I see this bug. My build ID is: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7a) Gecko/20040104 Firebird/0.7+
Probably the same as bug 226962.
Assignee: general → jag
Component: Browser-General → XP Apps
QA Contact: general → pawyskoczka
Unfortunately, there is really no way to tell that this is abusive -- this technique is used by far too many respectable sites (cnn, new york times, weblogs, etc).
This is bug 227338 (it helps to search for closed bugs when you're looking for duplicates :-)). As I said in that bug, this script is equivalent to simply writing a web page with click handlers that open new windows. These aren't really popups. And as Boris said, I think it's impossible to distinguish between these pseudo-popups and genuine content. If we hamstring script in the name of "popup" protection, people will simply begin hardcoding these click handlers. Worse, we become incompatible with legitimate websites. It's out of the question. And obviously, we can't hardcode into the client the voiding of functions named buildExitHandler on Lycos sites. Also, on the subject of guarding against document.getElementsByTagName('A'), note that the site mentioned in bug 227338 uses document.links. However, as the practice becomes more common, it gets more annoying. See bug 227338 comment 2. Also see bug 197919, which suggests Mozilla make click handlers subject to popup protection. That too would solve this problem, for now. *** This bug has been marked as a duplicate of 227338 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.