Closed Bug 180048 Opened 22 years ago Closed 22 years ago

suggest an override for modal in window.open

Categories

(SeaMonkey :: Preferences, enhancement)

Product:
SeaMonkey
Component:
Preferences
Platform:
x86
Windows 95
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: craig, Assigned: danm.moz)

References

Details

(Keywords: qawanted)

Attachments

(1 file)

modality allowed only for windows opened from chrome, and for chrome windows
4.26 KB, patch
security-bugs
: review+
jst
: superreview+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.2b) Gecko/20021014
Build Identifier: Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.2b) Gecko/20021014

Mozilla has some excellent options for handling nasty sites, such as being able
to block opens of unrequested windows. However, there are times when a site
opens windows that the users wants to see but doesn't want to be held up by. The
site opens those windows with window.open .... modal=1 to try to ensure that
users sit and wait while the content of the popup is loaded. However, users
might not consider this so crucial.

It would be good to have a subsidiary option such that if "open unrequested
windows" is allowed, the modal setting could be ignored.


Reproducible: Always

Steps to Reproduce:
should untrusted content even be able to specify "modal"?  That seems wrong
it is wrong. make it stop :)
I confirm untrusted content can open a window modal. This is way wrong, and
neither Netscape 4.x nor IE allow you to do this.

This probably shouldn't be Ben, maybe danm or jag?
Assignee: ben → danm
Status: UNCONFIRMED → NEW
Ever confirmed: true
Any documented standard anywhere that says "modal=" is a legit option?  If so,
we should optionally support it.
in nsWindowWatcher.cpp line 1325 a comment in rev 1.2 of that file (close to two
years ago) claims

  //XXX Temporarily removing this check to allow modal dialogs to be
  //raised from script.  A more complete security based fix is needed.

Dan?
If there is a standard saying we should crash, should we support it?  This is
really no different (and no, there is no standard covering window.open(), period).
Keywords: qawanted
QA Contact: sairuh → nobody
If there were really no standards about window.open() no one would be able to
use it. There may be no formal standards, but both Netscape and Microsoft
document it (not to mention hundreds of "learn web programming!" books) and
agree on a basic set of options.

We are obligated to support that basic set as much as any other standard we
support. We are not obligated to support things we invented for our own use e.g.
"modal".
Right, that's what I meant - if modal is just a Mozilla thing, we can take it
out.  If modal is documented, supported by other browsers, and being used on the
web (hopefully for good reasons, although I can't think of many), then yes, we
should support it, but make it optional (via Preferences) because it could be
abused (just like "open unrequested windows").

A standard saying we should crash is kind of silly - crashes are caused by bugs,
and are therefore not standardized across implementations, with some exceptions
from Redmond.
"modal" was never intended to be exposed to untrusted script. See comment 5 and
bug 43390. It's almost flattering that obnoxious website authors have taken
special notice.
Depends on: 43390
Hmm... Sounds like nsGlobalWindow::Open() should strip some stuff out of the
feature string for non-chrome windows....
Exactly. Except for alerts, prompts and the like opened from content. That's
what bug 43390 is all about and that's why it started to get ugly and was punted
on two years ago.
But (is this what you were talking about bz?) simpler than fixing the security
manager, does it make sense from a security perspective to allow modality for
chrome URLs? Johnny? Mitchell? This patch allows prompts thrown from content to
be modal because the URL is the dialog chrome URL, while normal
window.open("html...") from content is not allowed to be modal. Is it as easy
as this? What am I missing? In any case this is probably an improvement.
Actually, what I was talking about is that we could fix this at the level
_before_ it gets into the windowwatcher.  That is, fix nsGlobalWindow::Open() to
strip out the "modal" part from the feature string if the caller is not chrome.
 prompt/alert/confirm do _not_ go through nsGlobalWindow::Open() and so would be
unaffected.

That said, I think the proposed solution is cleaner (and certainly simpler)
Comment on attachment 106289 [details] [diff] [review]
modality allowed only for windows opened from chrome, and for chrome windows

sr=jst
Attachment #106289 - Flags: superreview+
Comment on attachment 106289 [details] [diff] [review]
modality allowed only for windows opened from chrome, and for chrome windows

r=mstoltz.
Attachment #106289 - Flags: review+
Override be damned, untrusted client script should not be able to open modal
windows at all. And unless I goofed, can no longer. There is some worry that
windows which _should_ be modal (alerts) will be hurt. However the patch has
been in the trunk since last Wednesday, Nov 20th. I haven't heard any
complaints; seems good.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
There's a contradiction here:

"modality allowed only for windows opened from chrome, and for chrome windows"

"untrusted client script should not be able to open modal windows at all"

Which is it?

What preference can I add to make content trusted so that it can make modal windows?

It's pretty hard to write web based applications if you can't do modal dialogs.
I think the idea is that chrome, which is part of the browser package, is
trusted and can open modal dialogs, while anything else (e.g. a web page on the
Internet) is untrusted and can't.  I'd suggest filing an RFE for a "trusted
sites" list containing domains where you want modal dialogs to be allowed on.

Note that if you're developing web applications that require modal dialogs,
you'll have to require your clients to enable this, since it won't be on by
default in Mozilla.  If this is for internal use, your IT dept can implement it
in their standard image so users don't have to change anything.
mkaply, does requesting UniversalBrowserWrite not work?
bz: Works great. Thanks!
Product: Browser → Seamonkey
(In reply to comment #20)
> bz: Works great. Thanks!
> 

so is there any other way of opening modal windows apart from enabling UniversalBrowserWrite? it seems that there's not. however sites on the internet/lan also can't request this unless they are using signed scripts.

so basically I need a 695$ security certificate and I have to bear with updating jar files everytime I modify my script just to show a modal window, is that so?
Asking for help in a bug closed three years ago isn't generally productive. Please see http://www.mozilla.org/support/ for links to technical newsgroups.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: