Closed
Bug 241571
Opened 20 years ago
Closed 20 years ago
RFE: JavaScript: Add preference to ignore options parameter in window.open (security and ease of use)
Categories
(SeaMonkey :: General, enhancement)
SeaMonkey
General
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 107949
People
(Reporter: mspjunk, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7b) Gecko/20040421 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7b) Gecko/20040421 This is a request for enhancement. I propose that a configurable preference is added that would cause the third parameter of method window.open (options) to be ignored. Either all or selected options could be ignored, meaning that they would take values that are default for the standard browser window. Most important candidates for ignoring are options location, menubar and toolbar, for the following reasons: location - hiding the location bar is a security problem, as it facilitates URL phishing. menubar, toolbar - hiding these UI elements disables access to many important features, most notably printing. If this RFE is implemented, a user would be able to see menu, toolbar and location on every page that he/she visits. Alternatively, if windows.open call requests that menu bar and/or toolbar are hidden, they could be shown in a collapsed form, with clickable "handles". User would then be able to click on collapsed bars and bring them into view. Yet another alternative is to obey options parameter (as it is done now), but to add an item "Show Hidden Bars" to the right-click context menu for windows that hide UI elements. Reproducible: Always Steps to Reproduce: N/A
Comment 1•20 years ago
|
||
> selected options could be ignored, meaning that they would take values that are > default for the standard browser window ... > Most important candidates for ignoring are options location, menubar and > toolbar You mean like: user_pref("dom.disable_window_open_feature.location", true); user_pref("dom.disable_window_open_feature.menubar", true); user_pref("dom.disable_window_open_feature.toolbar", true); etc? That works already. *** This bug has been marked as a duplicate of 107949 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Comment 2•20 years ago
|
||
Thank you. Seems to be working. Rarely I see a feature that is so well hidden. Maybe these settings could be added to Edit | Preferences | Advanced | Scripts & Plugins | Allow Scripts to? The pref "dom.disable_window_open_feature.status" is already there. By the way, default Bugzilla search doesn't return bug 107949 when searching for "window.open" (I did that search before posting, but I forgot that it is necessary to select all items on "status" list to search all bugs).
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•