|
|
|
|
|
|
by jfktrey
2966 days ago
|
|
|
I use clickjacking as a “feature” on a website I operate, http://vlograd.io I had no choice, at least on mobile. On mobile browsers, audio contexts start out as muted. They can only be unmuted by an event originating from user interaction. I use a web player embedded in an iframe on my site. It has an API to communicate with it to do things like playing and pausing the current track. However, this also means the audio context is in a cross-domain iframe, and my only way to trigger the play() method is via the asynchronous postMessage API it exposes. So, in order to unlock the audio context, I present mobile users with a “tap to start” screen. In reality, I’ve positioned and zoomed in on the iframe such that the play button is covering the entire screen for any reasonable screen size. Thus, when the user taps to start, the audio context is unlocked (since the “tap” event on the play button in the iframe fires), and I immediately send a “pause” command via the player’s API. Now, the audio context is unmuted and I’m free to send the “play” command for any track to start playing music. |
|
|