Closed
Bug 748519
Opened 13 years ago
Closed 13 years ago
websites should not be able to lie by rewriting href onmouseover(), violating principal of least surprise
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 229050
People
(Reporter: shawnlandden, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0
Build ID: 20120410121533
Steps to reproduce:
Facebook, among other sites, put regular links on the page, (and without overriding the status bar away from showing the href of the link) but then attach onmousedown() handlers to rewrite the links when users click on them to bounce through themselves.
There is nothing to prevent this link from being rewritten to going anywhere, including arbitrary 3rd-party sites, much to the users confusion.
Sure, web sites can already take the user anywhere with javascript. (isn't there a about:config to disallow this?) but I just think that this confuses users.
Perhaps if the website is overriding the status bar message, then they can be allowed to change this, I don't know. What are the other use cases do we have to think about? Perhaps just the href will be immutable to the javascript run from the handler?
It seems like I can bypass sme of these handlers by simply middle-clicking on the link to open in a new tab, which i end up doing almost exclusively.
Once you tell the user that this link is going somewhere, allowing it to go somewhere else seems really bad.
Updated•13 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
sry about that, i did try to look for duplicates before i filed this
You need to log in
before you can comment on or make changes to this bug.
Description
•