Closed Bug 166442 Opened 19 years ago Closed 18 years ago

make popup window blocking UI less hidden

Categories

(SeaMonkey :: UI Design, enhancement)

enhancement
Not set
normal

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: danm.moz, Assigned: dveditz)

References

(Blocks 1 open bug)

Details

(Keywords: qawanted)

Attachments

(9 files, 6 obsolete files)

34.99 KB, image/jpeg
Details
58.47 KB, patch
jag+mozilla
: review+
Details | Diff | Splinter Review
9.20 KB, patch
jst
: review+
jag+mozilla
: superreview+
Details | Diff | Splinter Review
6.51 KB, patch
jst
: review+
jag+mozilla
: superreview+
Details | Diff | Splinter Review
7.30 KB, patch
Details | Diff | Splinter Review
5.80 KB, patch
morse
: review+
Details | Diff | Splinter Review
8.33 KB, patch
Details | Diff | Splinter Review
3.18 KB, patch
Details | Diff | Splinter Review
3.53 KB, patch
dveditz
: review+
brendan
: superreview+
Details | Diff | Splinter Review
Mozilla's current popup window blocking UI has been criticized as being too
hidden, too unfriendly, too broad. I suggest making popup blocking a function of
the offending website's domain. So, two changes:

1) Add a checkbox in the chrome of popup windows allowing the user to disallow
the website from posing another popup.
2) Add a set of management dialogs exactly like Tools -> Image Manager.

I think I hear someone saying "what no! not another manager!" Well that's my
suggestion. For imagery of item (1) see this bug's first attachment. For imagery
of item (2) drag your mouse up to the Tools menu.
It's hacky in spots but it works.

I'm actually not particularly interested in implementing point (2). It'd be
mostly cribbing from the Image Manager code, so not very difficult. Anyone
interested?
*** Bug 166439 has been marked as a duplicate of this bug. ***
can you add a tooltip to the checkbox so that people can find out what "this
site" is?
Then here it is. It's a complete implementation with all the UI and even
timeless' tooltip. It wants (more) testing but I've been running with it and I
claim it works. Barring any bugs, which we know there aren't any of.
Attachment #97668 - Attachment is obsolete: true
So will this be on by default, or are you going to use the current popup blocker
pref to turn this one?

I have fooled around on something similar and think that this should be toggleable.
  The second patch is coded so that the current popup blocking pref is a master
switch -- the user sees nothing of the popup management UI if that pref is true
(that is, if websites are allowed to open popups). With the pref false, websites
by default can still open popups, but the site-by-site blocking UI is activated.
  That's a relatively minor worry, though. If we're interested in taking this
somewhere, that's easily tweaked.
Status: NEW → ASSIGNED
OS: Windows 2000 → All
Hardware: PC → All
Target Milestone: --- → mozilla1.2beta
I guess I'm serious with this patch. It's much like the last one but with some
improvements and suggestions from timeless and myself.
Attachment #97829 - Attachment is obsolete: true
This is great.  Thanks for doing it Dan.

One comment and one questions:

comment:

  Change the files named nsPopupWindowPermManager.cpp/h to 
     nsPopupWindowManager.cpp/h so as to avoid confusion with the permission
     files that are common to cookies and images (and now to popups).

suggestion:

   Wouldn't you want something similar to pref-cookies.xul for popups?
   That would give the user the ability to accept-all-popups, reject-all-popups,
      or accept pop-ups based on the permissions file.  That would address the
      pop-up blocking pref discussed in comment 7

r=morse for all the patches in extensions/cookies and its subdirectories.
Comment on attachment 98000 [details] [diff] [review]
implementation of site-by--site popup window management

Do we really need the new opener URI in nsIXULWindow? I don't see anyone using
that in this diff, and isn't it enough that you can ask the dom window for it's
opener and get the location from it?

And while reading this diff I noticed that nsWindowCreator::GetParentURI()
doesn't set its out param (aURI) in case there's no parent or if anything else
fails.

- In navigator.js:

+function popupCheckboxClick(aCheckbox)
+{
+  try {
+    var xulwin =
window.QueryInterface(Components.interfaces.nsIInterfaceRequestor).getInterface
(Components.interfaces.nsIWebNavigation).QueryInterface(Components.interfaces.n
sIDocShellTreeItem).treeOwner.QueryInterface(Components.interfaces.nsIInterface
Requestor).getInterface(Components.interfaces.nsIXULWindow);

Whoa, dude, isn't that line just a little bit long? :-)

I'm happy to sr most of this, but lets see what other people say about this
diff before I do that.
Hrm. I guess I'm not tremendously happy that the cookie module is getting stuff
added to it in this way - I mean, sure image blocking is already there of
course, and we don't have another obvious facility to do stuff on a per-site
basis, but the more stuff we dump in the cookie module, the more junk embeddors
get that they dont use.

Couldn't we do this somehow with either prefs or rdf?
  Stephen: I've changed the file names. pref-cookies is the pref panel, right?
Yeah, my patch allows only "reject all" and "reject by site." There's room for a
third option. But in practice I personally don't run into popups at so many
sites that this has bothered me yet. But it might make sense to add a pref
panel; I'd say after this patch has had a chance to bake for a while, if it goes in.

  Johnny: Quite right, I seem to be able to get along without
nsIXULWindow::openerURI. Earlier on during development I thought I ran into a
problem with the normal way but the normal way seems to be working now. Just as
well; openerURI made me feel dirty. I've removed it. Thanks!
  nsWindowCreator::GetParentURI is a private method. Its caller has already
initialized the out parameter and understands that it may not be altered. But
I'll stick in a comment.

  Alec: But what I'm doing is so clearly a minor extension of the cookie
manager. I'd much rather use perfectly functional extant code than invent
something new. There's not a lot of new junk in the package because of this.
It's mostly just adding new strings and cases in switch statements. Alright
there's a whole new manager class, but that's just a wrapper around other extant
cookie code (and could have its implementation substituted out if someday we
wanted to).
  I'm not ready to sign up to rewrite the whole cookie subsystem, and it seems
foolish to not use it.
  By "prefs or rdf" do you mean the between-session storage mechanism? That's
such a small part of this patch. In fact there's zero persistence code in this
patch; it's just taken care of for me. Writing new persistence code would be
just the beginning of abandoning the cookie manager.
Much like the previous patch but with corrections from comment 9 and comment 10
and a couple of other serious flaws fixed. The only change made in the cookie
code that Stephen has already reviewed was the comment 9 name changes.
Attachment #98000 - Attachment is obsolete: true
I know, I know. I'm just lookin' out for embeddors. When we finally do rip this
stuff out of the cookie DLL you haven't made it much harder. I just wanted to
express that in case anyone else wanted to speak up and do the work :) (cuz lets
be honest, this stuff belongs in xpfe/)
This one's just like the previous pair of patches except this one addresses
an oversight. That troublesome "allow popups for this site" checkbox in the
border of popup windows is now live. It needed to be done some time. This patch
also includes some good feedback from timeless.
  C'mon you reviewers (you know who you are)! It just keeps getting longer. On
the other hand, like fine chili, it keeps improving as it sits. Don't wait for
it to start molding, is all.
Attachment #98127 - Attachment is obsolete: true
Attachment #98197 - Attachment is obsolete: true
Comment on attachment 98253 [details] [diff] [review]
implementation of site-by-site popup window management

>Index: embedding/components/windowwatcher/src/nsWindowWatcher.cpp
>===================================================================

>+              PRInt32 parentType = nsIDocShellTreeItem::typeChrome;
>+              treeItem->GetItemType(&parentType);
>+              if (parentType != nsIDocShellTreeItem::typeContent)
>+                popupConditions = PR_FALSE;

Do we need to worry about ::typeContentWrapped?

>Index: extensions/cookie/resources/content/cookieNavigatorOverlay.xul
>===================================================================
>RCS file: /cvsroot/mozilla/extensions/cookie/resources/content/cookieNavigatorOverlay.xul,v
>retrieving revision 1.2
>diff -u -r1.2 cookieNavigatorOverlay.xul
>--- extensions/cookie/resources/content/cookieNavigatorOverlay.xul	22 Apr 2002 23:30:34 -0000	1.2
>+++ extensions/cookie/resources/content/cookieNavigatorOverlay.xul	7 Sep 2002 04:53:44 -0000
>@@ -88,6 +102,18 @@
>       disableElement.setAttribute("disabled","true");
>       enableElement.removeAttribute("disabled");
> 
>+      blocked =
>+        permissionmanager.testForBlocking(window._content.location, WINDOWPERMISSION);

Because of the nature of JS and the DOM, a webpage could mess with this test by
redefining location. The simplest way around this is to use
|testForBlocking(getBrowser().currentURI.spec, ...)|, or use
|testForBlocking(Components.lookupMethod(content, "location").call(location),
...)|. The latter is the more generic solution for these problems, but in this
case <browser> already provides us with an easy accessor (through
nsIWebNavigation) for the location URL.

>@@ -105,6 +131,13 @@
>       } catch(e) {
>         HideImage();
>       }
>+
>+      try {
>+        if (!pref.getBoolPref("dom.disable_open_during_load"))
>+          HidePopups();
>+      } catch(e) {
>+          HidePopups();
>+      }
>     }

You can safely drop the try/catch around the getter. Since a default value is
provided (in all.js), that call won't throw.

>@@ -136,6 +170,20 @@
>           element = document.getElementById("BlockImages");
>           alert(element.getAttribute("msg"));
>           break;
>+        case "popupAllow":
>+          uri = Components.classes["@mozilla.org/network/standard-url;1"].createInstance(Components.interfaces.nsIURI);
>+          uri.spec = window._content.location;
>+          popupmanager.add(uri, true);

popupmanager.add(getBrowser().currentURI, true);

>+          element = document.getElementById("AllowPopups");
>+          alert(element.getAttribute("msg"));
>+          break;
>+        case "popupBlock":
>+          uri = Components.classes["@mozilla.org/network/standard-url;1"].createInstance(Components.interfaces.nsIURI);
>+          uri.spec = window._content.location;
>+          popupmanager.add(uri, false);

popupmanager.add(getBrowser().currentURI, false);

>+          element = document.getElementById("BlockPopups");
>+          alert(element.getAttribute("msg"));
>+          break;
>         default:
>       }
>     }  
>@@ -180,6 +228,25 @@
>         <menuitem label="&cookieDisplayImagesCmd.label;"
>                   accesskey="&cookieDisplayImagesCmd.accesskey;" 
>                   oncommand="viewImages();"/> 
>+      </menupopup>
>+    </menu>
>+    <menu label="&cookiePopupManager.label;"
>+          accesskey="&cookiePopupManager.accesskey;"
>+          id="popup"
>+          insertbefore="navBeginGlobalItems">
>+      <menupopup>
>+        <menuitem id="BlockPopups" label="&cookieBlockPopupsCmd.label;"
>+                  accesskey="&cookieBlockPopupsCmd.accesskey;" 
>+                  msg="&cookieBlockPopupsMsg.label;"
>+                  oncommand="CookieImageAction('popupBlock');"/> 
>+        <menuitem id="AllowPopups" label="&cookieAllowPopupsCmd.label;"
>+                  accesskey="&cookieAllowPopupsCmd.accesskey;" 
>+                  msg="&cookieAllowPopupsMsg.label;"
>+                  oncommand="CookieImageAction('popupAllow');"/> 
>+        <menuseparator/>
>+        <menuitem label="&cookieDisplayPopupsCmd.label;"
>+                  accesskey="&cookieDisplayPopupsCmd.accesskey;" 
>+                  oncommand="viewPopups();"/> 

Urgh... cookiePopupManager, cookieDisplayPopups, CookieImageAction... This code
screams for some refactoring. At some point in the future.

>       </menupopup>
>     </menu>
>   </menupopup>
>Index: extensions/wallet/cookieviewer/CookieViewer.js
>===================================================================
>RCS file: /cvsroot/mozilla/extensions/wallet/cookieviewer/CookieViewer.js,v
>retrieving revision 1.68
>diff -u -r1.68 CookieViewer.js
>--- extensions/wallet/cookieviewer/CookieViewer.js	14 Aug 2002 00:05:02 -0000	1.68
>+++ extensions/wallet/cookieviewer/CookieViewer.js	7 Sep 2002 04:53:51 -0000
>@@ -463,7 +485,12 @@
> 
> function FinalizePermissionDeletions() {
>   for (var p=0; p<deletedPermissions.length; p++) {
>-    permissionmanager.remove(deletedPermissions[p].host, deletedPermissions[p].type);
>+    if (deletedPermissions[p].type == popupType) {
>+      var uri = Components.classes["@mozilla.org/network/standard-url;1"].createInstance(Components.interfaces.nsIURI);
>+      uri.spec = "http://"+deletedPermissions[p].host; // lost info. assuming...
>+      popupmanager.remove(uri);

This seems bad. You could store the prePath or the full URI on the Permission
object.

>+    } else
>+      permissionmanager.remove(deletedPermissions[p].host, deletedPermissions[p].type);
>   }
>   deletedPermissions.length = 0;
> }


>Index: xpfe/appshell/public/nsIXULWindow.idl
>===================================================================
>RCS file: /cvsroot/mozilla/xpfe/appshell/public/nsIXULWindow.idl,v
>retrieving revision 1.10
>diff -u -r1.10 nsIXULWindow.idl
>--- xpfe/appshell/public/nsIXULWindow.idl	6 Nov 2001 01:19:32 -0000	1.10
>+++ xpfe/appshell/public/nsIXULWindow.idl	7 Sep 2002 04:53:56 -0000
>@@ -28,6 +28,7 @@
> 
> interface nsIDocShell;
> interface nsIDocShellTreeItem;
>+interface nsIURI;

It looks like you forgot to remove this.

>@@ -95,6 +96,11 @@
>   const unsigned long highestZ = 9;
> 
>   readonly attribute unsigned long zlevel;
>+
>+  /**
>+   * contextFlags are from nsIWindowCreator2
>+   */
>+           attribute PRUint32  contextFlags;

I seem to recall that types native to IDL are preferred over PR types.

> NS_IMETHODIMP nsXULWindow::SetIntrinsicallySized(PRBool aIntrinsicallySized)
>Index: xpfe/appshell/src/nsXULWindow.h
>===================================================================
>RCS file: /cvsroot/mozilla/xpfe/appshell/src/nsXULWindow.h,v
>retrieving revision 1.41
>diff -u -r1.41 nsXULWindow.h
>--- xpfe/appshell/src/nsXULWindow.h	20 Aug 2002 04:34:09 -0000	1.41
>+++ xpfe/appshell/src/nsXULWindow.h	7 Sep 2002 04:54:06 -0000
>@@ -45,6 +45,7 @@
> #include "nsIXULWindow.h"
> #include "nsIPrompt.h"
> #include "nsIAuthPrompt.h"
>+#include "nsIURI.h"

It looks like you forgot to remove this.

>Index: xpfe/browser/resources/content/navigator.js
>===================================================================
>RCS file: /cvsroot/mozilla/xpfe/browser/resources/content/navigator.js,v
>retrieving revision 1.472
>diff -u -r1.472 navigator.js
>--- xpfe/browser/resources/content/navigator.js	30 Aug 2002 09:37:15 -0000	1.472
>+++ xpfe/browser/resources/content/navigator.js	7 Sep 2002 04:54:19 -0000
>@@ -67,6 +67,26 @@
> var gFocusedURL = null;
> var gFocusedDocument = null;
> 
>+const gPopupPermListener = {
>+
>+  observe: function(subject, topic, data) {
>+    if (topic != "popup perm change")
>+      return;
>+
>+  if (!window.content || !window.content.opener)
>+    return;
>+
>+    var uri = Components.classes["@mozilla.org/network/standard-url;1"].createInstance(Components.interfaces.nsIURI);
>+    uri.spec = window.content.opener.location.href;
>+    var pm = Components.classes["@mozilla.org/PopupWindowManager;1"]
>+               .getService(Components.interfaces.nsIPopupWindowManager);
>+    if (pm) {

No null check needed, if either classes[] or .getService(...) fail they'll
throw.

>+      var checkbox = document.getElementById("popup-checkbox");
>+      checkbox.checked = pm.test(uri) != Components.interfaces.nsIPopupWindowManager.eDisallow;

pm.test(getBrowser().currentURI)

>@@ -154,6 +174,22 @@
>   }
> }
> 
>+function addPopupPermListener(observer)
>+{
>+  var pm = Components.classes["@mozilla.org/PopupWindowManager;1"]
>+             .getService(Components.interfaces.nsIPopupWindowManager);
>+  if (pm)

No null check needed.

>+    pm.addObserver(observer);
>+}
>+
>+function removePopupPermListener(observer)
>+{
>+  var pm = Components.classes["@mozilla.org/PopupWindowManager;1"]
>+             .getService(Components.interfaces.nsIPopupWindowManager);
>+  if (pm)

No null check needed.

>+    pm.removeObserver(observer);
>+}
>+
> /**
> * We can avoid adding multiple load event listeners and save some time by adding
> * one listener that calls all real handlers.
>@@ -1944,4 +1985,32 @@
>       }
>     }
>   } 
>+}
>+
>+function popupCheckboxClick(aCheckbox)
>+{
>+  if (!window.content || !window.content.opener)
>+    return;
>+
>+  var uri = Components.classes["@mozilla.org/network/standard-url;1"].createInstance(Components.interfaces.nsIURI);
>+  uri.spec = window.content.opener.location.href;
>+
>+  var pm = Components.classes["@mozilla.org/PopupWindowManager;1"]
>+             .getService(Components.interfaces.nsIPopupWindowManager);
>+  if (pm)

No null check needed.

>+    if (aCheckbox.checked)
>+      pm.remove(uri);
>+    else
>+      pm.add(uri, false);
>+}



I'll take a look at the completely new files when I come back.
Attachment #98253 - Flags: needs-work+
>+      var uri =
Components.classes["@mozilla.org/network/standard-url;1"].createInstance(Components.interfaces.nsIURI);
>+      uri.spec = "http://"+deletedPermissions[p].host; // lost info. assuming...

And don't do that, in general.  Use the IOService to create a URI from a
spec....  not all uris should be nsStandardURL objects.
>+		if (parentType != nsIDocShellTreeItem::typeContent)
>+		  popupConditions = PR_FALSE;

>Do we need to worry about ::typeContentWrapped?

  No (I believe!) I don't think it can happen with a window's main content
docshell but even so, a typeContentWrapper docshell comes from the app, not the
web, so it's trusted.

>+	  permissionmanager.testForBlocking(window._content.location,
WINDOWPERMISSION);

>Because of the nature of JS and the DOM, a webpage could mess with this test
by
>redefining location. The simplest way around this is to use
>|testForBlocking(getBrowser().currentURI.spec, ...)|, or use

  Slick. I didn't even know about that lookupMethod thing.

>+	try {
>+	  if (!pref.getBoolPref("dom.disable_open_during_load"))
>+	    HidePopups();
>+	}

>You can safely drop the try/catch around the getter. Since a default value is
>provided (in all.js), that call won't throw.

  Unless your prefs got trashed. I think I'll keep my paranoia.

>+	var uri =
Components.classes["@mozilla.org/network/standard-url;1"].createInstance(Components.interfaces.nsIURI);

>+	uri.spec = "http://"+deletedPermissions[p].host; // lost info.
assuming...

> This seems bad. You could store the prePath or the full URI on the Permission

> object.

  What we have here is a clash of interfaces. My new popupmanager takes URIs;
the older permissionmanager takes strings. Both are actually talking about
URIs. I wanted to make the new interface more correct, but there's a rough fit
in places.
  It doesn't actually hurt. I can put any scheme in there. Eventually it all
goes back to the permissionmanager, which strips out only the host from
the given URI. (But initializing the URI without a scheme causes an error.)
  Best would be to rewrite the permissionmanager to take the more correct
URI. If that happens, this hack will magically disappear as a consequence.
In the meantime, it's not actually hurting anything because it's thrown away.

>+interface nsIURI;

> It looks like you forgot to remove this.

  oo. Thanks. Damn, you are reading this.

>+	     attribute PRUint32  contextFlags;

> I seem to recall that types native to IDL are preferred over PR types.

  You know I thought so too but Brendan has been telling me the exact opposite
lately, so here we are. He prefers an interface definition to be very specific
about the exact number of bits in an item.

>+    var pm = Components.classes["@mozilla.org/PopupWindowManager;1"]
>+		 .getService(Components.interfaces.nsIPopupWindowManager);
>+    if (pm) {

> No null check needed, if either classes[] or .getService(...) fail they'll
> throw.

  'k.

>+	var checkbox = document.getElementById("popup-checkbox");
>+	checkbox.checked = pm.test(uri) !=
Components.interfaces.nsIPopupWindowManager.eDisallow;

> pm.test(getBrowser().currentURI)

  In this case, not getBrowser but the lookupMethod technique on the opener
window. So should some website through some cross-advertising agreement with
another host open popups from another host, I want the checkbox in the popup to
stop the host that actually opened the popup. Got it, though.

>+function addPopupPermListener(observer)
>+  var pm = Components.classes["@mozilla.org/PopupWindowManager;1"]
>+	       .getService(Components.interfaces.nsIPopupWindowManager);
>+  if (pm)

> No null check needed.

  got it.

>+	var uri =
Components.classes["@mozilla.org/network/standard-url;1"].createInstance(Components.interfaces.nsIURI);


> And don't do that, in general.  Use the IOService to create a URI from a
> spec....  not all uris should be nsStandardURL objects.

done

I've also added xpcom shutdown listeners to the new PopupWindowManager and
the extant PermissionManager objects. This has cleared up a leak of the
PermissionManager object that I caused apparently by rearranging the point
where it was created. (Note the patch to nsObserverList.cpp! Woo hoo!
The fun never stops.)
Attachment #98253 - Attachment is obsolete: true
>> I seem to recall that types native to IDL are preferred over PR types.
>
>  You know I thought so too but Brendan has been telling me the exact 
> opposite lately, so here we are. He prefers an interface definition 
> to be very specific about the exact number of bits in an item.

That doesn't seem right, but I'll talk to you and brendan about it.

>> pm.test(getBrowser().currentURI)
>
>  In this case, not getBrowser but the lookupMethod technique on the 
> opener window. So should some website through some cross-advertising 
> agreement with another host open popups from another host, I want 
> the checkbox in the popup to stop the host that actually opened the 
> popup. Got it, though.

I must've overlooked the opener part, so yeah, the lookupMethod trick. jband
recently added that specifically for the reason I stated earlier.
Comment on attachment 98406 [details] [diff] [review]
implementation of site-by-site popup window management

r=jag
Attachment #98406 - Flags: review+
Comment on attachment 98406 [details] [diff] [review]
implementation of site-by-site popup window management

Did you make sure that we do *not* throw exceptions when window.open() tries to
open an unwanted popup? If we do, that needs to be fixed. Just return null as
the new window like we do today w/o throwing an exception.

- In nsWindowWatcher.cpp:

+	 // chrome is always allowed, so clear the flag if the opener is chrome
+	 if (popupConditions) {
+	   nsCOMPtr<nsIWebNavigation> webNav(do_GetInterface(aParent));
+	   if (webNav) {
+	     nsCOMPtr<nsIDocShellTreeItem> treeItem(do_GetInterface(webNav));
+	     if (treeItem) {
+	       PRInt32 parentType = nsIDocShellTreeItem::typeChrome;
+	       treeItem->GetItemType(&parentType);
+	       if (parentType != nsIDocShellTreeItem::typeContent)
+		 popupConditions = PR_FALSE;

This is not a fool-proof way of detecting that the opener is chrome, to do that
you should call the SubjectPrincipalIsSystem() method on the security manager,
that'll do the right thing with JS running on a web page, and with JS running
in chrome, and with raw C++ calls to this method.

- In nsObserverList.cpp:

+    if ( weakRefFactory ) {
+      observerRef = getter_AddRefs(NS_STATIC_CAST(nsISupports*,
NS_GetWeakReference(weakRefFactory)));
+	    if(observerRef)
+		    removed = mObserverList->RemoveElement(observerRef);

Tabs!! Clean up this indentation. Oh, and be consistent with the space inside
parens (I know you didn't introduce the spaces in the above if check, but
please clean it up a bit while you're touching this code).

- In nsIXULWindow.idl:

   /**
+   * contextFlags are from nsIWindowCreator2
+   */
+	    attribute PRUint32	contextFlags;

More tabs?

- In nsWindowCreator::AllowWindowCreation():

+  PRUint32 rv;
+  if (NS_SUCCEEDED(pm->TestPermission(aURI, &rv)))
+    return rv;
+  return nsIPopupWindowManager::eAllow;

|rv| really sounds like a nsresult return value to me, which it's not (well, it
kinda is, but not really). You might want to rename that to something else.

- Nit of the day. In nsPopupWindowManager.cpp:

nsresult nsPopupWindowManager::Init()

Put the return type on its own line for consistency with the other methods.

- In nsPopupWindowManager::Add():

  nsCString uri;
  aURI->GetPrePath(uri);

Don't you want uri to be an nsCAutoString here to avoid a malloc? Same thing in
::Remove() too.

Other than that, sr=jst
Attachment #98406 - Flags: superreview+
Nominating as nsbeta1, as these changes will be needed to make the product more
usser-friendly.
Keywords: nsbeta1
What if I want to block all popups EXCEPT from those sites that belong to a
whitelist?  Currently, you're discussing a) Block all / Allow none, b) Block
none  Allow all, and c) Block site by site.  Where is d) Allow site by site? 
(As with bug 75915 for cookie whitelists - not a dupe, but could be dependent /
related.)  Does nobody use whitelists elsewhere?

(Apologies if this is off topic.)
danm, if you can attach any screenshots of your stuff, that would be great. I 
have some ideas for this feature posted here:

http://www.mozilla.org/mailnews/specs/misc/Popups.html

They go from real basic (just keep what moz currently has) to adding a new pref 
panel for popups.
so, this broke the ability for embedders to build mozilla without the cookies
module (see myotonic on the tinderbox ports page).  as a rule, extensions are
not allowed to export IDL files.

nsIPopupManagerWindow.idl needs to be moved elsewhere... perhaps into layout??
I don't want to rain on anyone's parade but isn't the correct hyphenation
'pop-up' and not 'popup'? Also checkboxes should almost always begin with
capitals so "allow popup windows from this site" should be "Allow pop-up windows
from this site".
Jason, jglick, all: it ain't finished. Or maybe it is. The implementation in
this patch doesn't do everything one can think of, but it's a good basic set.
There's room for expansion. But I think in practice it'll turn out to be all you
want.

We've discovered from our current very simple yes/no interface that lacking some
indication that a popup has been blocked, a whitelist approach is dangerous and
I'd say undesirable. The one (blacklist) choice is simpler and I think
sufficient. It should be quickly tunable, unless you're a popup magnet. I
encourage you to give the current UI a try. How better to know what's wrong with it?

Pluses for the current implementation: popup management is grouped with and
works identically to a bunch of other very similar managers. Now we know that we
can do site-by-site popup blocking. Minuses: the blocking managers' UI could be
better and may still be too simplistic.

You can try it for yourself in tomorrow's builds. Though there seems to be
something wrong with the cute "i'm a popup" checkbox on every platform but
Windows. Sigh. Cross-platform development.
I'm sitting here pondering at the moment and I'm trying to think of an easy way
you could adapt this to a 'whitelist' type approach instead -- ie. default to
deny, and explicitly allow through only certain sites.

I only mention it because generally I run with popup blocking on, but my online
banking redirects to a new page which pops up the window in the onLoad event,
meaning it gets blocked. It's the only site I want to allow to popups from.

It would be nice as a hidden pref -- ie. set 'block all' in the UI somewhere,
and have something on prefs.js that lists the domains of sites to exclude from
popup blocking. The prefs UI has enough pointless things in there without an
advanced-user level feature like that (you have to know there's a popup being
blocked in order to whitelist it, and your average user isn't going to figure
that out themselves...)
yeah, we need to find a new location for nsIPopupWindowManager.idl and the
contract ID or back this out - it busts the heck out of embedding customers. It
looks like its only in xpfe/bootstrap, so how about xpfe/components/popupmanager
or something? That at least gives us the flexibility to make a new
xpfe-component that does per-site management some time in the future.
  Antony, Jason: I argue that you only think you want a whitelist. It seems
appealing, but then for some reason sites like, say, www.carsdirect.com don't
work. Which was my entire motivation for implementing site-by-site blocking.
(Why doesn't this link do anything? Oh. Probably Edit > Prefs > Advanced >
Scripts > Popups > OK > try again. Oh yeah.) Yesterday's UI just suppressed
carsdirect's informational windows. Today's UI says "this looks like a popup;
tell me if you want me to suppress these things." Tomorrow's UI could have
whitelist capability and give some indication that popups are being suppressed.
I don't want to give the impression that I'm even trying to preclude that. But
tomorrow's world is another big leap. In tomorrow's world, you need the latter
to really have the former. See the link in comment 25 for ideas on that.
  Tomorrow's UI is certainly more complete and rife with options. But I wonder
whether in practice all that extra complexity is particularly helpful. I'm
thinking most users will quickly tune their blacklist to their common patterns
and it'll all be good. Popups aren't as ubiquitous as cookies. But maybe I'm
wrong. Luckily, I don't have to be right. This is all fixable.

  Alec, Darin: yeah I know. Working on it.
I'm going to take a minute and throw a real-world example at this argument.

*most* people I know browse with Popups off; the main reason for this is the
same as the reason the feature was suggested. There are few onLoad window.open
events that are actually "of use" - most "useful" popups trigger on mouseover /
mouseclick.

Now, Given this fact, it makes sense to spend almost all of your time with
popups off, unless you either like ads, or frequent sites that actually *do*
have important onLoad popups.

I regulary visit one such site - http://www.241pizza.com - for reasons that
still escape me clicking on "online ordering" (and yes, I know, I'm a lazy one)
opens a new page with the express purpose of launching the ordering window in an
"onLoad" event. A minor annoyance - I remember to enable popups before I order
pizza.

However, let's suppose that instead of this one site, a regularly frequent a
poorly designed site that puts information I *really* need in onLoad popups. As
such, I choose the "blacklist" option. Works perfectly because, as you have
suggested, once I've worked in my "normal usage pattern", those sites I
frequently visit that I *don't* need popups on will quickly be a non-issue.

But there's a third scenario - One where someone frequently visits a site they
*want* popups enabled, and spends a lot of time crawling the web instead of
visiting regular websites. Often Research students with poorly designed Campus
websites, as well as support and administration personnell will fall into this
category. There are intranet/customer sites that *need* popups to be working,
but it's likely they'll only visit other sites once or twice, as the result of a
Google search or somesuch.

*These* are the people to which a whitelist makes sense. Otherwise they're in a
bind: They can enable the blacklist and spend most of their time disabling
popups on sites they aren't likely to visit again, or they can disable them
altogether and either use another browser/profile to surf these sites that do
need popups, or spend a LOT of time with their pref window open. :)

Just another way to look at the situation. The importance of the above scenario
is left as an excercise to the reader, of course. :)
Some comments (a lot of email traffic last night - a good thing, but I'm now
catching up):

> lacking some indication that a popup has been blocked, a whitelist approach is 
> dangerous

Since I've always just blocked everything, this has never been a problem.  (You
could say that my current behaviour is even more dangerous than just accepting
some sites.)  When a site doesn't do something that I think it should then I
turn off the pop-up blocking to see if that's causing the problem.  I won't ever
switch to a "Block this? Yes/No" (blacklist) approach for the same reason I
won't do so where cookies are concerned.  There are simply too many different
sites I visit and the constant clicking is distracting and annoying.  Since
99.9% of the sites I go to I *DO* want blocked, that means that there's only .1%
that I want to allow pop-ups from.  Which means that a whitelist would be far
preferable to me and, I think, to most users who are in the same boat (wanting
everything blocked except a very few specific sites).

(With the inclusion of alerts/prompts now being part of pop-up windows - bug
167599, I'm now in a situation for the first time where a legitimate site that
uses alerts for notifition of new email (Horde/Imp based sites) is being blocked
and my current "deny everything" policy is, for the first time, causing me
problems with a permanent site.  I'm sure others have had similar experiences
with pop-ups in general.)

Also, I explicity *don't* want some kind of "This site is being blocked, is this
okay with you or should we whitelist it?" prompt.  (That's just as bad a
blacklist prompt on every site I haven't yet visited.)  As I mention above, if I
investigate a site that isn't working as I think it should, and discover the
remote possibility that it's because a pop-up is being prevented, then I could
manually do something to allow it.  A whitelist need not be exposed to the user,
but it should still exist in some file or prefs.js entry for those people who
want/need to edit it.

I'll stop talking about this now since I recognize the work that was done here
(excellent for those people who's browsing habits support it) and we should just
get on with the day.  (Whitelists can be treated as a separate enhancement bug.)

Additional comment: Where will the blacklist "live"?  Once you block a site, how
do you "unblock" it if you change your mind?
Small issue: the title of the Popup Manager window is 'Image Manager'.
> Once you block a site, how do you "unblock" it if you change your mind?

Nevermind - stupid question.  RTFM.

However:  How do I disable popups altogether now?  I don't ever want to see a
popup - and I don't want to be asked every time a site tries to set one.  Is
this no longer possible?
Yeah, what Jason says in comment 35.  I was disturbed when using today's build
to find that, despite saying no popups, I kept getting popups that asked me if I
wanted them.  Or is this because the prefs panel hasn't been changed to add all
the new options?
jasonb hit the nail on the head: an incompatible change to the pref that used to
mean "no unrequested windows" where "unrequested" had a clear meaning in code is
a big regression, and should be undone ASAP.

danm, please use another pref, and respect the absolute sense of the existing
one, which lots of people including me count on.

/be
FWIW: I can see no existing pref that would do the trick.  A wholly new
preference is going to have to be created, similar to cookies, and the Script &
Plugins UI reworked to something like this:

( ) Block all popups
( ) Allow all popups
( ) Allow some popups (default to accept)

I've currently reverted to the 9/10 build, since existing behaviour is not
acceptable.
>FWIW: I can see no existing pref that would do the trick.  A wholly new
>preference is going to have to be created, similar to cookies, and the Script &
>Plugins UI reworked to something like this:

>( ) Block all popups
>( ) Allow all popups
>( ) Allow some popups (default to 
>accept)http://www.mozilla.org/mailnews/specs/misc/Popups.html

http://www.mozilla.org/mailnews/specs/misc/images/Popup3a.gif
http://www.mozilla.org/mailnews/specs/misc/images/Popup3b.gif
None of those UI examples replicate the blacklist functionality that's currently
present.  In fact, 3b ironically shows a whitelist example.

But regardless of what UI is used, the present implementation is a major
regression.  It should be backed out and only put back in once there's some kind
of UI in place to properly support it.  The ability to reject all or allow all
should only be added to, not replaced.
I have to agree with comment 40 - I specifically downloaded today's build to
take a look at this, and although in principle it's awesome to finally have this
(kudos on the work!), there should still be an overriding popup block possible. 
Also, I was wondering why I don't mind the blacklist-approach for cookies but do
for popups, and I think it's because the cookies question is a _lot_ faster and
less intrusive than the popup-checkbox. - The popup loads completely before you
can block it from then on, while with cookies you block them _before_ they're
actually set.

Finally, an error I noted (at least, I think it's an error, it could be by
design - but is inconsistent with cookie manager behaviour). The popup manager
only shows up in the Tools menu if you have the enable "unrequested windows"
unchecked. - So there's no way to get to the popup manager if you do enable popups.
According to Dan in comment 12, his patch is supposed to allow only "reject all"
and "reject by site."

I believe what's happened here is an unfortunate 180 in the logic of pref
implementation.  The current patch should be activated when "Open unrequested
windows" is CHECKED not unchecked.  Because currently we're in a situation of
"allow all" and "reject by site" - rather than what Dan originally intended.

Rather than backing this out entirely, the true/false logic on the code checking
the status of the pref needs to be reversed.  Then, when we say to block all,
they all get blocked; when we say to allow all they all get allowed *and*
there's the option to uncheck the box and block some individual sites.
Christ! Use yesterday's build or a stable build or have some patience or
something. Try backing me out and you own this bug.
<None of those UI examples replicate the blacklist functionality that's 
>currently present.  In fact, 3b ironically shows a whitelist example.

Option 3a has the whitelist only example.

Option 3b and 3c both have the ability to block all pop-ups or allow all 
pop-ups (covers the current on/off setting in JavaScript prefs). 

They both also have a "customize" option, which would allow users to either: 

1) block all and create a whitelist, 
2) accept all and create a blacklist or 
3) an "ask me for each website" option, which would bring up the pop-ups with 
the checkbox on them like danm's current design.

danm's doing the right thing, so everyone give him a chance to restore the
_status quo ante_ as far as the unrequested windows pref and the meaning of its
two states.  I promise to be nice to him, too.

Discussion of new "third" states or new prefs and their UI should continue, but
maybe it's better done in a newsgroup -- just a thought.

/be
Alright you wags. The popup window manager is unhooked, though still lurking in
the codebase. This for two reasons: it caused a Txul slowdown (expected, but I
neglected to have done damage control before the fact) and I didn't account for
the dependency that every port and embedded app has on DOM-level control of
popups. If this feature comes back it'll have to subject itself to the
current/old popup control pref, rather than replace it.
Please also consider changes due to bug 167559 (distinct controls for popup
windows and alerts/prompts wanted).

I guess, this bug and bug 167559 should block, I am not sure which way, though.

pi
A fix for bug 167559 would make its way into a finer-controlled preference UI,
so this bug couldn't be properly finalized until the other is resolved.

Marking dependency.
Depends on: 167559
Comment on attachment 98406 [details] [diff] [review]
implementation of site-by-site popup window management

>Index: xpfe/browser/resources/content/navigator.xul
>===================================================================
>RCS file: /cvsroot/mozilla/xpfe/browser/resources/content/navigator.xul,v
>retrieving revision 1.386
>diff -u -r1.386 navigator.xul
>--- xpfe/browser/resources/content/navigator.xul	11 Aug 2002 12:16:39 -0000	1.386
>+++ xpfe/browser/resources/content/navigator.xul	9 Sep 2002 06:54:23 -0000
>@@ -412,4 +412,9 @@
>     <statusbarpanel class="statusbarpanel-iconic" id="security-button"/>
>   </statusbar> 
> 
>+  <hbox id="popup-control">
>+    <separator class="thin"/>
>+    <checkbox id="popup-checkbox" label="&popup-control.label;" checked="true"
>+              oncommand="popupCheckboxClick(this)"/>
>+  </hbox>
> </window>

A checkbox on its own line? That's a lot of UI space for one feature.
Would you mind turning this into a statusbar panel à la offline?
neil: then we'd have to show the whole status bar, which would be confusing. see
the screen shot.
Little known fact: (most of) the popup window manager was checked in last
weekend. This preferences panel adds the UI to activate it.
The last patch reorganizes the prefs controlling popup management in
anticipation of the day when we support whitelists. This patch updates the
popup manager to use that pref organization.
I split this out (and changed it a bit since its form in attachment 98406 [details] [diff] [review])
because it's problematic. But here it is should we decide to go with it.
Comment on attachment 99583 [details] [diff] [review]
pref panel to control popup prefs

>Index: extensions/cookie/resources/content/cookiePrefsOverlay.xul
>===================================================================
>RCS file: /cvsroot/mozilla/extensions/cookie/resources/content/cookiePrefsOverlay.xul,v
>retrieving revision 1.6
>diff -u -r1.6 cookiePrefsOverlay.xul
>--- extensions/cookie/resources/content/cookiePrefsOverlay.xul	29 Mar 2002 02:43:29 -0000	1.6
>+++ extensions/cookie/resources/content/cookiePrefsOverlay.xul	17 Sep 2002 22:49:46 -0000
>@@ -40,6 +40,12 @@
>                       label="&images.label;"/> 
>       </treerow>
>     </treeitem>
>+    <treeitem position="3">
>+      <treerow>
>+        <treecell url="chrome://cookie/content/pref-popups.xul"
>+                      label="&popups.label;"/> 

Nit: typically we try to line them up like this:

<element attr1="..." ....
	 attr4="..." ..../>

Also applies to two (or more?) places below.

>  function setButtons(all) {
>    if (all)
>      if (policyButton.value == 1)
>        customCbox.removeAttribute("disabled");
>      else
>        customCbox.setAttribute("disabled", "true");

For managability you should probably wrap the above then block in {}

sr=jag.
Attachment #99583 - Flags: superreview+
Comment on attachment 99583 [details] [diff] [review]
pref panel to control popup prefs

>  function setButtons(all) {
>    if (all)
>      if (policyButton.value == 1)
>        customCbox.removeAttribute("disabled");
>      else
>        customCbox.setAttribute("disabled", "true");
>    if (policyButton.value == 1 && customCbox.checked)
>      manageButton.removeAttribute("disabled");
>    else
>      manageButton.setAttribute("disabled", "true");
>  }

btw, you should be able to write this as:

  if (all)
    customCheckBox.disabled = policyButton.value != 1;

  manageButton.disabled = policyButton.value != 1 || !customCheckBox.checked;
Comment on attachment 99584 [details] [diff] [review]
update implementation to use new pref structure

>@@ -228,16 +232,19 @@
>                               const PRUnichar *aData)
> {
>   if (nsCRT::strcmp(aTopic, sPrefChangedTopic) == 0 &&
>-      NS_LITERAL_STRING(POLICYSTRING).Equals(aData)) {
>+        (NS_LITERAL_STRING(POLICYSTRING).Equals(aData) ||
>+         NS_LITERAL_STRING(CUSTOMSTRING).Equals(aData))) {

Nit: indentation looks a bit odd.

>@@ -262,8 +269,10 @@
> 
>   if (NS_SUCCEEDED(rv)) {
>     nsCOMPtr<nsIPrefBranchInternal> ibranch(do_QueryInterface(mPopupPrefBranch));
>-    if (ibranch)
>-      rv = ibranch->AddObserver(sPopupPrefLeaf, this, PR_FALSE);
>+    if (ibranch) {
>+      ibranch->AddObserver(sPopupPrefPolicyLeaf, this, PR_FALSE);
>+      rv = ibranch->AddObserver(sPopupPrefCustomLeaf, this, PR_FALSE);

Inconsistent use of rv. I suggest you just drop the |rv =| there.

sr=jag
Attachment #99584 - Flags: superreview+
Comment on attachment 99591 [details] [diff] [review]
add the "i'm a popup" checkbox to the chrome

>+// opener may not have been initialized by load time (chrome windows only,
>+// and only some platforms). keep trying. (It's not a good idea to keep trying
>+// on a timeout since the opener may legitimately be null.)
>+function maybeInitPopupCheckbox()
>+{
>+  // already initialized or can't (yet) initialize?
>+  if (gOpenerOrgURI || !window.content || !window.content.opener)
>+    return;

I don't think window.content can be null. jst would know this for sure.

>Index: xpfe/browser/resources/content/navigator.xul
>===================================================================
>RCS file: /cvsroot/mozilla/xpfe/browser/resources/content/navigator.xul,v
>retrieving revision 1.388
>diff -u -r1.388 navigator.xul
>--- xpfe/browser/resources/content/navigator.xul	12 Sep 2002 01:16:50 -0000	1.388
>+++ xpfe/browser/resources/content/navigator.xul	17 Sep 2002 23:06:54 -0000
>@@ -53,6 +53,7 @@
>         titlemodifier="&mainWindow.titlemodifier;" 
>         titlemenuseparator="&mainWindow.titlemodifiermenuseparator;"
>         windowtype="navigator:browser"
>+        chromehidden="popupcontrol "
>         width="610" height="450"
>         screenX="4" screenY="4"
>         persist="screenX screenY width height sizemode"> 

I wonder how big a part this plays in slowing down the normal case (all chrome
shown, popupcontrol hidden)...

For CSS rules like:

  window[chromehidden~="toolbar"] #nav-bar-buttons

we used to get away with -- once the window element was found -- seeing that
there was no chromehidden attribute, and thus could move along to the next
rule. With this change we'll now find the attribute and will have to search for
"toolbar" in its value.
If this is indeed the case, perhaps we could inverse this, where we hide it by
default, but if "-popupcontrol" is found we show it?

Let's see what we can do to here to make this cheaper.
Comment on attachment 99583 [details] [diff] [review]
pref panel to control popup prefs

Nit of the day:

- In pref-popups.xul:

  <radiogroup id="popupPolicy" prefstring="privacy.popups.policy">
    <radio value="1" label="&popupAllow.label;"
	    accesskey="&popupAllow.accesskey;"
	    oncommand="selectPolicy()"/>
      <checkbox id="popupCustom" label="&popupCustom.label;"
		style="margin-left:2em"
		prefstring="privacy.popups.usecustom"
		oncommand="selectCustom(this)"/>

The above element is indented 2 spaces too far.

r=jst
Attachment #99583 - Flags: review+
Comment on attachment 99584 [details] [diff] [review]
update implementation to use new pref structure

r=jst
Attachment #99584 - Flags: review+
What do you currently have as the default setting for blocking?

What about having pop up blocking disabled but when you first install have a pop
up saying "Do you hate pop ups?" and leading them to the preference panel :-) 

I just really want to make sure users know about this feature and how to control
it so we don't create more evangelism issues in case we inadvertently block
critical popups. 
The preference panel and preference organisation patches have been checked in.
It's a go, then. That's everything, except the (optional) "i'm a popup" checkbox
which can be added at any time, or not, and ongoing arguments about whether
alerts should be controlled as well.

On to comments about comments about those last two patches:

dudes! indentation?

>Nit: typically we try to line them up like this:
>
><element attr1="..." ....
>         attr4="..." ..../>
>
but not in that file.

> <radio value="1" label="&popupAllow.label;" ...
>   <checkbox id="popupCustom" label="&popupCustom.label;" ...
>
>The above element is indented 2 spaces too far.

And here I thought I was being so clever. The checkbox isn't really part of the
radiogroup, so I wanted to call it out. And besides, the checkbox is indented
visually, in the panel itself, as well.

>For managability you should probably wrap the above then block in {}

extraneous braces are for weenies.

>btw, you should be able to write this as:
>
>  if (all)
>    customCheckBox.disabled = policyButton.value != 1;

wow! That used to not work. How cool that it does now. How long has that been
fixed? Years?

>Inconsistent use of rv. I suggest you just drop the |rv =| there.

If there's a problem with the second PrefBranch, it'll probably show up in both
attempts to AddObserver. I thought that checking both times made it a little
harder to read and was probably redundant. More me trying to be clever.

-- and now for the "i'm a popup" checkbox patch that hasn't been checked in --

>I don't think window.content can be null. jst would know this for sure.

It shouldn't ever happen, at least not in navigator.xul. But I'm still skittish
about removing the check. It's "only" JS, so a failure here would probably only
abort the function anyway. So OK... I can remove that. Skittish.

>+        chromehidden="popupcontrol "
>...
>I wonder how big a part this plays in slowing down the normal case (all chrome
>shown, popupcontrol hidden)...

This *is* how I avoid slowing down the normal case.

>we used to get away with -- once the window element was found -- seeing that
>there was no chromehidden attribute, and thus could move along to the next

I can't find that, but I do see updateToolbarStates(), which seems to be trying
to implement the chromehidden attribute for toolbars and statusbars in js. And
then it clears chromehidden without even checking for anything else! Looks like
an error.
Susie (comment 60): By default, all popups are allowed. Which clears the way for
a popup popup :).

It's all checked in now, except for the ancillary issues I mentioned at the top
of comment 61. Now that the feature is less screenshot and hand-waving, more
visible and working, this is the point where the floor is wide open to comment
and criticism. Be gentle. I'm still nursing bruises from last time.
danm, you iconoclast.  Make independent entities at the same level of syntax
line up, for crying out loud.  And brace inner if-else against outer if to avoid
the notorious dangling else problem -- do you want to cause another lost space
probe or AT&T telephone switch crash?  (/me plays fast and loose with comp.risks :-)

/be
I like it - some things I'm noticing: right now I'm seeing both 
- advanced: scripts & plugins: allow scripts to open unrequested windows
and
- privacy & security: popups: allow pop-up windows
Changing the state of the one doesn't change the state of the other. (So I'm
assuming there are different underlying prefs.) How exactly are these meant to
interact? Which pref is stronger?
Also, the popup manager still doesn't appear in the Tools menu unless you're
allowing popups. This isn't consistent with the other managers.
  Sander: Yes, there are two independent preferences. The Advanced > Scripts
preference is stronger, because it has the right of first refusal. Touching the
Popups preference (the weaker one, in the popups preference panel) will clear
the Advanced > Scripts preference. Should you then go reactivate the Advanced
pref, the Popups prefs will be disconnected and useless.
  We have to keep both preferences functional because the (older, stronger,
simpler) Advanced pref is used by every embedding app as an easy, cheap way to
implement popup blocking. Arguably it makes sense to remove the UI for setting
the Advanced pref from Mozilla, because it's redundant and confusing now.
Despite that I think I can hear howls of protest as I type, so I'm not
volunteering to do that.
  The popup manager is kind of difficult to discover as implemented, yes. But
teasing you with its presence in the Tools menu when it's been deactivated in
the preferences dialog would be confusing. I think it'd be better to ditch the
preferences panel completely, or rather move its UI to the Popup Manager dialog.
Then it would be reasonable to leave the Popup Manager always visible and active
in the Tools menu.
  Ah, but that would be a different bug. Please don't assign it to me. Wouldn't
mind being cc:ed, though.
Confirming #64 and #65, it is really confusing to have both Advanced -> Scripts
& Plugins and Privacy & Security -> PopUp Management.

I think if the options under Scripts & Plugins needs to reside than move it into
the UI of the Pop Up Manager. So People are not confused to find obvious
duplicate settings, rather then control it all from one point.

[OFFTOPIC]
does the popup appear at http://www.catchthegroove.com when you click on listen?
Anybody ?
For me not, having Scripts & Plugins -> Open Unrequested Windows unchecked.
Question: 

Wouldn't it be ok to remove the UI entry under Advanced -> Scripts & Plugins ->
Open unrequested Windows

and let Privacy & Security -> Popups -> Reject Popup windows 

do the job ?
I mean with regards to the embeddors, that "Reject Popup Windows" Calls the same
function as "Open unrequested Windows"

BTW, I checked it and it's currently not working for me.
Popup management isn't supposed to be a secretable feature any longer, so
perhaps as Sander mentions (comment 64) it should just be enabled or disabled.
Still not the best UI and not quite according to guidelines on Linux and
Windows but at least this version /works/ on the #*&$% braindead Macintosh.
Carsten, comments 66 and 67: 
Three options:
1) Put the Advanced preference in the same preference panel as Popups.
2) Remove the UI for the Advanced preference.
3) As is.

I think #1 would be be even more confusing. The popups pref panel would look
something like
------popup pref panel ------
(*) enable popup management
( ) disable popup management
[x] seriously

except less clearly worded. #2 has the drawback that the preference is still
supported and it's nice to have the visual indication of its setting. This is
especially true if somehow some other application (which shares your Mozilla
user profile; an error but it happens) gets in a tug of war over this
preference. That leaves #3; a less than optimal solution but I think the least
of available evils. On the plus side, it is an "Advanced" preference. Not for
twiddling without clues.

And yes, effectively that leaves two separate preference panels which both try
to set the value of that one preference. If the user hits both panels before
hitting OK, the results may be surprising. Sigh.
Voting for Option 1)
Comment on attachment 100014 [details] [diff] [review]
rather than hide it, disable the popup management menu when appropriate

r=morse
Attachment #100014 - Flags: review+
Thinking that attachment 99591 [details] [diff] [review], the "i'm a popup" chrome checkbox, is way
convenient but sets a bad precedent, this patch offers a replacement. It adds a
popup-blocking item to the context menu.
  There are a lot of things potentially wrong with the patch. Reviewers ahoy.
> Thinking that attachment 99591 [details] [diff] [review], the "i'm a popup" chrome checkbox, is way
> convenient but sets a bad precedent

Can you elucidate a bit on why you think it would set a bad example?

At present, I can think of a couple of things to say about the "I'm a popup"
feature - and they're both positive.  It gives a clear indication to casual
users that the window that they're seeing *is* a popup (some people might not
appreciate the distinction, thinking that the new window is simply "part of" the
site), and it also educates them on the existence of the popup manager in the
first place.

Anybody who didn't know about this new functionality would probably not
"experiment" by bringing up a context menu - they'd simply close the window and
be no more enlightened than before...
In the interests of usability, I think that blocking anything (images, cookies,
Pop-Ups) on a domain basis should be done THE SAME WAY browser wide.  I vote for
context menu, not a check box. Am I suddenly going to look for a checkbox in the
corner of a banner ad?  Not a great example, but I think you get my meaning.

> In the interests of usability, I think that blocking anything
> (images, cookies, Pop-Ups) on a domain basis should be done THE SAME WAY
> browser wide.

In that case we have a problem - because cookies currently DO use a checkbox (or
dialog popup if you want).  You can block/unblock from the menu too - but
there's no way (technically) of right-clicking on a "cookie" to block it and
bringing up a context menu.  There simply is no Web page element that represents
a cookie.  (Adding it to the generic Web page context menu wouldn't work either
since it wouldn't take into account specific cookies, or other cases.)
Of course.  Fair enough. I guess I was thinking more about the image blocking so
that was sort of a non-thinking blanket statement. Sorry.

Of course there is no page element which represents a cookie.

I know I'm coming into this late and may just be complicating things.

Actually, reading and thinking about this more, I may be about to do a 180
anyways. I'm downloading a build.  Does the checkbox only appear if the pop-up
blocking pref is enabled, or is it there on every pop-up window?

Jason: for the record, I like the "i'm a popup" checkbox. I run with it in my
own builds. But I think it's not cut out for general release. (1) I worry that
it sets a precedent of taking up precious chrome space to solve a very specific
problem. It would be out of the question if we were talking about general
browser windows. For popups only, it's still kind of sticky, I think. (2) Both
options, checkbox and context menu, only make sense for blacklist management.
Someday we'll have support for whitelists, and it seems most users will opt for
that. Then the checkbox will be an entire row of chrome whose use has fallen out
of fashion. An element with a first-place position in the chrome should be
widely used. Mozilla's chrome is cluttered already; I don't want to be a member
of the uncelebrated group of people who've cluttered the chrome. (3) We
misidentify some windows as popups. Or rather, web programmers for some reason
code windows that open in response to legitimate user actions in ways that make
them appear to be popups. The checkbox is highly visible and in these cases,
inappropriate.

And as rob points out, /image/ blocking has already set a precedent for using a
context menu to solve this problem. The menu is less daring and a little
disappointing, but it does follow precedent.

The main thing is to provide a convenient way for blacklist users to shut down a
site. You know it when you get a popup, whether or not there's a visible
indication. I imagine a user who has taken the trouble to turn on custom popup
blocking could nearly be expected to look in the context menu for a nice
shortcut. Or not. There is the slow way.

I'm not dead set against the checkbox. It's kind of iconoclastic and it makes me
happy. But I expect that I'd regret it later, like a tattoo. If we want to
continue this, maybe we should move to, say, netscape.public.mozilla.ui, and
just present the decision in this bug. Nobody say "make it a preference." Please.
danm: the problem with the context menu is that it can already have 20 items
(not counting seps). If i pop about: into a popup i'd get a 21st, that's way too
many (a bunch of the items are just bugs, but the fact is our context menus are
too long). If people went to a whitelist system, we might not show the checkbox
in popups.
I still think that a popup window "just appearing" will not give enough
indication of what it is and/or the existence of a function that is not
specifically expressed.  (As with a checkbox.)  So *just* a "hidden" context
menu is not giving enough feedback to users as to the popup manager's existence.

So, without a checkbox, there should be some alternative visual cue informing
the user that what they are seeing is a popup - and indicating to them how they
can now block them if they so desire.

Here are some suggestions:

1. A top level menu item that appears only when what's being viewed is a popup
window.  This could be the same as moving and/or copying "Popup Manager" from
the  existing Tools menu to the right of "QA".

2. A "Block This Popup" text icon that appears on the status bar when a popup is
being displayed.

3. Prepend "Popup Window (Right-click to block) - " to the popup window's title.

I'm sure there are others.  But the point being that in the absence of a
checkbox there needs to be some UI method of communicating to the user that a)
what's being displayed is (at least most likely) a popup window, and b) how they
can block it if they wish.  None of the above 3 methods add to the existing
chrome in any detrimental fashion that I can see.

As for not using context menus - even if we don't, something like one of the
above 3 cues should still be used if checkboxes are not utilized.  Visual
feedback (with instructions if appropriate) is key.  I realise that there is no
such visual feedback with images and image blocking - but popup windows are so
much more obvious, annoying, and popup blocking is such a key feature of
Mozilla, that I think it deserves more attention.
I don't think that "educating users about the existance of popups" is in order here.
If a window appears containing commercial content that I don't wish to view, I
will check the context menu (if that's what's ultimately done) to see if it can
be disabled and, if so, disable it. If users can't tell the difference between
popups and content related to the page they are viewing, then I don't see where
the problem is. A check box somewhere in Edit->Prefs that lets users choose to
suppress popups should be easy enough for anyone to find or stumble upon if
they're looking for, or interested in, this type of functionality.

Besides, if the UI is so obvious that it generates a large amount of attention,
it may prompt advertisers to come up with a way to get around it, probably
making advertisements even more annoying than they already are. I hate intrusive
advertising as much as the next guy, but aggressively publicizing a way to
thwart the 100lb gorilla that is corporate marketing won't earn anything but
trouble.

Just my $0.02
Me voting for a "Default Deny" Policy, because popus are unlike images and
cookies just annoying.

Further more I have blocked all popup's  and there is only one page I would like
to have popups appear, can you imagine how much work it is to achieve that, with
the current blacklist policy ?

Blocking all but one page is a crazy job.

My 2 EURO
What about a dialog box (alert) when first popup is displayed? The text may be
like: 'This is a popup window which often contains just advertisement. You may
disable it from appear in future'. And certainly there should be a checkbox
'Don't show this alert anymore'.

Mozilla already does this for alerting user of submitting unencrypted info. I
thinl this is a good example.
dialog boxes are extremely annoying, the only thing i can think of that's worse
than a popup is two popups which is what a dialog preceding a popup would be.
Please move this discussion over to the appropriate newsgroup(s).
Depends on: PopupIndicator
*** Bug 171168 has been marked as a duplicate of this bug. ***
Advert: Moz1.0/NS7.0 users can also use Diggler (http://diggler.mozdev.org/) to
disable/enable popups from a drop down plus some other handy features.
  We have popup management. Closing this bug fixed!

  Mass responses:
  Pref panel wars (comment 64 - 70 except 68): I agree we have a problem, but I
don't see how any of the suggested solutions is an improvement over the status
quo. I admit I'm favoring clean(er) UI over complete disclosure.
  "i'm a popup" checkbox vs context menu wars (comment 72 - 83 except 81): I
think we're all agreed it could make sense either way. I'm exercising my right
to make it go one way. It's the context menu. Sorry about that, those who prefer
the checkbox. Let's please just run with the context menu for a while and see
how it flies. We can always add the checkbox or something else. For now I feel
I've added enough new things to the UI.
  Whitelist request (comment 24, comment 29 - 33 except 30, comment 81): Clearly
people want this. However the backend doesn't support whitelists (see bug 75915
(cookie and popup window management share the same internals)). Once general
whitelist support is implemented, teaching it to the popup window manager will
be trivial.
  Controlling popup windows separately from popup alerts (comment 47, 48): punt.
Those who want this, effectively you have what you want. The Advanced pref still
controls both, but the Manager doesn't. The Advanced pref is redundant now; if
you don't want alerts stymied, use the Manager in its harshest "no!" setting. I
promise if website author jerks ever force me to teach the Manager to control
alerts too, I'll make it configurable.

  Thanks to everyone for helping me work this thing through, and especially
thanks for the occasional positive feedback. I hope I haven't arbitrarily
ignored too many peoples' opinions and I leave the door open for enhancement
bugs. But for now, we have a feature. Happiness.
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Hello,

Many web sites I visit display popups I can't block because they are made up of
a flash animation, therefore I can't access the context menu. Shouldn't this be
a reason to use a checkbox instead ? Is there a way to set a pref in prefs.js so
as to have a checkbox ? Or is there a way to access Mozilla context menu when
displaying a flash animation ?
Another thing that makes context menu less than optimal is that pages can
disable it.
  Remember the context menu is only a shortcut. Its absence doesn't restrict
your capabilities, it only makes it less convenient. (right click > select)
rather than (switch windows, tools > popup manager > block). However, I keep an
up-to-date patch that I use in my builds. If someone were to open a new bug to
add the checkbox, I'd add the patch and keep an eye on the bug's vote tally. (It
seems disingenuous for me to open the bug myself.)
Done.  Opened bug 171964 as an enhancement request to add the checkbox.  CCd Dan.
What about pressing the content menu key (assuming you have one)? Alternatively,
open the prefs from another window and disable popups from there.

Failing that, see my advert :)
Regarding to comment #27:

"Pop-up" naming should be consistent. So far we have "pop-up" in Prefs panel,
but Category->Privacy & Security still calls it "popup", so is button in the
panel - "Manage Popup Permissions".

Also wrong are:

- "Popup manager" window title, it's tab title and a text on this tab.

- All menu positions in Tools
'scuse, I'm feeling snitty today, so I have to gripe about *your* usage:

- "Popup manager" window title, it's tab title and a text on this tab.
grammar is dead                 ^^^^

But anyway quite right, popups should be given a consistent name. Done. Thanks
for reminding me.
Popup context menu AND menu options not working in Win2k build 2002100704.
Context menu never shows up and all the menu options under Tools->Popup Managaer
are greyed out.
danm:

Thanks :) I'm not a native English speaker and still have problems with grammar
- thanks for pointing this!

Jeff:

Have you checked "Use custom settings" on Privacy & Security->Pop-ups tab?
"Use custom settings" is checked. 

Side note: I also can't seem to get the context menu to work on the OS X build
2002100603. Maybe I'm clicking in the wrong spot, but I've tried clicking on the
window background, pics, links...nothing about popups in the context menu. Am I
doing something wrong here?
Been talking with Jeff. Popup management menus disabled or hidden is a version
of bug 172586. It happens only after installing (using the installer, not
untarring) on top of an older build. Trash your old build before installing a
new one and this problem should go away.
(adding to previous comment) except on Macintosh installed builds, where the
missing popup UI is a case of bug 174466.
Haven't been able to test on original machine (it's still broken), but popup
manager menu and context menu work fine on new machine with 10/15 build.
I just noticed that the current impl. on the trunk is blocking javascript
alert()'s, which will break a ton of sites.  Is this a known issue?
doron: yes, that's known - it's even in the release ntoes for 1.2b - bug 167559
(which apparently also blocks this one)
.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Site-by-site popup blocking has once again been backed out of Mozilla. The
feature will no doubt return in future builds. Reassigning to feature owner.
Assignee: danm → dveditz
Status: REOPENED → NEW
Target Milestone: mozilla1.2beta → ---
Hey, what happened? I thought this was working OK.

Of course, a whitelist would have been better, but this was a start....
  d'oh! always with the whitelist! :)
  There were some regressions and problems (see bug 167559, bug 173016, bug
174775; maybe others) that as a company we proved unequal to the task of fixing
before 1.2 final. It's sad. I think we're too big. But expect popup blocking to
return in 1.3 and expect whitelists.
No longer depends on: 167559
*** Bug 176763 has been marked as a duplicate of this bug. ***
Wow! I'm surprised! The PopUp-Manager worked perfect since the first build it
was implemented and I liked/needed it very much!
And I can't agree to let it be the reason in changing it from black to
whitelist. It's all the way better only to block those pages which are using
"bad" popups. Whitch a whitelist the user is not able to "see" which pages uses
usefull popups. And yes, there are a lot of websites which are having such a
"service"!
I hope all of you think about that. :-)
I liked to see the PopUp-Manager like it was until some days ago in the 1.2
release. :-)
I think that's mainly because the number of malicous sites that would misuse
popups far outweighs those that would use them correctly. :)

Also, in most cases, you can tell where a popup was supposed to open but didn't,
which allows you to "whitelist" the site and reload.
Blocks: popups
Ok, this patch looks clean with some exceptions:

1) this snap looks a bit to complicated:

 41 <!DOCTYPE page [
 42 <!ENTITY % prefPopupsDTD SYSTEM "chrome://cookie/locale/pref-popups.dtd" >
 43 %prefPopupsDTD;
 44 ]>

Why don't you use this line:
<!DOCTYPE page SYSTEM "chrome://cookie/locale/pref-popups.dtd">

2) Inline style code is a 'bad habit' and should not be used ;)
http://lxr.mozilla.org/seamonkey/source/extensions/cookie/resources/content/pref-popups.xul#98

3) some line indentions are wrong, check lines: 95,96,102, and 103

4) you use |selectPolicy()| and |selectCustom(this)| but |viewPopups();|
   I would say, remove the |;| or add two of them :-)

note: why isn't the bug severity set to Enhancement? It is one, right? 
CC'ing self and updating severity...
Severity: normal → enhancement
I'm a little confused here. Didn't the site-by-site blocking and the global
blocking use the same code? So alerts would be blocked either way. How does
taking out the site-by-site blocking solve the problem? Now you can have alerts
and all popups or no alerts and no popups, versus choosing which sites can do
alerts and popups.
Alerts, confirms, and prompts are now not blocked regardless of the global
setting; there is no way to block them (there is, however, a bug on putting in
yet another pref for doing so). Has nothing to do with the per-site management
features.
Attached patch restore old UISplinter Review
removing the 1.2 blocking UI was a review condition for the backend changes I
made in bug 174765 because those changes supposedly broke it, but with a
one-line change the old UI basically works with the new backend. A real
nit-picker might notice subtle behavioral differences, but to the average user
it'll appear to be the same.

We're going to change the UI in 1.3, but if you want the old one back in the
1.2 meantime here it is.
*** Bug 180027 has been marked as a duplicate of this bug. ***
*** Bug 180826 has been marked as a duplicate of this bug. ***
CC -> self
*** Bug 182494 has been marked as a duplicate of this bug. ***
*** Bug 182372 has been marked as a duplicate of this bug. ***
*** Bug 182667 has been marked as a duplicate of this bug. ***
*** Bug 182683 has been marked as a duplicate of this bug. ***
Any progress on getting the pop-up blocking added back in now that 1.2 is
finally released? I'm still using 1.2 beta just so I don't loose the functionality.
Agree with Jeff (comment 122) and regret upgrading from 1.2b to 1.2:
New proplems appear (Bug 169777), old problems still there
(Bug 158285, Bug 82775).
Popup manager in 1.2b was not perfect but WORKSFORME ;-)
*** Bug 182372 has been marked as a duplicate of this bug. ***
1.3a looms. So here's another way to restore the old UI to the trunk. Either
version will do. But if you go with the previous "restore old UI" patch, in
pref-popups.xul you should move the domCbox.checked assignment outside the |if
(!domCbox)| clause.
  Personally I prefer this version. It doesn't use the (currently redundant)
popups pref panel at all. This eliminates the confusion between that and the
Advanced -> Scripts -> Open Unrequested Windows preference. This version also
does away with the privacy.popups preferences. I believe we plan to eliminate
these two prefs in the future, but for now they're redundant anyway. I'd like
to see them not part of the legacy prefs space if they're not going to be used.
Comment on attachment 108058 [details] [diff] [review]
restore old UI, alternate reading

sr=brendan@mozilla.org for 1.3a.

dveditz just had a baby daughter, I hear (congrats to mom and dad); maybe jag
can r= in his stead.

/be
Attachment #108058 - Flags: superreview+
Attachment #108058 - Flags: review?(jaggernaut)
Attachment #108058 - Flags: approval1.3a?
Comment on attachment 108058 [details] [diff] [review]
restore old UI, alternate reading

r=dveditz
Attachment #108058 - Flags: review?(jaggernaut) → review+
Comment on attachment 108058 [details] [diff] [review]
restore old UI, alternate reading

a=asa for checkin to 1.3a
Attachment #108058 - Flags: approval1.3a? → approval1.3a+
Comment on attachment 108058 [details] [diff] [review]
restore old UI, alternate reading

r=jag
"restore old UI, alternate reading" was checked in yesterday evening.
*** Bug 184804 has been marked as a duplicate of this bug. ***
*** Bug 184923 has been marked as a duplicate of this bug. ***
This stuff is in now.
Status: NEW → RESOLVED
Closed: 19 years ago18 years ago
Resolution: --- → FIXED
Wouldn't it be good to have a tooltip explanation for the icon when the mouse
hovers over it (like for the two other icons next to it)? 
Yes, it would.  Please file a bug on that... (assign to shliang, I guess.....)
Bug 194072 - No tooltip available for blocked popup icon in status bar. 	
Product: Core → Mozilla Application Suite
Component: XP Apps: GUI Features → UI Design
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.