Adding rule exceptions for allowing popup windows for frames and redirecting URLs

NEW
Unassigned

Status

()

Core
XUL
--
enhancement
15 years ago
10 months ago

People

(Reporter: nrlz, Unassigned)

Tracking

Trunk
x86
Windows XP
Points:
---
Bug Flags:
blocking-aviary1.0PR -
blocking-aviary1.0 -

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 obsolete attachment)

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3) Gecko/20030312
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3) Gecko/20030312

Adding rule exceptions for allowing popup windows can be difficult.

The dialog window for "manage popup permissions"/"popup exceptions", only helps
if you know the URL that the popup is originating from. If the popup window is
originating from inside a frame or a redirecting URL, the user has no chance to
catch the URL in order to enter it into the popup exceptions box.

For example, the CNET (www.cnet.com) video window is shown on a popup window.
But the popup window is launched in a peculiar way. It launches by directing the
browser to another webpage which has a popup window attached to the
document.onload() tag. Then the browser is redirected back to the originating
webpage. Since that popup is loaded by document.onload(), it won't show. Since
the redirected page is only shown for 1 second, there is no way for me to read
the URL in time to add it to the popup exceptions page.

(Adding the URL of the popup window will not work if it is on a different domain
to the site which issued the window.open.)

The same analogy can apply to a frame or iframe from a different domain.

Reproducible: Always

Steps to Reproduce:



Expected Results:  
I propose an enhancement which caches a list of previous attempts to open popup
windows. This list should be presented on the "manage popup permissions"/"popup
exceptions" dialog box so that users can pick the domains to add. This cache
only needs to persist until the session is over or within say the last hour.
(Reporter)

Updated

15 years ago
Summary: Adding rule exceptions for allowing popup windows can be difficult → Adding rule exceptions for allowing popup windows for frames and redirecting URLs
question:

what URL does clicking on the "supressed popup" icon in the status give you ?

- if it is the correct one, does this not solve your problem ?
- if it is not the correct one, which url does it give ?
(Reporter)

Comment 2

15 years ago
Answer:
The "supressed popup" icon in the status doesn't show because I am redirected
away immediately from the page which issued the window.open command. From my
observation, once I am redirected to a new page, the suppress icon disappears.

This is hard to phrase. Say for example:

1. I visit [http://news.com.com]
2. I click on the link
[http://news.com.com/redir?destUrl=http://news.cnet.com/video]
3. My browser opens [http://news.cnet.com/video/]
4. Webpage tries to open a popup window /* gets cancelled by Mozilla */
5. Popup icon appears in status bar /* it doesn't really but it should */
6. I am immediately redirected back to [http://news.com.com] by javascript or
meta tag
7. Popup icon disappears.

For the split second at stages 3 to 6, I cannot capture the webpage I just
visited. The popup icon doesn't persist long enough for me to click.
(Reporter)

Comment 3

15 years ago
Created attachment 120794 [details]
test file 2 - opens a popup
(Reporter)

Comment 4

15 years ago
Comment on attachment 120794 [details]
test file 2 - opens a popup

Ignore. Attachment doesn't work.
Attachment #120794 - Attachment is obsolete: true
(Reporter)

Comment 5

15 years ago
Okay I tried to create a test file but it doesn't work because I need access to
two different domains.

The test was suppose to show that the "popup windows icon" on the status bar
will disappear when the browser visits a page of another domain.
given the steps in comment 3 , I have now been able able to reproduce this.

The way I see it:
* the supresss icon appears correctly when the window it being opened.

However, since the page is afterwards redirected then the icon is removed again
before the user has a change to act on it.

I my case I was looking for it and saw the icon blink, but normal users may not
even notice it.

Since I have found no dupe, I'm confirming this bug
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 7

15 years ago
*** Bug 206846 has been marked as a duplicate of this bug. ***

Comment 8

15 years ago
*** Bug 225569 has been marked as a duplicate of this bug. ***

Comment 9

15 years ago
*** Bug 193337 has been marked as a duplicate of this bug. ***
*** Bug 221778 has been marked as a duplicate of this bug. ***
some web pages open a popup window and then redirects the main window to a new
site, for example http://www.telia.se/visaMMS

the blocked poup at the URL above is a site login window.
Flags: blocking-aviary1.0PR?
*** Bug 242190 has been marked as a duplicate of this bug. ***
*** Bug 248338 has been marked as a duplicate of this bug. ***

Comment 14

14 years ago
Is there any fix in sight here? Would any fix have l10n impact for ffox 1.0?

Comment 15

14 years ago
danm, what say you?
Assignee: jag → danm.moz

Comment 16

14 years ago
think we would just need to show existing ui....

no patch so we will have to try and get this for 1.0
Flags: blocking-aviary1.0PR?
Flags: blocking-aviary1.0PR-
Flags: blocking-aviary1.0?

Comment 17

14 years ago
I have run into a similar issue using Gecko/20040913 Firefox/0.10.  We have a
PeopleSoft Enterprise Portal that displays most content within 3 frames.  The
top frame is a header, the left frame is an Enterprise Menu and the right frame
contains the content, we will call this last frame the content frame.  The
content frame usually shows pages from different servers.  The HTML for usually
looks like this:

<frameset border="0" frameborder="no" framespacing="0" rows="100,*">
    <frame name="UniversalHeader" title="Portal Header" scrolling="no"
frameborder="no" noresize src="https://server1.com/1.html">
    <frameset id="SubFrame" border="0" frameborder="no" framespacing="0"
cols="195,*">
        <frame name="NAV" title="Menu Navigation" frameborder="no"
scrolling="auto" noresize src="https://server1.com/2.html">
        <frame name="TargetContent" title="Main Content" scrolling="auto"
frameborder="no" noresize src="https://server2.com/3.html">
    </frameset>
</frameset>


Now if the content frame tries to pop-up a window, Firefox blocks it.  However,
if I want to allow the pop-up from the content frame and click on the pop-up
option bar, Firefox will all the servername.domain for _server1_ in the above
example instead of correctly adding the servername.domain name for _server2_
which issued the pop-up.

This has thrown many of our corporate users a curve ball.  One suggestion might
be to allow *.domain to the pop-up exception list.  This way admins could add
their corporate domain name to the exceptions list and have all pop-ups for the
corporate intranet be allowed.  As it is  now, we have to add,
server1.company.com, server2.company.com, server3.company.com,
server3.company.com, etc.  With a few hundred servers and tens of them serving
web applications, it is not the most efficient method.

Thanks for making the best browser available on _all_ platforms and bringing
fresh life to the web.

Best,

James Drabb JR
Senior Programmer
Darden Restaurants
Business Systems
JDrabb at Darden dot com

Comment 18

14 years ago
comment 17:

>This has thrown many of our corporate users a curve ball.  One suggestion might
>be to allow *.domain to the pop-up exception list.

The *.domain is implied. If x.y is allowed, then all subdomains are also allowed.

Comment 19

14 years ago
let's try and get this one for 1.0
Flags: blocking-aviary1.0? → blocking-aviary1.0+
Flags: blocking-aviary1.0+ → blocking-aviary1.0-

Comment 20

14 years ago
*** Bug 284990 has been marked as a duplicate of this bug. ***

Updated

13 years ago
Assignee: danm.moz → nobody

Comment 21

12 years ago
bc suggested that this is likely the cause of the disappearing blocked popup status bar icon when visiting http://cnn.com currently using todays trunk and 1.8 branch builds.

Updated

7 years ago
QA Contact: jrgmorrison → xptoolkit.widgets
You need to log in before you can comment on or make changes to this bug.