Closed
Bug 57908
Opened 25 years ago
Closed 25 years ago
Please oh please let me disable automatic windowOpen
Categories
(Core :: Security: CAPS, defect, P3)
Core
Security: CAPS
Tracking
()
People
(Reporter: frb, Assigned: security-bugs)
Details
Attachments
(1 file)
|
1.23 KB,
text/html
|
Details |
I am so sick and tired of web pages abusing the windowOpen javascript command
when loading or closing a window. especially closing. For the love of all that
is good in the world, please let users disable all windowOpen except when
specifically clicked.
I left it as normal, because a windowOpen cluster can easily bring a machine to
its knees, or crash the browser.
I think this is a dup of bug 858.
40005 was marked dup of that one.
Bug 40005 is "Option to disable windows being spawned on exit"
From comment by Norris Boyd in bug 858:
"------- Additional Comments From Norris Boyd 2000-01-07 15:25 -------
I've got changes in my tree that allow a user to disable JavaScript for certain
selected sites using lines in the all.js preferences file like:
pref("security.policy.strict.sites", "http://warp.mcom.com");
pref("security.policy.strict.javascript.enabled", "noAccess");
------
Domains should be a space-separated list.
See details in the bug.
Related: bug 7380.
Summary: Please oh please let me disable automatic windowOpen → Please oh please let me disable automatic windowOpen
|
||
Comment 2•25 years ago
|
||
Browser, not engine. Reassigning to Security: CAPS for further consideration.
Assignee: rogerl → mstoltz
Component: Javascript Engine → Security: CAPS
QA Contact: pschwartau → czhang
|
Assignee | |
Comment 3•25 years ago
|
||
This can be done currently; see
http://www.mozilla.org/projects/security/components.configPolicy.html
There's one error in this dociument, all preference lines should start with
"capability.policy." NOT "capability.principal."
Basically, add these two lines to your prefs.js file:
user_pref("capability.policy.mygroup.sites"," <space-separated list of urls for
sites which should not be able to window.open>");
user_pref("capability.policy.mygroup.windowinternal.open","noAccess");
or, to disable ALL window.opens, add this single line:
user_pref("capability.policy.default.windowinternal.open","noAccess");
Yes, we need a UI for this. There's already a bug on that somewhere, so please
don't file another one.
Status: UNCONFIRMED → RESOLVED
Closed: 25 years ago
Resolution: --- → WORKSFORME
|
||
Updated•25 years ago
|
QA Contact: czhang → junruh
|
||
Comment 5•25 years ago
|
||
Re-opening.
The fix described above seems to be circumvented by the fact that the current
browser seems to overwrite the prefs when it starts or exits.
I have noticed one thing: When I had the prefs.js file already open, the pref
settings described *did* work. The problem is that you would have to have the
file open and make these edits every time.
Mitch, comments?
Status: RESOLVED → UNCONFIRMED
Resolution: WORKSFORME → ---
|
|
||
Comment 6•25 years ago
|
||
|
|
Assignee | |
Comment 7•25 years ago
|
||
Mozilla reads fropm prefs.js on startup and writes it out again on exit. Any
changes made to prefs.js while Mozilla is running will have no effect and will
be overwritten. hand-editing prefs.js was never meant to be a permanent method
for configuring security; we need a UI! I'm working on making caps more
XPConnect-friendly to make creating a UI possible. Anyway, this is a dup.
*** This bug has been marked as a duplicate of 29346 ***
Status: UNCONFIRMED → RESOLVED
Closed: 25 years ago → 25 years ago
Resolution: --- → DUPLICATE
|
|
||
Comment 8•25 years ago
|
||
Fair enough (and I agree).
Marking VERIFIED DUPLICATE.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•