Closed Bug 102481 Opened 23 years ago Closed 23 years ago

Outlook Web Access - "reply" breaks after disabling pop-ups (dom.disable_open_during_load)

Categories

(Tech Evangelism Graveyard :: English US, defect, P4)

Product:
Tech Evangelism Graveyard
Component:
English US
Platform:
x86
Windows NT
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED INVALID
Milestone:
Future

People

(Reporter: fun, Assigned: bc)

References

(Blocks 1 open bug)

Details

(Whiteboard: [aok]) 

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.4+) Gecko/20010930
BuildID:    2001093008

I use Outlook Web Access all day, every day. Today I got the most recent
nightly and decided to try it with user_pref("dom.disable_open_during_load",
true); in my prefs.js .

It turns out that this makes Outlook Web Access not work properly.

When you open a message, it uses Javascript to pop up a window with
the message in it. If you want to reply to this message, you click
a 'Reply' link which closes your message and opens up a reply. Except
with dom.disable_open_during_load - it closes the original message as
it should, but (of course) doesn't open a reply.

(OWA works fine without dom.disable_open_during_load switched on.)

It may well not be possible to tweak dom.disable_open_during_load to
allow OWA to work but cut out obnoxious advertising popups, thus making
this an evangelism issue. But since I can guess how well evangelism of
Microsoft to help Mozilla work better would go, I thought I'd at least
ask :-)



Reproducible: Always
Steps to Reproduce:
1. Enable user_pref("dom.disable_open_during_load", true); in prefs.js
2. Open a message in OWA.
3. Hit 'reply' on the message.

Actual Results:  Original message closes, reply message doesn't open

Expected Results:  Reply message should open


Here is the source of the original message window. (I have deleted
proprietary info.)


<script language="Javascript">

function openNewWindow(fileName,windowName,theWidth,theHeight) {
	if (windowName == "newMessageWindow") 
	{
		//generate random window ID

		 windowName = new String(Math.round(Math.random() * 100000));

	}
	window.open(fileName,windowName,"toolbar=0,location=0,directories=0,status=1,menubar=1,scrollbars=1,resizable=1,width="+theWidth+",height="+theHeight)
}

</script>

<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 3.2//EN\">


<html>
<head>
<title>[... title deleted ...]</title>
</head>
<script language=javascript>


function DoCommand(szCommand) {
  
    if (szCommand == "reply") {
     
window.location="commands.asp?command=reply&obj=0000000095FB7859CBB9D4119EA80008C7A4192507004B6BC00CD15FD2119E5F0008C7A419A500000CF7217600004B6BC00CD15FD2119E5F0008C7A419A500001309CB8C0000";
       
    }
          
    else if (szCommand == "delete"){
     
window.location="commands.asp?command=delete&obj=0000000095FB7859CBB9D4119EA80008C7A4192507004B6BC00CD15FD2119E5F0008C7A419A500000CF7217600004B6BC00CD15FD2119E5F0008C7A419A500001309CB8C0000";
      
    }
     else if (szCommand == "replyall"){
     
window.location="commands.asp?command=replyall&obj=0000000095FB7859CBB9D4119EA80008C7A4192507004B6BC00CD15FD2119E5F0008C7A419A500000CF7217600004B6BC00CD15FD2119E5F0008C7A419A500001309CB8C0000";
      
    }
     else if (szCommand == "forward"){
     
window.location="commands.asp?command=forward&obj=0000000095FB7859CBB9D4119EA80008C7A4192507004B6BC00CD15FD2119E5F0008C7A419A500000CF7217600004B6BC00CD15FD2119E5F0008C7A419A500001309CB8C0000";
      
    }
     else if (szCommand == "replytofolder"){
     
window.location="commands.asp?command=replytofolder&obj=0000000095FB7859CBB9D4119EA80008C7A4192507004B6BC00CD15FD2119E5F0008C7A419A500000CF7217600004B6BC00CD15FD2119E5F0008C7A419A500001309CB8C0000";
      
    }    


    else if (szCommand == "close"){
       window.close();
    }
    else if (szCommand == "next"){
      
      window.location="/exchange/item.asp?action=next";
    }
     else if (szCommand == "previous"){
      
      window.location="/exchange/item.asp?action=prev";
    }

}

</Script>

<body TEXT=000000 BGCOLOR=#c0c0c0 TOPMARGIN=4 LEFTMARGIN=4 text=000000
link=000000 vlink=000000 alink=000000>
<!--- begin toolbar --------->
<form>
<table BORDER=0 bgcolor=#c0c0c0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%">
<tr>
<td width=100%>
<img src="/exchange/images/divider.gif" width=4 height=24 align="middle">



<a href="JavaScript:DoCommand('reply')">
<img SRC="/exchange/forms/reply.gif" Alt="Reply to sender" align="middle"
border=0></a>

<img src="/exchange/images/divider.gif" width=4 height=24 align="middle">

<a href="JavaScript:DoCommand('replyall')">
<img SRC="/exchange/forms/replyall.gif" Alt="Reply to all" align="middle"
border=0></a>

<img src="/exchange/images/divider.gif" width=4 height=24 align="middle">


<a HREF="JavaScript:DoCommand('replytofolder')">
<img SRC="/exchange/forms/ReplyFld.gif" alt='Reply to folder' align="middle"
WIDTH=24 HEIGHT=24 BORDER=0></a>

<img src="/exchange/images/divider.gif" width=4 height=24 align="middle">



<a href="JavaScript:DoCommand('forward')"> <img
SRC="/exchange/forms/forward.gif" Alt="Forward" align="middle" border=0
height=24 width=24></a>

<img src="/exchange/images/divider.gif" width=4 height=24 align="middle">

<a
href="JavaScript:parent.openNewWindow('/exchange/movcpy/root.asp?msgid=0000000095FB7859CBB9D4119EA80008C7A4192507004B6BC00CD15FD2119E5F0008C7A419A500000CF7217600004B6BC00CD15FD2119E5F0008C7A419A500001309CB8C0000&folderid=0000000095FB7859CBB9D4119EA80008C7A4192501004B6BC00CD15FD2119E5F0008C7A419A500000CF721760000&process=1','newMessageWindow',400,400)">
<img SRC="/exchange/forms/movcpy.gif" align="middle" Alt="Move/Copy" border=0
height=24 width=24></a>

<img src="/exchange/images/divider.gif" width=4 height=24 align="middle">



<a href="JavaScript:DoCommand('delete')">
<img SRC="/exchange/forms/delmark.gif" Alt='Delete' align="middle" border=0
height=24 width=24></a>

<img src="/exchange/images/divider.gif" width=4 height=24 align="middle">



<a href="JavaScript:DoCommand('previous')">
<img SRC="/exchange/forms/prevmsg.gif" Alt="Read previous item" align="middle"
border=0 width=24 height=24></a>

<a href="JavaScript:DoCommand('next')">
<img SRC="/exchange/forms/nextmsg.gif" Alt='Read next item' align="middle"
border=0 width=24 height=24></a>

<img src="/exchange/images/divider.gif" width=4 height=24 align="middle">



<a
href="JAVASCRIPT:openNewWindow('/exchange/help/READMSG.HTM','inlineHelpWindow',600,400)">
<img SRC="/exchange/images/help.gif" alt="Get help information on the current
window" align="middle" border=0 height=20 width=20></a>

</td>

<td align="right">
<input type="button" value="Close" onClick="DoCommand('close')">
</td>

</tr>

</table>
</form>
<!--<br>-->
<!--- begin header --->

<table border=0 cellpadding=3 cellspacing=0 width="100%" bgcolor=#c0c0c0>
<tr> <td width=10% >
<font size=2><b>From:</b></font>
</td> <td ID=from colspan=3><font size=2>
Name Deleted
                [SMTP:address@deleted]
            
            &nbsp;
</font></td>
</tr>

<tr> <td>
<font size=2><b>To:</b></font>
</td> <td ID=to colspan=3>
<font size=2>
David Gerard&nbsp;
</font>
</td>
</tr>
<tr>
<td><font size=2><b>Cc:</b></font>
</td> <td ID=cc colspan=3><font size=2>
&nbsp;
</font>
</td>
</tr>

<tr>
<td> </td>
</tr>

<tr>
<td>
<font size=2><b>Subject:</b></font>
</td>
<td ID=subject colspan=3>
<font size=2>
Title Deleted&nbsp;
</font>
</td>
</tr>
<tr>
<td>
<font size=2><nobr><b>Sent:</b></nobr>
</td>
<td ID=sent width=62% ><font size=2><nobr>
Time Deleted&nbsp;</nobr></font><br>
</td>
<td align=right>
<font size=2><nobr><b>Importance:</b></nobr>
</td>
<td ID=importance align=right><font size=2><nobr>
Normal&nbsp;</nobr>
</font>
</td>
</tr>

</table>


<!--- message text ----->
<table width="100%" border=1 cellspacing=2 cellpadding=6>
<tr ID=body>
<td BGCOLOR=white  width=100% height=300 valign=top colspan=2 >



[... message deleted ...]


</td>

</tr>
</table>
</body>
</html>
Is this dupe of 102481?
ooops, I pasted the wrong bug... is this dupe of bug 101189?
ccing rginda who actually knows how this dom_disable_... stuff works.

It doesn't look like that site is opening the window in an onunload() handler...
(if it is, shame on them and dom_disable_open_during_load should not be changed
to let this work).
The commands set the window.location to an asp file, and we've got no idea what
they do :(  I'd bet the code probably a new window from top level javascript,
which is blocked by disable_open_during_load.    The pref name is a little
misleading, it actually blocks window.open any time before the document is
loaded, any time after the unload process has begun, and from any setTimeout.

It might be possible to have a finer grained pref that would let users get
around this problem, if you can find someone with the time and desire to do it :)

The OWA code could also be "fixed" to not trigger our abuse blocker, but that's
beyond the scope of bugzilla.
Not DOM Events -> Security:General. Marking NEW since it seems confirmed that
the pref is the cause of the bug.
Assignee: joki → mstoltz
Status: UNCONFIRMED → NEW
Component: DOM Events → Security: General
Ever confirmed: true
QA Contact: vladimire → bsharma
No guarantees, but I'll take a look.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.7
performance, footprint, feature work, and re-architecture bugs will be addressed
in 0.9.8
Target Milestone: mozilla0.9.7 → mozilla0.9.8
My suitemate uses OWA, so I asked her to help me figure out how OWA's "reply" 
function works.  This is what I found:

* Clicking a message opens a new window to display the message.  This works 
fine.

* The message window contains code that looks like this:

 if (szCommand == "reply") {
      window.location="commands.asp?command=reply&obj=[very long hex string]";
 }

 <a href="JavaScript:DoCommand('reply')">["Reply to sender" image]</a>

* If I load the commands.asp URL in a view-source window (by prefixing the URL 
with view-source: ), I get code that opens a new window in its onload function, 
as rginda suspected:

LaunchForm(szFormPath) {
 openNewWindow(szFormPath+"?command=new&obj=63416",'newMessageWindow',640,500);
 parent.close();
}

<body text=000000 onLoad="LaunchForm('frmRoot.asp')">

* If I load frmRoot.asp?command=new&obj=63416 in a browser window, I get a page 
allowing me to reply to the message.  (I guess 63416 was the ID of the message.)


This looks like evangelism to me.  I can't imagine their site working with any 
other pop-up ad blocker.
Whiteboard: need "English: Microsoft" evangelism component
*** Bug 108459 has been marked as a duplicate of this bug. ***
If they're opening a legitimate window in an onload handler, then they're going
to be incompatible with this popup blocker feature. No way around that until I
hook the popup blocker up with the per-domain capabilities system, so you can
exclude particular domains.
Component: Security: General → English: US
Product: Browser → Tech Evangelism
Summary: dom.disable_open_during_load pref is incompatible with OWA (Outlook Web Access) → Outlook Web Access - "reply" breaks after disabling pop-ups (dom.disable_open_during_load)
Target Milestone: mozilla0.9.8 → ---
Version: other → unspecified
-> evangelism
really -> evangelism
Assignee: mstoltz → bclary
Status: ASSIGNED → NEW
QA Contact: bsharma → zach
work around: don't disable popups. -> future.
Priority: -- → P4
Target Milestone: --- → Future
That's not a reasonable workaround.  Half of the news sites I visit now try to 
create pop-up windows.  That's a higher percentage than I've *ever* seen with 
porn sites.
add to ms tracking bug. but marking invalid. If you want the per domain window
open capability file a bug on that.
Blocks: MS
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → INVALID
Whiteboard: need "English: Microsoft" evangelism component → [aok]
I don't think this is invalid because:

1. Blocking pop-ups is almost necessary in order to remain sane while browsing
today's web.

2. Pre-domain security settings would not fix the problem.  Most users would not
figure out why OWA Reply doesn't work, so they wouldn't know to use the
per-domain settings.

3. Any pop-up blocker would block OWA's Reply feature as it is currently
implemented.  An integrated pop-up blocker, like the one in Mozilla, gets very
few false positives.  If Mozilla does get a false positive, it's usually because
the window.open really does look like a pop-up ad.  In that case, it's
reasonable to tell the web developer "Don't make your features look like pop-up
ads."

4. I think it's important to evangelize sites that break with pop-up blocking
disabled, because I want the feature turned on by default in Mozilla (bug
111542) and available in Netscape (bug 75371 comment 207).
*** Bug 143601 has been marked as a duplicate of this bug. ***
*** Bug 136599 has been marked as a duplicate of this bug. ***
*** Bug 145063 has been marked as a duplicate of this bug. ***
*** Bug 148012 has been marked as a duplicate of this bug. ***
*** Bug 148159 has been marked as a duplicate of this bug. ***
*** Bug 152405 has been marked as a duplicate of this bug. ***
*** Bug 168537 has been marked as a duplicate of this bug. ***
Maybe it is possible to implement a "trusted site" feature just as in IE: for a
domain that I trust I can apply different settings for Java, ActiveX and all the
other stuff. This would allow to enable the "disable_open_during_load" feature
for specific domains only. I think that would be a helpful feature for other
settings as well. And there is a similiar feature already implemented in Mozilla
in the cookie manager - there you can decide based on the domain if you want to
have cookies or not.
Blocks: popups
*** Bug 188382 has been marked as a duplicate of this bug. ***
I think 'trusted site/site list' concept is the best available option. That will
give people an option to be able to use Outlook, granted though, many won't know
about it but.
You guys should get a new nightly, where it is possible to enable popups for
specific sites only....
Status: RESOLVED → VERIFIED
*** Bug 196803 has been marked as a duplicate of this bug. ***
*** Bug 234408 has been marked as a duplicate of this bug. ***
I am fine with the default to block all pop-ups. But I think it would be nice if
we can have easier way to tweak this, on/off for blocking pop-ups of current
visiting site. 

Instead of having to go into the menu to unset the blocking, I think it would be
a nice idea to have a small button/icon at the status bar, while a blocking
action is invoked, display this shinny icon to indicate the event, and if user
click on it a sub-menu is openned over the icon with simply 2 options ("block
popup for this site" "unblock popup for this site"). There will be only 2 clicks
instead of 3 clicks in the menu. Or, if you want only 1 single click, eliminate
the sub-menu, and 1 click on the icon to turn on blocking and 2nd click will
turn it off.

The icon has to be eye catching, while the blocking event is invoked, it should
flashy and maybe a tool-tip pops up on top of the icon. The idea is to tell the
user, "something is going on here!!"

Anyone agree on this?
sheng, this already exists.
*** Bug 254059 has been marked as a duplicate of this bug. ***
*** Bug 289271 has been marked as a duplicate of this bug. ***
Depends on: 297980
*** Bug 360349 has been marked as a duplicate of this bug. ***
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.