Closed
Bug 909020
Opened 11 years ago
Closed 11 years ago
Disable onbeforeunload questionbox and/or restrict amount
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 636374
People
(Reporter: e7online, Unassigned)
Details
(Keywords: csectype-dos, sec-want)
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0 SeaMonkey/2.19 (Beta/Release) Build ID: 20130628210052 Steps to reproduce: Got a popup with following http url (don't open on it with active Javascript): polizei.de.id657546456-3999456674.r7034.com It contains 150x the following snippet (guess for other browsers): <iframe srcdoc="<script>window.onbeforeunload = function(env){return 'Ihr Browser hat gesperrt. Alle PC-DATEN WERDEN festgehalten und Strafverfahren gegen Sie eingeleitet, wenn eine Geldbuße nicht bezahlt werden.';}</script>" src="de/close.php"></iframe> Also there's an return false; function assigned to every iframe. var strongs = document.getElementsByTagName("iframe"); for (var i=strongs.length - 1; i>=0; i--){ var strong = strongs[i]; var acceptor = strong.parentNode; while(strong.childNodes.length){ var child = strong.childNodes[0]; strong.removeChild(child); acceptor.insertBefore(child, strong); }; acceptor.removeChild(strong); }; Browser is asking ~ 150 times if I'm sure I want to close that window. And there's a little bit other different stuff like trying to disable CTRL+U, but nothing "special". Would be great to have a possibility to restrict the number of "Are you sure to close"-messages allowed or the same checkbox as for normal alerts ("Prevent page from opening ...") Further idea: Add functionality to disable that question for windows opened by Javascript completely.
Comment 1•11 years ago
|
||
Here's another one which uses this trick to try and force a user to download a fake Firefox update: loansautos.com/ We should limit the number of onbeforeunload handlers that fire per top-level window to something like 3. Gerv
Updated•11 years ago
|
Comment 4•11 years ago
|
||
same here. A site has 100 iframes which all have a onbeforeunload and unload event listeners and the leave page dialog appears 100 times. (Saw it on a scam website claiming to be the police and u need to pay a fine for the porn you have watched).
Comment 7•11 years ago
|
||
Restricting the number of onbeforeunload dialogs from a single page is bug 636374. (Disabling onbeforeunload completely would be bug 578828 or bug 636905.)
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•