Closed Bug 212163 Opened 21 years ago Closed 21 years ago

popups are not blocked on code run from onclick

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED WONTFIX

People

(Reporter: bulk, Assigned: bugzilla)

References

(Blocks 1 open bug)

Details

(Whiteboard: READ COMMENT 27 BEFORE COMMENTING HERE!) 

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030527 Mozilla Firebird/0.6
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030527 Mozilla Firebird/0.6

Pages which load popups as soon as you take action on a webpage by clicking on a
button (eg. I found this on mail.com when clicking the delete mail button which
I do rather a lot of) are able to load popups at this stage.  It gets to you
after a while having to keep close those popups.  I've created a simple page
which demonstrates this behaviour at the url given.

Reproducible: Always

Steps to Reproduce:
1. Enable popup blocking
2. Go to the above url
3.

Actual Results:  
ad pops up

Expected Results:  
block the popup
only problem is that if something pops up when you click a button, usually you
want it to pop up. some sites (like mail.com as the reporter noted) are abusing
this to launch popups it seems.

example of a useful use of onclick: I click delete button with nothing selected.
instead of loading next page pop up a warning telling me that nothing is selected.
OK, although I might argue what you describe would be better with a MessageBox,
I take your point.  Would it then not be possible to blacklist sites which
cannot popup up even on this ocassion (such as mail.com)?
Googlism is using some javascript onclick for loading popups as well. Just
enable popup blocking, go to http://www.googlism.com , click any link and watch
a full screen popup.
If the word gets out, everyone will be doing this soon...

Also: I guess this is neither Firebird or Linux specific
(using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624).
Do you want to turn this into a bug about black listing certain sites? If we do
as you request in the initial report we'll really screw things up for a lot of
sites. Any black listing would probably have to be manually entered as well.
Suggesting WONTFIX - popup blocking is meant to only block unsolicited popups -
blocking popups onclick would break too many sites.
Yeah, it should probably be WONTFIX. Let's just hope the likes of Tripod.com and
Geocities don't find out about this glitch, tho...
This can be done by configurable policy:
http://www.mozilla.org/projects/security/components/ConfigPolicy.html

close Mozilla and put the following line in your prefs.js (located in your
profile directory):

/* this will block ALL popup attempt */
user_pref("capability.policy.default.Window.open", "noAccess");

Read the config policy link on how to make a black list.
marking as WONTFIX, see previous comment on how to completely restrict popups.

the number of broken pages isn't worth preventing the potential for abuse
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
QA Contact: asa → mconnor
Resolution: --- → WONTFIX
VERIFYING obvious WONTFIX bugs.  Filter on firebirdWontFix to filter these bugs.
 I skipped a few that I'm unsure about from their summary and will manually go
through them.
Status: RESOLVED → VERIFIED
*** Bug 252650 has been marked as a duplicate of this bug. ***
I think it makes sense to look into this issue once more. This technique is now
widely used by advertisers and they are using JavaScript to set the onclick on
all links contained in a page to open a popup in the background.

Most complaints about the popup blocker in Firefox are caused by this behaviour.
Maybe it is possible to check, whether window.open and normal navigation are
triggered at the same time?

I have made a new example, because the old one is no longer available:
http://www.malte.de/popup

*** Bug 265335 has been marked as a duplicate of this bug. ***
*** Bug 250860 has been marked as a duplicate of this bug. ***
(In reply to comment #11)
> I think it makes sense to look into this issue once more. This technique is now
> widely used by advertisers and they are using JavaScript to set the onclick on
> all links contained in a page to open a popup in the background.

Work along those lines is happening in bug 227338 and bug 197919. In fact the
prefs are in, we just have to bite the bullet on breaking legit sites and turn
them on.
Push it around... renumber it, do what ever...this bug has been around for a long time and nothing has been done.  I do know one thing, MS IE7 does not have the same problem... the site I use as reference is www.omaha.com

If Microsoft can fix it...
I'm curious what IE7 does differently that allows it to block theses popups.
IE 7 adds a bar under the tab strip to notify the user that a popup has been blocked.  To see options, you click on the bar.  The options are; 1.) temporarily allow pop-ups, 2.) always allow popups from this site, 3.) Settings (a) Turnoff pop-up blocker (b) Show information bar for pup-ups, (c) more settings 4.) More information.

I hate to deal with popups, at least this method requires no action on my part unless I need/want to see the popup....

Hate to say this; Microsoft has a great solution to the popup plague.  This alone makes me think of returning.... nawww 
Can you make a reduced HTML+JavaScript testcase where IE blocks an onclick popup but Firefox allows it?  I'm curious what IE's heuristic is for determining whether a popup is requested, and how they managed to block some onclick popups without breaking the web.
I don't know how to do that.  I am an end user.
(In reply to comment #21)
> I don't know how to do that.  I am an end user.

Jen -- then maybe you can do this:

1) Develop a series of reproducible steps using http://www.omaha.com/ with which you can get Firefox to open an undesired popup window and IE doesn't.
2) Post instructions for how to do it here.
3) Explain exactly what your preferences concerning popups are, probably by quoting the values of related prefs from about:config.

One of the developers *should* be able to come up with a reduced testcase at that point. (I say "should" because I just visited that site and clicked a few stories in Camino and was unable to trigger any popups at all, which makes me think this problem has either gone away on that site or is specific to a certain pref configuration.)

cl
Removing example URL (been 404 for a long time). View Bug Activity to see what it used to be if you're pathologically curious. If anyone has a new testcase URL, please save it as HTML Complete and then add the necessary files as an attachment to this bug.
URL: http://www.srcf.ucam.org/~dmc39/softw...
Not quite related but it is a pop under that's not blocked by Firefox or IE7

http://www.kingdomxxx.com/torrents.php

Use Firefox just to be on the safe side.
Wait until page is fully loaded then click anywhere on the table with torrent links (any blank space). Pop under loads.

In Firefox I have Flashblock enabled if it helps.In IE7 there's also a floating banner and IE7 complains about the page trying to open ActiveX HTML Editor

ps. there's also some code or cookies that makes it not to work all the time, but the first time you load the page it usually works.

(In reply to comment #26)

> Wait until page is fully loaded then click anywhere on the table with torrent
> links (any blank space). Pop under loads.

There is no need to comment on a WONTFIXed bug that the behaviour with some site is exactly the behaviour that is desired (thus why the bug was WONTFIXed).

Please review

https://bugzilla.mozilla.org/page.cgi?id=etiquette.html

before posting here.
Whiteboard: READ COMMENT 27 BEFORE COMMENTING HERE!
I was not aware that this bug is WONTFIX, I was checking the page that appears when clicking on "Hot Bugs" and this was there, so I assumed it's Ok to post.

Regarding your comment:

1.
 
"that the behaviour with some site is exactly the behaviour that is desired"

It may be the behavior expected by the advertiser or webmaster but it was certainly NOT the behavior I the user expected. 

When I clicked on an empty space in a table, NOT on a link, I clicked because I simply wanted to move the focus to that tab so that i can scroll down the page using the page.

I did not expect this behavior to trigger a pop under or pop up or whatever, so it's something that probably should be blocked by the popup blocker. 

I realize now that it probably has little to do with onClick but at least this got to your attention.

2. 
Your post does not follow rule 1 of the Etiquette:
#  No pointless comments. Unless you have something constructive and helpful to say, do not add a comment to a bug. 

There's nothing written there saying I shouldn't post on a bug tagged with WONTFIX. 

Mine did, or at least I thought it did.

I apologize for the rant.
I'm having serious issues with pop ups since i downloaded the latest version... How do i get rid of them.... My pop up blocker is on, but doesn't seem to be working...
The same problem is in Windows..not only linux.
Blocks: popups
OS: Linux → All
Hardware: x86 → All
I understand this might break some websites but you could still add this as a disabled-by-default feature. There are way too many sites using this for annoying ad popups (best scenario). Very often those ads look like the site did not even intend to open them and the event was added by some XSS attack. The only thing that could reliably block such popups was this addon: https://addons.mozilla.org/cs/firefox/addon/strict-pop-up-blocker/ however it is not compatible with Firefox Quantum and with the addon restrictions it might never be compatible again. We really need another way to block such popups. Is there at least any other alternative addon with FF 57 compatibility?
You need to log in before you can comment on or make changes to this bug.