Closed Bug 410247 Opened 17 years ago Closed 17 years ago

alert, conform, prompt in unload should throw security error

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 391834

People

(Reporter: BijuMailList, Assigned: dveditz)

Details

At least till bug 61098 not fixed alert(), conform(), prompt() in unload event handler should throw security error. This is a Security and Phishing issue.

Also similar handling needed for print(), <input type=file>.click() and location = "http://anysite/newpage.html";


Reason:-
* Goto http://www.raygoldmodels.com/
* press ctrl+W


PS:credits to bug 410220 reporter
I don't think that's a good idea. onunload is very much used for "good" web applications use cases of asking if the user really want to exit the page.
Magnus, you're probably thinking of the browser's onbeforeunload dialog, which can include *some* text specified by the web site and gives users a chance to cancel leaving the page.  Alerts during onunload are different: they can't let users cancel leaving the page, and I think they're abused more than they're used for "legitimate" purposes.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
No longer blocks: alertloops
You need to log in before you can comment on or make changes to this bug.