Comment by JangoSteve

6 years ago

This is even crazier, because a webpage could load the iframe or img tag lazily, long after the page has been opened and is in the background because the user left the tab open, and the user would have no way of knowing which page is responsible for opening Zoom.

Furthermore, in Chrome, the webpage can set a timeout which brings the browser window back into focus. So for example, if Zoom usually takes about 1 second to open, then the browser could set the timeout for 1100ms, so that zoom is only visible to the user for a split second before it's backgrounded with their camera enabled. Either of the following will bring Chrome back to the foreground:

    setTimeout( function() { alert("Hi") }, 1100)

    setTimeout( function() { var win = window.open("https://www.google.com", '_blank'); win.focus(); window.close() }, 1100)

The latter is a little less of an alert to the user that something has happened, since it could be used to reload the current page without the offending image or iframe tag, which would look to the user like the page just randomly reloaded itself.

0 comments

JangoSteve

No comments yet

Contribute on Hacker News ↗