Closed Bug 131085 Opened 24 years ago Closed 24 years ago

Pref for 3rd party popups

Categories

(Core :: Security: CAPS, enhancement)

Product:
Core
Component:
Security: CAPS
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: jwatt, Assigned: security-bugs)

Details

How about a pref for enabling/disabling window.open() if the url to be opened doesn't have the same host name as the page opening it. This could also be allowed/disallowed depending on whether it was called onload or not. Most ad popups are to 3rd party sites, so this would allow legit popups while cutting out a lot of the crap.
to CAPS
Assignee: sgehani → mstoltz
Component: Preferences → Security: CAPS
QA Contact: sairuh → bsharma
Whiteboard: DUPEME
To be honest, I think we have a more effective solution already, with the "click-delay" popup blocker that rginda just checked in. That feature blocks all calls to window.open from onload, onunload, top-level scripts, timeouts, and all other calls that don't occur within n milliseconds of a mouse click. This should block all popups except those that are the result of a mouse click. Many websites serve ads from their own domain. The ads may still be coming from Doubleclick; often a site selling ad space will simply give Doubleclick a machine name in the site's own domain. So I don't think this proposal will be as effective as what we've already got. Of course, if anyone wants to prove me wrong, please be my guest, but in the meantime this is a Wontfix.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → WONTFIX
Whiteboard: DUPEME
You need to log in before you can comment on or make changes to this bug.