Closed
Bug 66797
Opened 24 years ago
Closed 24 years ago
Clicking on a window.close() link closes the window without asking user for confirmation
Categories
(SeaMonkey :: General, enhancement)
SeaMonkey
General
Tracking
(Not tracked)
People
(Reporter: nrussell, Assigned: asa)
References
()
Details
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; 0.7) Gecko/20010109 BuildID: 2001010901 I think the summary says it all on this one. I have only been able to test this under Win98 SE, but Internet Exploiter prompts before closing. My test page, as can be seen, uses extremely simple, hand-written HTML, so I sincerely doubt that any other aspect of the page is to blame. Also, it seems to happen that Mozilla does not always exit when the only open window is closed by this means; thus, it may be necessary to use CTRL-ALT-DEL or a third party utility to kill off Mozilla before another copy can be started. Since I don't know much HTML, I have not tried creating a page with an auto-redirect to that javascript command, but if such is possible it would be an obvious exploit. Reproducible: Always Steps to Reproduce: 1.Go to my test page, mentioned at the top of this bug report. 2.Click on the link. 3. Actual Results: Window closed instantly, without prompting for confirmation. Expected Results: Prompt the user.
Comment 1•24 years ago
|
||
Marking NEW. This is not implemented yet.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows 98 → All
Hardware: PC → All
If that's going to be implemented, then I like to have a pref setting (with of without UI) for switching it on and off.
Reporter | ||
Comment 4•24 years ago
|
||
First of all, I don't know what an RFE is. Second, IMHO, the best idea would be to allow javascript to close windows that were created by javascript, such as a pop-up poll.
Nathan, RFE stands for Request For Enhancement. Mozilla does not support this
function yet, so that makes it an RFE. RFE's are marked in the summary with
[REF] at start, and you might do that also.
I don't know what the reason is not to implement this feature, but maybe web
authors don't like this! I'm sure someone else can answer that question.
note: I'm not so happy with the fact that web authors get a free hand in closing
the main browser window!
>Also, it seems to happen that Mozilla does not always exit when the only open
>window is closed by this means; thus, it may be necessary to use CTRL-ALT-DEL or
>a third party utility to kill off Mozilla before another copy can be started.
Sorry but I can't confirm that with build 20010122505 on WinNT4.
Comment 6•24 years ago
|
||
<offtopic> Actually RFE's are marked as "Severity enhancement". [RFE] in the summary is just a plain bad idea IMHO. Please avoid it. </offtopic> Brendan, do you think we should display this kind of alert if the user is closing a javascript dialog?
Thank you very much Håkan, you are correct :) Nathan, I'm learning day by day. To be correct, the Severity should be set to "enhancement", but other people on Bugzilla like to have the text [RFE] in the summary, to make it more visible for them, and I agree.
Reporter | ||
Comment 8•24 years ago
|
||
I'm sorry. I set it as a regular bug, simply because I felt that it was a pretty severe risk - especially since I can think of meta redirects, mouseover images and half a dozen other exploits. I should note that I haven't actually tried any of those, due to my limited knowledge of JS, but I know of no sure reason they wouldn't work. Changing to 'enhancement'. IMHO - I'm only a college freshman - sites should be allowed to close javascript windows, e.g. polls and popup ads. Any other solution, say, having to confirm every time one clicked 'okay' in a popup dialogue, would simply be too annoying.
Severity: normal → enhancement
There's already a javascript security system. Ideally it would allow Deny, Prompt, Allow for each thing it controls. I suspect we already support this.
Comment 10•24 years ago
|
||
Timeless, you mean we support it but haven't enabled it?
Updated•24 years ago
|
Assignee: rogerl → asa
Component: Javascript Engine → Browser-General
QA Contact: pschwartau → doronr
Comment 11•24 years ago
|
||
Browser, not engine. Reassigning to Browser-General for disposition -
Reporter | ||
Comment 12•24 years ago
|
||
Sorry for being lazy last night... I have written a meta redirect exploit, which is at http://www.acsu.buffalo.edu/~nrussell/crashmoz.html. Note that this is the URL of the <b>actual page</b> containing the exploit. There is no way to avoid this type of link short of viewing the page source before visiting the page.
Comment 13•24 years ago
|
||
i think this is a dupe of bug 29346. mstoltz: please verify if that bug can indeed solve the original complaint of this bug. Nathan: this bug should not be a crasher. There are other bugs about us crashing on window close, I'm sure you can find them. *** This bug has been marked as a duplicate of 29346 ***
Status: NEW → RESOLVED
Closed: 24 years ago
QA Contact: doronr → mstoltz
Resolution: --- → DUPLICATE
Comment 14•24 years ago
|
||
I don't think this is a dup of the pop-up window bug. It might be a dup of bug 36050 or bug 32571.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Comment 15•24 years ago
|
||
Jesse is correct, 32571 describes this issue. I agree that a script should be restricted in what windows it can close. This is on my list. *** This bug has been marked as a duplicate of 32571 ***
Status: REOPENED → RESOLVED
Closed: 24 years ago → 24 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•