Closed Bug 258722 Opened 20 years ago Closed 20 years ago

Windows opened with window.open() always show location bar

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: nick.dixon, Assigned: bugzilla)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040826 Firefox/0.9.1+
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040909 Firefox/0.10

When opening a window with window.open(), the window always has a location bar

Reproducible: Always
Steps to Reproduce:
1. Extract and install the 20040909 non-installer build
2. Create and use a new profile
3. Enter the URL: javascript:window.open('about:blank','test','location=no');

Actual Results:  
A blank window appears, with a location toolbar at the top, across the full
width of the window, as though 'location=yes' were specified.

Expected Results:  
Should have shown a completely blank window with no toolbar.

Also shows the location bar when no location feature is used, eg.
javascript:window.open('about:blank','test','foo');

20040826 build doesn't have this problem. I don't know about the intervening
September builds.
If I understood correctly, this was done intentionally - as a "fix" for bug 22183.
(See especially bug 22183 comment 124 and onwards).
Yeah, that's by design. 

Security improvements
    * bug 22183 - Make the address bar visible in all pop-up windows to prevent
spoofing. (See also 252811.)

So mark this bug as WONTFIX or Duplicate if you agree.
*** Bug 258720 has been marked as a duplicate of this bug. ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
It may be by design, but there should be an option to turn it off from the preferences dialog. Why it is enforced? Many people will not dare to touch about:config if it is the only way to turn it off. Firefox should also be business friendly. It can be turned off on IE 7.0, if the aim is to duplicate whatever IE has in certain cases than why not also put a checkbox to the preferences dialog.
Perhaps there should be an option to allow the removal of the address bar for trusted domains. This would help make tidier corporate intranet solutions, whilst keeping general web browsing safe.
No, then you have to debug whether a user turned it off or the code which opened it turned it off.
FYI, about:config, dom.disable_window_open_feature.location, false. Done.
You need to log in before you can comment on or make changes to this bug.