Open
Bug 669045
Opened 13 years ago
Updated 2 years ago
Pop-unders are still possible
Categories
(Core :: DOM: Core & HTML, defect, P5)
Core
DOM: Core & HTML
Tracking
()
NEW
People
(Reporter: jruderman, Unassigned)
References
()
Details
(Keywords: testcase, Whiteboard: [should be fixed by bug 675574])
Attachments
(1 file)
423 bytes,
text/html
|
Details |
The patch in bug 369306 was supposed to make pop-unders impossible (turning them into pop-ups), but http://megadownload.net/ somehow has an onclick pop-under.
Comment 1•13 years ago
|
||
It seems like nsGlobalWindow::Focus() is called on the main window and canFocus is set to 0 but despite that, the window is still focused. I tried to return if canFocus is equal to 0 but that doesn't seem to change anything. So, now, I wonder how the window could be focused without being a bug in the widget/ code. It would be interesting to check what's happening on Windows actually.
Updated•13 years ago
|
OS: Mac OS X → All
Hardware: x86_64 → All
Comment 2•13 years ago
|
||
Took me nearly the entire afternoon but I've finally found what's happening. You can enjoy this self-explanatory testcase too ;)
Updated•13 years ago
|
Keywords: testcase-wanted → testcase
Comment 3•13 years ago
|
||
Two interesting facts about this test case: 1. under.open() doesn't create a new tab in the popup window as expected but in the main window. Actually, Chrome has the same behavior, Safari creates a new window (and prevents the popunder) and Opera doesn't even create the second window as requested. Seems like IE8 and 9 does the same thing. Though, I didn't check that myself. 2. under.open() then alibi.close() creates a popunder but window.open()/alibi.close() or under.opener.open()/alibi.close() doesn't.
OS: All → Mac OS X
Hardware: All → x86_64
Updated•13 years ago
|
OS: Mac OS X → All
Hardware: x86_64 → All
Reporter | ||
Comment 4•13 years ago
|
||
Awesome exploit. Makes perfect sense.
Comment 5•13 years ago
|
||
I had a second look at that bug... Everything comes from here: http://mxr.mozilla.org/mozilla-central/source/browser/base/content/browser.js#l4917 If we create a new tab with a parent window being a popup, we look at the last "main window" and add the tab to it and focus it explicitly. Weirdly, we don't do that if the new tab is directly added to the main window. That means these two codes are going to have a very different behavior: var w = window.open(/* a popup */); w.open(/* new tab */); and:r var w = window.open(/* a popup */); window.open(/* new tab */); or even: var w = window.open(/* a popup */); w.opener.open(/* new tab */); Only the first case is going to focus the new tab and transform the popup to a popunder. According to hg blame, the reason is bug 445845. I see three solutions: 1. We change the code of the focus manager to re-focus the previous focused window when the new tab is closed; 2. We revert the change from bug 448545 and hope we do not break too many legit behavior (note that calling window.close() would refocus the main window); 3. We do not allow more than one window.open() per event that allows window.open(). Solution 1 is very unlikely and the solution 2 seems risky. The best solution, IMO, is the last one and might fix more annoying behavior (as far as I've tested we can currently open tons of windows from a click handlers).
Blocks: 445845
Updated•13 years ago
|
Flags: in-testsuite?
Whiteboard: [should be fixed by bug 675574]
Comment 6•13 years ago
|
||
Filesonic and Wupload both have pop-unders that appear when the CAPTCHA is submitted (in both cases the advertiser is mgid.com). The pop-unders appear even though the value of dom.popup_allowed_events is empty and there are no enabled plug-ins (i.e. it's not coming from Flash content). Could someone kindly have a look at those cases as well? It's very disappointing that the browser allows pop-unders when the user goes through so much trouble to ensure they're blocked. Sample links: http://www.filesonic.com/file/2671061331/ http://www.wupload.com/file/136440685/
Comment 7•6 years ago
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046 Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5. If you have questions, please contact :mdaly.
Priority: -- → P5
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•