Closed Bug 56296 Opened 25 years ago Closed 24 years ago

[RFE] Pref to disable target=_blank

Categories

(Core :: Layout: Images, Video, and HTML Frames, enhancement, P3)

Product:
Core
Component:
Layout: Images, Video, and HTML Frames
Type:
enhancement

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9

People

(Reporter: gmiller, Assigned: akkzilla)

References

Details

Attachments

(6 files)

patch in docshell
2.77 KB, patch
Details | Diff | Splinter Review
New patch incorporating buster's suggestions
2.15 KB, patch
Details | Diff | Splinter Review
Default pref value (forgot to attach earlier)
251 bytes, patch
Details | Diff | Splinter Review
Patch incorporating Brendan's suggestions
2.14 KB, patch
Details | Diff | Splinter Review
New patch: reformat, remove a null check
2.16 KB, patch
Details | Diff | Splinter Review
Complete patch with new functionality: disable target for any new window
3.73 KB, patch
Details | Diff | Splinter Review
It'd be very nice to have an option to prevent web sites from opening windows on my computer without my permission. target=_blank is the most common offender.
I like that suggestion. :)
Severity: normal → enhancement
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Target Milestone: --- → Future
That would be great (and is also discussed in bug 29346).
Clarification: I said "disable" but I really should have said "treat it as target=_top". Otherwise, framed sites would be even more annoying :)
Here's a patch to put it in docshell, on a preference "browser.disallowPopupWindows". It doesn't apply to chrome or resource urls, so dialogs and new windows can still come up; it doesn't override middleclick or the context menu to bring up a new window explicitly. I made it change _blank and _new to _top since I agree with gmiller's comment. Reviews and opinions solicited.
s/user_pref/pref/ Otherwise, looks... simple! :-)
Adding buster: Steve, would you be the right person to super-review this?
I'm not the worst choice, I guess. 1) please send a note out to reviewers@mozilla.org to solicit more feedback. 2) in this code: + char* scheme = 0; + aURI->GetScheme(&scheme); + if (nsCRT::strcmp(scheme, "chrome") && + nsCRT::strcmp(scheme, "resource")) + { + static char* top = "_top"; + aWindowTarget = top; + } + nsMemory::Free(scheme); A) you must check "scheme" for null before passing it to strcmp() or Free() B) I don't know if nsMemory::Free() is the right de-allocator or not, so this is just a nag to double-check.
Thanks for looking at it, and for the suggestions. A) nsCRT::strcmp does check its arguments for null, which I was relying on. I have no objection to adding an extra null test, though, in case the implementation of nsCRT ever changes. B) GetScheme uses nsCRT::strdup. Turns out that there's an nsCRT::free with a CRTFREEIF macro. I'll change it to use CRTFREEIF, so regardless of the implementation it'll be right (unless the URI class changes :-).
it's too bad we need to allocate a string here at all. I wish you could just get a const ref to the string you need. Maybe suggest that to whoever owns the interface?
If you need another reviewer, you can mark this r=pollmann@netscape. I've looked over the changes and it all looks good to me! Akkana, if you would like to take this bug so when it is fixed it goes on your list, please be my guest. :) (FWIW, I've applied the patch and will report back if I notice anything out of the ordinary - great work!)
Thanks! Yes, I'll take the bug since it'll make it easier to query (I keep losing the bug number).
Assignee: pollmann → akkana
Status: ASSIGNED → NEW
Status: NEW → ASSIGNED
Please excuse my interjection of pref name quibbles. - you aren't disabling "popups", at least not all of them and especially not the most hated ones that happen by themselves (i.e. window.open()). You're disabling the targeting of a new window in a link. - prevailing pref style is to use underscores to separate word parts, not StudlyCaps - forms with "enable" are preferred to "disable" 34 to 5; there are a further 9 "allow" prefs and no "disallow". maybe something like: browser.target_new.enabled browser.target_new_allowed Are there going to be more prefs like this? If so maybe we should invent another level to group these under (and if you do that I'd be less averse to starting the specific node with the generic enable/disable/allow ) browser.spamgard.allow_target_new
Interjection excused, and you're probably right about the word "popup". I have no objection to changing the pref name. I'd lean toward browser.target_new_allowed over the other one because browser.target_new. implies that there might be other prefs relating to target_new, and I can't imagine what they would be. Anyone have any objection to that pref name? There are already other spam-guarding prefs, but they're scattered to the wind because they're potentially used for other things as well (like the JS capability prefs, and the animated image pref, and the various cookie prefs).
Would this work under capability.policy.annoyances, like the pref akkana mentioned in bug 29346? By the way, shouldn't the pref redirect all cases where a link opens in a new window to the top of the current window, and not just _new and _blank? It's trivial to set each link on a page to a different target.
I agree, I'd like to see what someone suggested in bug 29346, and block any target that doesn't have a window currently open. That's harder, though, so I was hoping to get this weaker fix in first. Note, the pref name browser.target_new_allowed still fits since the stronger behavior would still look for any new target (as opposed to targets matching the string "_new"). Though browser.new_target_allowed might be a little clearer. The capability.* prefs are an elaborate and general JS mechanism and I don't think this pref should get mixed up with them even if it has behavior vaguely similar to one of the capability prefs.
Target Milestone: Future → mozilla0.9
+ if (mDisallowPopupWindows && + (!nsCRT::strcmp(aWindowTarget, "_blank") || + !nsCRT::strcmp(aWindowTarget, "_new"))) + { + char* scheme = 0; + aURI->GetScheme(&scheme); nsXPIDLCString scheme; rv = aURI->GetScheme(getter_Copies(scheme)); and maybe check rv? + if (scheme && + nsCRT::strcmp(scheme, "chrome") && + nsCRT::strcmp(scheme, "resource")) + { + static char* top = "_top"; + aWindowTarget = top; Why burn four bytes on a static char *? If you want a string constant, use const char top[], not a mutable pointer. But if there is only one use of "_top", there is no gain in making a string constant. Just use "_top". + } + CRTFREEIF(scheme); It seems best to me to use nsXPIDLCString, but if not, then move the nsCRT::free inside the then statement governed by just if (scheme) {...}. It is too bad that we can't test URI scheme without making a copy. Two years ago in porkjockeys, I recall we talked about a hasScheme method into which one could pass a string owned by the caller. Cc'ing Necko buddies. Is there a different way that we could distinguish chrome: and resource: URIs here? Cc'ing hyatt. /be + } +
hasScheme? what would it look like? something like, in C++: nsResult nsIURI::IsScheme(const char* urlScheme, PRBool **retval)?
IDL first: boolean hasScheme(in string scheme); C++ generated by xpidl (modulo cosmetics): NS_IMETHOD HasScheme(const char *aScheme, PRBool *_retval); I suggested 'has' rather than 'is', because 'is' seems too close to OOP is-a, and implies an equivalence relation -- but maybe I'm splitting hairs. /be
if i recall, gagan was preparing a patch for this... there are lots of places where we are forced to do the extra string copy. i don't know if there is already a bug open for this change... gagan?
I already have these changes sitting with me for the longest time... I had of course used isScheme and I agree that hasScheme makes more sense. I will clean that up and check in the changes soon. I had another bug which talked only about optimizing the scheme compares but I can't find it now.
The CRTFREEIF(scheme) call was where it was because otherwise there would have been a memory leak in the chrome/resource case. But the nsXPIDLCString model sounds better, so I've changed it to that, removed the CRTFREEIF, and eliminated the static char*. When gagan's new API goes in, we should change this code to use it and eliminate the copy, but I hope we can check this one in in the meantime. Do we have a bug number for the scheme checking API? There are a few other calls which should also be changed when that becomes available.
Sorry to pick nits, I'll stop after this round: + if (mDisallowPopupWindows && + (!nsCRT::strcmp(aWindowTarget, "_blank") || + !nsCRT::strcmp(aWindowTarget, "_new"))) + { + nsXPIDLCString scheme; Switching from two-space to four-space indentation(c-basic-offset)? Modeline violation alert! + nsresult rv = aURI->GetScheme(getter_Copies(scheme)); + if (NS_SUCCEEDED(rv) && scheme && I believe scheme must be non-null (or convert to a non-null char pointer, I mean) if NS_SUCCEEDED(rv). Robustification can be appropriate when dealing with buggy implementations, but it leads to overcomplicated, obfuscated code. I say one test here should suffice -- Necko guys school me if I'm wrong. + nsCRT::strcmp(scheme, "chrome") && + nsCRT::strcmp(scheme, "resource")) + { + aWindowTarget = "_top"; + } + } + (BTW, my argument against CRTFREEIF last time was that you could split the if condition, making 'if (scheme) { if (...) {...}; nsCRT::free(scheme); }' to minimize the logic. But nsXPIDLCString rules.) /be
I agree. We don't want to hold this bug hostage for my checkins to go in. Since it is being tracked in a separate bug, I'd say go ahead with this one. Whenever I find the bug number I will add it here.
Four-space indentation: I agree with you in principle, but it's how the rest of that method (and most of the methods around it) are formatted, and I always try to adapt to the existing formatting of files I don't own. Won't it hurt readability to format this clause inconsistently with the rest of the routine? Should I reformat the whole method? (To 4-space tabs, to be consistent with the emacs mode line?) I'll do whatever you think best; I'm format agnostic as long as you don't tell me to use tabs. :-) Not checking scheme: it makes me nervous to assume things like that. The last time I removed a null check based on a review comment that it could never happen, it haunted me for many months and at least three crash bugs. I'll take it out if you really want me to, but only if I can add a comment saying something like "Necko group [or Brendan?] says this can never be null" so people know where to assign the bugs if the impossible happens.
"supposedly redundant" checks is what assert/PR_ASSERT/NS_ASSERTION/etc are for, right? :-)
No tabs, period. I don't see other functions using two spaces for the first tabstop, then indenting by four space units. Rather, I see lots of travis three-space insanity, but we're all trying to get rid of that. Who owns nsDocShell.cpp now? mscott? I think the modeline should establish a norm that patches then implement, piecemeal or all at once. Don't keep doing random indentation just because someone who no longer works on Mozilla did. What dveditz said. If GetScheme returns null with NS_OK, it's a bug. If GetScheme returns a garbage pointer, there's no defense. Practically speaking, we have time to shake out bad impls with assertions. /be
Okay. In fact, the null check turns out not to matter because nsCRT doesn't do anything bad if its argument is null. I retract my opposition and will remove the null check. I didn't put an assert in because I'd have to rewrite the logic of the if clause to do that and the failure mode turns out not to be a problem. And I'll indent the whole new clause consistently with four spaces (in line with the emacs mode line and most of the indentation in the file).
For those interested, I created bug 66577 since I couldn't find the orig one. This new bug deals with the scheme comparison changes.
In those patches I never changed the pref name. How about "browser.target_new_blocked" (instead of _allowed, so as not to change the logic and to make the default false)? Then the only changes needed to the patch are the two lines, in all.js and nsDocShell::Create(), which reference the pref name.
The proposed prefname browser.target_new_blocked sounds fine
I couldn't resist (and it turned out to be easy): I added the extra code to disable all target= if it refers to a window that doesn't exist. It's only a small addition (though the logic has been changed slightly to accomodate the new clause), and I couldn't stand all the warnings any more (there were some new ones today), so I also made some warning fixes for all the warnings that were fixable without changing logic (I'll file a bug on the remaining warnings).
BTW, it seems like a bummer that FindItemWithName requires a unicode string when it's doing most of it's comparing against ascii strings using EqualsWithConversion, so all of its callers have to convert to unicode just so that the strings can be converted back at compare time. It's awfully tempting to change it to use ascii. Who owns docshell and might be able to rule on this? Should I file a separate bug?
mscott and rpotts know docshell. In the classic codebase, window (target) names were constrained to be ASCII, IIRC -- maybe even alphanumeric, with no underscores anywhere. Anyone remember? /be
Filed bug 66746 on the FindItemWithName issue. It's a bug either way.
Now that you mention "_top" twice, may as well label a static const char array holding those bytes. Do that, and r/sr=brendan@mozilla.org, whichever helps. /be
r=dveditz for the 1/26 patch. Changing FindItemByName() doesn't belong in this patch, it's a separate issue.
Fix is in! And I updated the customizing document with the new pref.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
I realize that this is fixed, but I was wondering if we might do some unification of like items here and have the target-opens-new-window behaviour keyed off the same security policy item as the window.open DOM-manipulation control? Maybe people want it to be different, but I've always thought that it should be "content can't open new windows", rather than "just disable window.open for DOM-manipulating things".
I want those to be different prefs (because I'd have window.open disabled and target="_blank" enabled), but I would like them to sit next to each other in the prefs wnidow.
Marking verified per last comments.
Status: RESOLVED → VERIFIED
See also bug 70990, "need 'open in the same window' option in context menu."
*** Bug 39401 has been marked as a duplicate of this bug. ***
It looks like this preference is being renamed to browser.block.target_new_window, from Bugzilla Bug 78037 [RFE] Ability to prevent link from opening in new window.
*** Bug 240581 has been marked as a duplicate of this bug. ***
Product: Core → Core Graveyard
Component: Layout: HTML Frames → Layout: Images
Product: Core Graveyard → Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: