecting its assigned size. If you want to resize a Flash application, your only choice is calling back into the website to make it enlarge the embed window. Flash itself cannot resize. Or better: could not. It recently acquired the Stage.displayState property that allows it to go fullscreen. It seems to have been added primarily so you can watch your Youtube videos fullscreen (Youtube supports it already). Like popup blocking, it only works on mouse clicks, not all the time. I’ve been wondering how to implement it nicely in Swfdec, since I think the implementation in Adobe’s player leaves something to be desired: The annoying “Hi, I’m a popup, press Escape to close me” bar that shows in the middle for a short while after fullscreening. And I wonder if disabling keyboard input is a good idea.
Back to the original topic: If you’re a developer that writes an application that runs embedded scripts/applications, please do me a favour and don’t let them decide on resizing and focus stealing. And if you write an application that does this, please spend some time thinking about how to handle this.
I’d like to close with a very special cheers to Vincent and the people discussing embedding the notification area into the panel by default.