This bug is reported as the issue in the module review and jrgm asked me to make a bug out of it.
Unless you tell how it is possible to do this, there's no meat in this bug report and no way that anyone can fix it. Also, is this just a denial-of-service attack rather than a security attack and, if so, shouldn't we open this report and probably mark it wont-fix. There are many DOS scenarios I can come up with that we know we won't/can't fix such as having a window open another instance of itself in its onunload handler, or even having a script that goes into an infinite loop of opening windows.
DoS attack so I won't object too much if this is going to become public. We came up with this during a security review. I can't remember how such a dialog can be made (maybe a popup menu that fills the screen?), but jag or some other XUL expert should know. We still want to fix DoS attacks as well (although they are not as urgent as security fixes), so WONTFIX does not sound good.
Investigate whether <xul:window onclose="event.preventDefault();return true;"/> (or is that return false?) can prevent the window from being closed. jrgm, would you have some time to test that?
Reassigning to jrgm. John, can you write a testcase for this?
Assignee: jaggernaut → jrgm
Just tried the test as described in comment 3, and it does not prevent the window being closed. I'm marking this WFM.
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → WORKSFORME
Removing confidential flag from resolved WFM bugs
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: shrir → xptoolkit.widgets
You need to log in before you can comment on or make changes to this bug.