Open
Bug 209134
Opened 21 years ago
Updated 2 years ago
named unload handler popup windows are not blocked
Categories
(Core :: DOM: Core & HTML, defect, P5)
Core
DOM: Core & HTML
Tracking
()
NEW
People
(Reporter: danm.moz, Unassigned)
References
Details
Attachments
(1 obsolete file)
An offshoot of bug 208862, this is an obscure scenario where a popup window can sneak itself past the popup blocking code. Popup windows targeted to a named window are not blocked if that named window exists, since the result is after all not a new window. But it should be blocked if that named window is being destroyed at the time. Practically speaking, I believe this can only be exploited by an unpleasant page that opens a new named window which itself contains an unload handler that opens a popup window into a window with the same name. That first new named window can be a non-popup opened in response to some user action, or it can be a popup if the user has not yet disabled popups. This is an explicit attack and unlikely to happen by accident. The site mentioned in bug 208862 does exactly this, except the popup windows are opened into a window named "_blank". That attack has been fixed. Left unfixed is the less likely case where the popup window has some legitimate, non-reserved name. The result is a window that opens a new copy of itself every time the user attempts to close it, regardless of whether the popup blocker is active. It's impossible to close down Mozilla without killing the process.
Comment 1•20 years ago
|
||
Also "non-named" window.open() in onUnload are not blocked. Strange enough they ARE blocked if you load a new page over the one which wants to popup with a Bookmark-Toolbar button. Put one of the following in a <html><head></head><body ...></body></html> page, <body onUnload="window.open('http://www.somesite.com/','_blank');"> <body onUnload="window.open('http://www.somesite.com/','whatever');"> put the page online, open a tab (or two), load the page, click "close tab" button (top right) or select "Close Tab" from tab-menu.
No, that's bug 259117, fixed three weeks ago. When thinking of adding a new bug, it helps if you expand your search to include bugs that have already been fixed.
Comment 3•20 years ago
|
||
Comment 4•20 years ago
|
||
(In reply to comment #2) > No, that's bug 259117, fixed three weeks ago. Not really, the following are sites which demostrates this kind of popup: http://www.popup-killer-review.com/simplepop2.htm http://gals.graphis.ne.jp/index2.html (warning: a porn site)
Comment 5•20 years ago
|
||
Edited: sorry, it is really bug 259117. My mistake. Please ignore my previous comments.
Depends on: 259117
Attachment #161743 -
Attachment description: A minimal testcase → inapplicable testcase
Attachment #161743 -
Attachment is obsolete: true
Comment 7•6 years ago
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046 Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5. If you have questions, please contact :mdaly.
Priority: -- → P5
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
Updated•2 years ago
|
Severity: minor → S4
You need to log in
before you can comment on or make changes to this bug.
Description
•