Closed Bug 542229 Opened 14 years ago Closed 13 years ago

onbeforeunload should limit number of newlines, can hide the buttons

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 588292

People

(Reporter: tor.klingberg, Unassigned)

Details

Attachments

(1 file)

Screenshot showing the problem
10.22 KB, image/png
Details 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20100106 Ubuntu/9.10 (karmic) Firefox/3.5.7
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20100106 Ubuntu/9.10 (karmic) Firefox/3.5.7

If onbeforeunload returns a string with many newlines, the Ok and Cancel buttons will be pushed below the bottom of the dialog box, and there will be no way to leave a page except pressing enter on the keyboard. This can be used by malicious sites to prevent visitors from leaving. Below is example code that works at least on a 1024x576 screen.

<html><head>
<script language="JavaScript">
  window.onbeforeunload = confirmExit;
  function confirmExit()
  {
    return "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n";
  }
</script>
</head><body>
Try closing this page.
</body></html>

This would be prevented if excessing newlines are stripped, just like very long strings are truncated. Perhaps some other special characters should also be stripped. Related to bug Bug #246365.

Reproducible: Always

    
  
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE

          You need to log in
          before you can comment on or make changes to this bug.