onLoad popup can bypass blocker by submitting a form with 'target' attribute

VERIFIED DUPLICATE of bug 144726

Status

()

Firefox
General
VERIFIED DUPLICATE of bug 144726
15 years ago
15 years ago

People

(Reporter: Toby, Assigned: Blake Ross)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030516 Mozilla Firebird/0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030516 Mozilla Firebird/0.6

Some simple javascript code run on page load can automatically submit a form to
the desired popup URI, causing Mozilla Firebird to open a new window if the
'target' attribute of the form is set appropriately.

An HTML testcase will be attached immediately after submitting this bug.

The behaviour is identical for both http:// and file:// URI access to the
example page.

Reproducible: Always

Steps to Reproduce:
1. Download attached HTML testcase
2. Access testcase page through Mozilla Firebird, either as a local file or
through a web server.
Actual Results:  
A new window opens automatically, with the URI specified in the 'action'
attribute of the form that was submitted.

Expected Results:  
With popup blocking enabled, Mozilla should have prevented the original site
from opening the new window and presented the usual 'Blocked popup' icon on the
left of the status bar.
(Reporter)

Comment 1

15 years ago
Created attachment 127005 [details]
HTML testcase for this bug.

Comment 2

15 years ago

*** This bug has been marked as a duplicate of 144726 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE
Summary: onLoad popup can bypass the blocker by submitting a form with 'action' attribute set to popup URI. → onLoad popup can bypass blocker by submitting a form with 'target' attribute

Comment 3

15 years ago
verified.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.