Closed Bug 264078 Opened 20 years ago Closed 20 years ago

Unrequested popup window can be triggered if the function that creates it is called without using the trailing parantheses "()"

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 259117

People

(Reporter: tack, Assigned: bugzilla)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; rv:1.7.3) Gecko/20040913 Firefox/0.10 Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; rv:1.7.3) Gecko/20040913 Firefox/0.10 If you write a function that creates a popup and then call that function like this: window.onunload = functionName; instead of like this: window.onunload = functionName(); The popup blocker doesn't block it and you don't get a the warning before the event at the top of the page like you do when you have perens. Reproducible: Always Steps to Reproduce: 1. go to the page 2. leave the page (close the tab, go to a different page in that tab, etc) 3. Actual Results: I got the popup window specified in the script Expected Results: The software should have blocked the popup and warned me about it, just like it does if the developer had called the function with the parentheses at the end of the function name. This vulnerability is exploited sitewide at www.macworld.com. So it's already in the wild and used by professional developers.
try a later build, this should be fixed
I'm using Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1 and I can confirm this bug on WinXP and Fedora Core 2. I set up a page to test this at http://sandbox.royalrodent.com/popups/popinfresh.htm. It appears the popup is only triggered when closing a tab rendering a page w/ the onunload function. Refreshing the page blocks the popup, and the popup is suppressed when following a link from the page. If the page is open in a single window (no tabs open), popup is not rendered. I've also noticed that using onunload="functionName();" event listener in the body element will produce the same bug as if window.onunload = functionName; is used.
(In reply to comment #1) > try a later build, this should be fixed Partially: Popup doesn't pop up, but the warning isn't present like it should be.
"window.unload = functionName()" means call functionName right now and assign its return value to window.unload, this counts as an unrequested popup and is blocked (and assuming the function has no return, leaves window.unload === undefined). "window.unload = functionName" assigns the code (i.e. the function body) that functionName points to, to window.unload (which will be called when the window is closed). The reason the second one fails is that there was a hole in onunload popup blocking in Firefox 0.10, marking as a duplicate of that bug. *** This bug has been marked as a duplicate of 259117 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.