Closed Bug 263338 Opened 21 years ago Closed 21 years ago

browser not able to handle the close button in https site- A simple javascript is not working

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
1.7 Branch
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 117222

People

(Reporter: mayur.prasad, Assigned: aaronlev)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; rv:1.7.3) Gecko/20041001 Firefox/0.10.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; rv:1.7.3) Gecko/20041001 Firefox/0.10.1 I have logged out from a secure site(one financial site) and they offered to close the browser by clicking the close button. Infact it works well in IE. This is a simple javascript which provides a button to close the browser for security purpose( to protect my password). Srry to say I have installed firefox for the first time and this is my first webpage I used :(. This I think should be addressed. Reproducible: Always Steps to Reproduce: 1. login to one secure site(www.somebank.com) 2. logout of the site 3. if they provide an option to close by placing a close button in the page, click it. It will not be closing. ===========source of the page if U need======= <center> <span class=t6>Thank you for Visiting</span><br><br> <span class=t6>To protect your password,<br> we suggest you <input type="BUTTON" value="CLICK HERE" onclick="parent.window.close()" class="genbutton"> and exit from the browser.</span> <br><br> <!-- <Ainput type="BUTTON" value="&nbsp;Exit&nbsp;" onclick="parent.window.close()"> --> <!-- Style="background:maroon;color=white" --> <input type="HIDDEN" name="context" value="0001006" > </FORM> </BODY> </HTML> Actual Results: browser did not closed as expected Expected Results: browser should be closed and the cookies should be removed to protect the password. security is more concerned here
Thanks for your report. Ignorance of window.close() (if the site didn't open that particular window) is by design, I think. I don't think a site should have the ability to mess with my window. Secondly, closing the window doesn't clear the session cookies, that happens only, if you completely exit the browser. Assuming that you have only this one window open is stupid (by the site). In any case, the site should not rely on this - if it does offer a logout/close, it should invalidate its cookies on its own, on the server side, by calling a logout page (which has a server-side script to clear the cookies on the server). The code you cited does not do that, sounds like incompetence on the bank's side to me. Which bank is that? Suggesting INVALID or move to Evangelism. Suggesting removal of security flag.
Severity: major → normal
Component: Accessibility → DOM
Product: Firefox → Browser
Version: unspecified → 1.7 Branch
Can't move to evangelism because we don't know what site it is. Even if the close button worked on an inherited window this site wouldn't get the IE-specific effects it is apparently assuming due to differences in how sessions are handled. *** This bug has been marked as a duplicate of 117222 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.