Closed Bug 152167 Opened 22 years ago Closed 21 years ago

onMouseOver can always open unrequested windows

Categories

(Core :: DOM: UI Events & Focus Handling, defect)

Product:
Core
Component:
DOM: UI Events & Focus Handling
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 197919

People

(Reporter: spam2, Assigned: samir_bugzilla)

References

(Blocks 1 open bug,
URL
)

Details

(Keywords: testcase)

Attachments

(1 file)

testcase from comment 0
152 bytes, text/html
Details 
I have the "Open Unrequested Windows" option on. I went to a website that had
onMouseOver events on most of the text on the page. Every time I moved my mouse
over any of the text, I got a pop-up. I've never "Requested" a pop-up by moving
my mouse over it. I think it should be restricted to only the onClick event.

<a href="#"
onMouseOver="javascript:open('http://www.google.com','dictionary','height=640,width=600,scrollbars=yes,resizable');">
Mouse Over Test </a>
*** Bug 140934 has been marked as a duplicate of this bug. ***
*** Bug 150301 has been marked as a duplicate of this bug. ***
A UI pref could conceivably be put in, but it wouldn't be included in "Open
Unrequested Windows," since that is underhanded usually, but requested
nevertheless. This option, I believe, refers solely to onLoad and is meant to
remain that way.

Platform -> All
OS -> All
Severity -> enhancement
-> NEW
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows XP → All
Hardware: PC → All
Summary: Open Unrequested Windows. Windows still triggered by onMouseOver → [RFE] Windows are always triggered by onMouseOver; a new UI pref needed
*** Bug 152848 has been marked as a duplicate of this bug. ***
This is a bug in how the "open unrequested windows" pref is implemented.  There
should be a whitelist of events that are allowed to open windows, not a
blacklist of events that are not allowed to open windows.
Summary: [RFE] Windows are always triggered by onMouseOver; a new UI pref needed → onMouseOver can always open unrequested windows
*** Bug 152916 has been marked as a duplicate of this bug. ***
*** Bug 153512 has been marked as a duplicate of this bug. ***
*** Bug 153700 has been marked as a duplicate of this bug. ***
Thanks to Gavin Long who pointed me to the right link:
http://www.mozilla.org/projects/security/components/ConfigPolicy.html

I have following workaround active now:

user_pref("capability.policy.policynames", "strict");
user_pref("capability.policy.strict.Window.open", "noAccess");
user_pref("capability.policy.strict.sites", "http://www.cracks.am 
http://www.annoying.site.com");

Have fun !
Depends on: 159036
*** Bug 166190 has been marked as a duplicate of this bug. ***
--> Event Handling
Assignee: ben → joki
URL: http://www.cracks.am/main.html
Component: Preferences → Event Handling
QA Contact: sairuh → rakeshmishra
*** Bug 176418 has been marked as a duplicate of this bug. ***
*** Bug 160652 has been marked as a duplicate of this bug. ***
Blocks: popups
Severity: enhancement → normal
QA Contact: rakeshmishra → trix
This is also an issue with onClick="" events etc. in the <body> tag, which
results in a new window opening whenever you click somewhere inside the window.
I think Mozilla should only allow onClick="" events for window.open inside <a>
or <input type=""> elements.
this time for real
Assignee: joki → saari
QA Contact: trix → rakeshmishra
There needs to be a GUI exposure for the mouseover.

http://www.kuro5hin.org/comments/2002/11/24/225746/27/7#7

Comment ID #7 has a window.close in the onmouseover, #9 has an open new window.
 Close doesn't work, but the open new window does.  Despite having most JS prefs
(only change images is on) off.

See also bug 24974
There was an article posted to cnet yesterday pertaining to this particular problem.
http://news.com.com/2100-1023-978616.html
->samir 
If someone in the FE wants to to the whitelist and ui, go for it. IMO this is
yet another example of how we can stick our finger in one annoying leak, and
content authors will simply find 5 more ways to do annoying things.
Assignee: saari → sgehani
Saari: you're right, just fixing this bug wouldn't help much.  This is really a
dup of bug 159036 and I think it's only still open so bug filers can find it by
searching for "mouseover".
*** Bug 210926 has been marked as a duplicate of this bug. ***
*** Bug 211346 has been marked as a duplicate of this bug. ***
In Mozilla 1.5b and 1.5 RC1, even pop-ups created by the onMouseOver and other
JavaScript actions are blocked successfully, unless you specify to accept
pop-ups from certain sites.  On Mail.com, I used to have problems with pop-ups
when clicking "Delete", but not since 1.5b.  So therefore, I declare this bug
resolved, so Mike Odom, I would like you to change this status to RESOLVED with
WORKSFORME as I cannot perform this action.

    
    

    
  
RobZaich@netscape.net: this problem still exists.
Keywords: testcase

    
    

    
  
Well Mozilla 1.5 RC1 has partially resolved the JavaScript pop-up issue.  What I
probably meant was that the onMouseClick for the buttons has been fixed.  The
other pop-up triggers will most likely be repaired by Mozilla 1.6 at the rate
the developers are going.

    
    

    
  
please try out the mouseover on the following site.

http://www.popup-blocker.info/testpage/test2.html

also, i filed bug 223174 because i didn't search for *mouseover (is that even
possible?), i just searched for "mouse-over" and "mouseover".  so maybe you
should add mouseover to the summary.  223174 is not a strict dupe though.

    
    

    
  
Just tried that link with Firebird 0.7.  I found out that there are more options
that Mozilla must look into for Mozilla and the Firebird component.  The Element
(onmouseover, onmouseleave), Navigation, and Non-Navigation (text boxes) tests
all failed, so I believe Mozilla needs to look more into this issue.  As for the
Navigation tests, clicking "Detete" for the messages on Mail.com would normally
access the pop-ups, but they were blocked successfully, so that page may not be
100% accurate.  Still, it'd be a good thing to look into.

    
    

    
  
*** Bug 224708 has been marked as a duplicate of this bug. ***

    
    

    
  
*** Bug 225452 has been marked as a duplicate of this bug. ***

    
    

    
  
*** Bug 229723 has been marked as a duplicate of this bug. ***

    
    

    
  
"onMouseOver can always open unrequested windows"

Just for the record, not if you install MultiZilla...

    
    

    
  
*** Bug 232190 has been marked as a duplicate of this bug. ***

    
    

    
  
danm fixed this in bug 197919.

    
    

    
  
(In reply to comment #34)
> danm fixed this in bug 197919.

He sure did.

*** This bug has been marked as a duplicate of 197919 ***
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Component: Event Handling → User events and focus handling

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: