Closed Bug 496040 Opened 13 years ago Closed 13 years ago

Limit amount of times a site can move/resize the window.

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 502561

People

(Reporter: Natch, Unassigned)

Details

I think if done smartly this can really mitigate a lot of these crappy attacks, such as:

http://sourmath.com (EXPLICIT CONTENT)

Sorry, took the url from another bug, not sure of another one. If a page attempts to move/resize the window 3 times within 3 seconds the page should be blacklisted. I think this can be combined with bug 61098, so that any one of the conditions will blacklist the site and lower its permissions so that it can't alert/prompt/confirm/showModalDialog or moveTo/moveBy/resizeTo/resizeBy/sizeToContent etc.

Lastly, I know there's a pref for this, and it is in the ui, however:

1) The pref is enabled by default.
2) The ui isn't all that discoverable to the common user.
3) I can't think of a legit reason for a site to resize or move a window 3 times within 3 seconds!
Flags: wanted1.9.2?
Duping to bug 502561 as there's a better description and STR there.
Status: NEW → RESOLVED
Closed: 13 years ago
Flags: wanted1.9.2?
Resolution: --- → DUPLICATE
Duplicate of bug: 502561
Interesting idea to make the heuristic be based on the number of resizes.  But I think that would have many of the same problems as the ideas in bug 29346 had for popups.
You need to log in before you can comment on or make changes to this bug.