274835 - No matter what anyone says, it is never okay to hide the URL bar.

Status: RESOLVED DUPLICATE of bug 273699

(Firefox :: General, defect)

Description

[bugzilla]

User-Agent:       Mozilla/5.0 (X11; U; NetBSD i386; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0
Build Identifier: Mozilla/5.0 (X11; U; NetBSD i386; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0

Some sites "helpfully" open pop-up windows (such as the comments feature on
Salon's blogs, or "help" pages on other sites) which have all the standard
decorations, such as the menu, or the URL bar, removed.

THIS IS AN ABSOLUTE SECURITY NIGHTMARE AND SHOULD NEVER EVER EVER EVER EVER BE
ALLOWED!  At the very least, a preference should be able to override this,
denying any site the option of EVER hiding those widgets.

(Think what happens when a dishonest operator, having sussed the window name a
brokerage uses for such a window, uses JavaScript to refresh that window from a
new location!)

Reproducible: Always

Steps to Reproduce:
1.  Click on a help link, or a comments link, on any of dozens of sites.

Actual Results:  
A new window appears without the URL bar and other widgets.

Expected Results:  
Opened a new window with exactly the same widgets that every other window always
has.

Comment 1

[timeless]

there's nothing confidential about this.

Comment 2

[Phil Ringnalda (:philor)]

DUPME in which direction, though? To the bug where Firefox had an always-on
addressbar for a little while? To whatever bug enabled the existing prefs
including dom.disable_window_open_feature.location that allows individuals to
decide they always want the addressbar? Eh, I'd say, given the timing, that the
parenthetical about targeting a named popup opened by another window is the key,
and this is actually reporting Secunia's Window Injection Vulnerability by
talking about a bandaid instead of the vuln or the fix.

*** This bug has been marked as a duplicate of 273699 ***