When a Silverlight plug-in is in full-screen mode, it disables most keyboard events. They say it is for security reasons:
is intended to minimize the
possibility of unintended information
being entered by a user
What I don't understand is what is the difference of silverlight fullscreen or any web browser fullscreen?
Is a browser in fullscreen not a security risk too? Anybody complains about the browser fullscreen mode?
Thank you
The full reason for this is that a malicious Silverlight application could create a UI that matches your banking login screen, the Windows login screen, Facebook or whatever site they wanted your login details.
Not only are certain keyboard keys disabled, but full screen cannot be invoked unless there is a user activated action. For example, the user would have to click a button to go fullscreen, you as a developer are not able to make the app full-screen without this.
This is a pro-active response to known security risks by Microsoft and although there are downsides, the pros do outweigh the cons.
Related
I have a working WPF application and now I want to add Roles/Permissions and Login functionality to it. I plan to authenticate user on the Application_startup event but while showing the login dialog here I want to show user a welcome type application startup window like we see when Microsoft office loads. Is there a built in way to design something like this or I should just design a new dialog for this? Also whats the best way to authenticate users in WPF?
About including a splash screen in a WPF application please read this
From one of our application, we are calling window.open() method to open a pop up. When we are using this, the browsers are blocking the popup and user has to disable popup blocker for the specified web site.
Is there any way to disable the popup blockers for specified URL patterns(With out user intervention),like using browser API etc...
No. There is no way to alter the browser's popup blocker behaviour from within a webpage. The best you can do is include a message on your website asking people to turn off their popup blockers while using your site so that the site can function properly.
First things first, this problem only happens while working in Citrix XenApp seamless mode (which, in simplest of words means the actual app is running on some citrix host but it is simulated as residing in your own desktop). I will take this up with Citrix Support as well but just wanted to poll the group in case someone faced a problem like this before.
I have a WPF app which uses Winforms NotifyIcon to reside in system tray until mouse clicked. In Citrix seamless mode, as user clicks the icon in system tray, the popup flashes and immediately closes on its own.
The Popup window is a vanilla one created with StaysOpen as FALSE and same works in every other environment.
Any suggestions ? This is what I've noticed so far:
The window stays open if I use StaysOpen as true. But then I don't have a way to close the window manually when it loses focus. LostFocus Event doesn't get fired on popup when user clicks outside.
In citrix seamless mode, the MouseEnter event is captured but MouseLeave is NOT so the approach of closing the window if user mouse is outside the window for X secs is not achievable.
Tried the workaround of starting the popup with Staysopen as FALSE and then reset staysopen after like 2 secs so that the pop sticks. It works but a soon as I set StaysOpen as FALSE once the timer is hit, the pop up closes on its own.
Without all these workarounds, if a user quickly clicks (leftclick) on the window before it disappears, the pop up sticks so I tried few ways to simulate the mouse click on the popup as it opens up but that doesn't cut it either.
Thanks
I can't help you with specific advice for tweaking your app to work around the issue, however there is always the hit it very hard with a hammer approach, i.e. tell consumers of your app to disable seamless for your application:
http://support.citrix.com/article/CTX116357/
Update: I pinged the original seamless dev - he said it sounds like a bug where seamless is not correctly routing all the necessary mouse messages between client and server. He said the best way to diagnose this was to run the Spy++ tool on the XenApp server and on the client, and then compare the messages each side sees to identify what messages are not getting translated. Since it sounds like a genuine bug, your best bet is to raise a support ticket with Citrix support and provide them with a sample app that can repro the bug.
Is there a way to override the behavior of the back button in the browser when using a Silverlight app?
Essentially what I want to do is use the browser's back button to close dialogs in my application. The dialog covers the whole screen and the user would be inclined to think they are on a separate web page.
Look to the following links:
Prevent Browser Back Button for Silverlight with Confirm Dialog.
Silverlight - Prevent users from losing changes by using the browser back button
Managing Silverlight 3 navigation
behavior
Is there any way to load my silverlight app in F11 mode directly?
I have used
window.open(url, '_self',
'toolbar=no,status=no,location=no,menubar=no,resizable=yes,scrollbars=no,fullscreen=yes',
'true');
HtmlPage.window.invoke("launchPage",url);
But the problem is that two instances of my app are opened. One in normal screen and the other in fullscreen.
I have tried
App.Current.Host.Content.IsFullScreen = true;
in the constructor of the App.xaml
Still its not working. :(
Where am I going wrong??
running a Silverlight application automatically in full-screen is not possible because of security restriction. It is like the following...
You have opened your banks login page in a Firefox tab. This is your current tab.
You are opening a malicious silverlight application on another tab.
The malicious silverlight application loads and creates a full-screen that exactly matches your bank's login page.
You are talking to someone while the silverlight application loads. (Your eye is not on screen) So you missed the fullscreen message that pops up.
Now when you look at the computer screen you see your bank login page that is actually a fullscreen page of the silverlight application that matches your bank's login page.
You enter your user name and password...and
When you click login the malicious application has got everything it wanted.
This is not only for Silverlight. It is a restriction that SHOULD BE THERE WITH EVERY ACTIVEX CONTROL UNTIL THIS PROBLEM IS SOLVED.
What you are doing with javascript is you are opening a new pop up window without menubar, addressbar etc. It is not a replacement of F11. And to my experience most of the users hate automatic poping up. And most modern browsers will block them anyway.
The best way is to tell the user she needs to view your application on fullscreen and LET HER DECIDE INSTEAD OF FORCING IT.