Closed Bug 174765 Opened 22 years ago Closed 22 years ago

Popup Blocking should support whitelists like Phoenix

Categories

(Core :: DOM: Events, enhancement)

enhancement
Not set
normal

Tracking

()

VERIFIED FIXED

People

(Reporter: zevious, Assigned: dveditz)

References

(Blocks 1 open bug)

Details

Attachments

(4 files, 11 obsolete files)

(deleted), patch
dveditz
: review+
dveditz
: superreview+
brendan
: approval+
Details | Diff | Splinter Review
(deleted), patch
danm.moz
: review+
jag+mozilla
: superreview+
Details | Diff | Splinter Review
(deleted), patch
dveditz
: review+
shliang
: superreview+
chofmann
: approval+
Details | Diff | Splinter Review
(deleted), patch
danm.moz
: review+
danm.moz
: superreview+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2b) Gecko/20021016 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2b) Gecko/20021016 The current implementation of popup blocking works, sometimes but the method being used by Phoenix is soo much better. 99.9% of the popups ever sent are unwanted. Why show them to me and require that I right click and reject them? Let me choose TO open them as needed. The other problem is that some sites will send a popup that is all "flash". When you right click, you get the flash menu with no option to block the popup. And finally, many times, I right click on the popup, only to find that it is already on the reject list, yet still popping up. Yes, I know, these should be filed as seperate bugs but I only included those to support the point of this bug. If this bug is fixed, those become irrelevant. Reproducible: Always Steps to Reproduce: 1. Open site that has popups. (www.newsisfree.com) 2. Witness popup 3. Reject it 4. Restart Mozilla and go to the above site. 5. Witness popup anyhow Actual Results: Popups all over the place. Expected Results: Pop ups that I ask for only.
Dan, don't you already have a bug on a whitelist?
Whiteboard: DUPEME
yes yes, whitelists. Oddly there was no actual bug for this already. So now there is. The feature is coming, it's just not a very visible effort. This bug's as good a placeholder as any for it.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows XP → All
Hardware: PC → All
Summary: Popup Blocking should have the same behavior as Phoenix → Popup Blocking should support whitelists like Phoenix
Whiteboard: DUPEME
Also, for a way around the context menu problem with sites that use flash, and others, see bug 171964.
->me, joki won't be working on this AFAIK.
Assignee: joki → dveditz
Attached patch trunk patch for whitelisting backend (obsolete) (deleted) — Splinter Review
Attached patch 1.0-branch patch for whitelisting backend (obsolete) (deleted) — Splinter Review
It's probably not harmful to give the PopupWindowManager's opinion priority over dom.disable_open_during_load, but I think it would simplify things to leave the dom preference in charge. I believe the advantage of prioritizing PWM is it allows you to fire the popupblocked event. But this overcomplicates permission checking (the entire IsPopupBlocked function). An alternative I prefer is to give the dom preference priority, silently failing to open the window if it insists. Then the unfortunate temporary override of the popupmanager's global default setting could be avoided. Really, I screwed up. The dom preference should have complete control. privacy.popups.policy is redundant. Ideally, I'd like to get rid of the latter before we ship something that uses it. So I know that isn't going to happen. But we should just be using the dom preference. Someday when we're allowed we should go back and fix that. But failing that, the temporary usurpation of the PWM's global is still kind of icky. You've removed mCustomPermissions. I agree it's unnecessary but at the moment the UI claims to support it. Wouldn't want to remove back end knowledge of the preference without also updating the UI. Hmmm. In places you've bypassed nsIPermissionManager (going straight to the Permission_* functions) and in places you're still using nsIPermissionManager. What's up with that? I think you're right; bypassing nsIPM allows you to skip the construction of a URI object. Can you clean it up and get rid of mPermManager completely? That'd be preferable to using it only sometimes. (Wow. I see the next level down, PERMISSION_*, _Add takes an nsIURI and _Remove takes a string. Funny. But still it'd be nice.) nsPopupWindowManager.cpp block @@ -232,19 +234,15 @@ + mPolicy = (perm = ALLOW_POPUP) ? ALLOW_POPUP : DENY_POPUP; ^^
Attached patch updated trunk patch (obsolete) (deleted) — Splinter Review
Attachment #103588 - Attachment is obsolete: true
Attached patch updated branch patch (obsolete) (deleted) — Splinter Review
These two patches should address Dan's comments except the removal the custom settings from the pref UI.
Attachment #103591 - Attachment is obsolete: true
Comment on attachment 103668 [details] [diff] [review] updated trunk patch 's fine, understanding that this is still a transient stage on the way toward getting rid of the privacy.popups.policy preference so that dom.disable_open_during_load will have sole control. But it looks like it'll work to me. However this patch will cause regressions; it'll break the current popup blocking UI. That claims to support three states: all on, all off and blacklist, and this will no longer be true. And the current UI doesn't set the dom preference correctly for this model, so it basically won't block popups any more. We should disable fancy popup blocking for the 1.2 release, leaving the 1.1 model in place. I'll attach a patch later. One thing, also please remove line 45 from nsPopupWindowManager.h (#include "nsIPermissionManager.h").
Attachment #103668 - Flags: review+
Comment on attachment 103669 [details] [diff] [review] updated branch patch r=danm, both
Attachment #103669 - Flags: review+
Attached patch disable popup blocking (obsolete) (deleted) — Splinter Review
You'll need to do this for these other patches.
Attached patch revised branch patch (obsolete) (deleted) — Splinter Review
adds one more permission type to separate white lists and black lists commmented out open unrequested windows checkbox in scripts pref panel add help context id
Attachment #103669 - Attachment is obsolete: true
Attachment #103669 - Flags: review+
Attachment #103668 - Flags: review+
argh. I've been trying to make myself like the new branch patch, but I just can't make it happen. I think we're kidding ourselves, checking in funky branch things and promising they'll never make it to the trunk. Please don't ask me to review this. I'm not allowed to play in this sandbox any more and I've reached a point where I genuinely don't want to play. And I'm rescinding my review of the the latest trunk patch, #3. On that I'd restore approval, if asked, but I want to be clear that's contingent on checkin of the as-yet unreviewed disabling patch, #5. Which should go in anyway.
Comment on attachment 103753 [details] [diff] [review] disable popup blocking r=dveditz, this is an addition to the trunk patch (does not need to be done on the branch)
Attachment #103753 - Flags: review+
Comment on attachment 103753 [details] [diff] [review] disable popup blocking sr=jag
Attachment #103753 - Flags: superreview+
dveditz, jag: can you review the disabling patch at attachment 103753 [details] [diff] [review]? /be
Duh, I misread attachment ids. Ok, I'll approve the disabling patch. /be
Comment on attachment 103753 [details] [diff] [review] disable popup blocking The front end changes are commented or early-returned out -- what's the plan for restoring the context menu, or removing the code rather than leaving it disabled or commented out? a=brendan@mozilla.org for the trunk. /be
Attachment #103753 - Flags: approval+
Brendan: I don't want to remove the feature, just disable it during this turbulent phase. I expect it'll be reenabled after 1.2, though I couldn't say in what form. Perhaps the commented out code could be simply uncommented then. Don't know. In the meantime, it makes private patches to enable the feature a little less subject to conflict.
Comment on attachment 103668 [details] [diff] [review] updated trunk patch r=danm, trunk patch #3, now that the disabling patch #5 is good to go.
Attachment #103668 - Flags: review+
Blocks: blackbird
Keywords: adt1.0.2+
This patch includes minor changes requested by jag and incorporates the already reviewed UI patches (attachment 103753 [details] [diff] [review]) for review completeness.
Attachment #103668 - Attachment is obsolete: true
Attachment #103753 - Attachment is obsolete: true
Comment on attachment 103933 [details] [diff] [review] updated trunk patch (including previous UI change) I hope I'm not out of line carrying-over danm's r=. The changes to the patch he reviewed were all in nsGlobalWindow.cpp
Attachment #103933 - Flags: review+
Please just yank all of the MOZ_PHOENIX code. Your new impl can be used by Phoenix no problem. We don't need to leave any of the #ifdefs in. I assume the popup whitelist is just another integer value in morse's stuff (like the other lists)? In theory once you yank everything and land this, I just have to change to the whitelist integer value instead of the blacklist integer value in Phoenix's prefs UI, right?
So jag says ya use the same list and just have a boolean. Does that mean all I have to change in Phoenix code is my call to popupmanager.add? I pass in "false" (which means blacklist) and I should pass in "true" instead (to mean whitelist)?
Attachment #103933 - Flags: superreview+
Comment on attachment 103933 [details] [diff] [review] updated trunk patch (including previous UI change) hyatt: yep, that sounds about right. dveditz: so what hyatt said two comments ago, just remove the phoenix ifdef'ed code. >Index: extensions/cookie/nsPopupWindowManager.cpp >=================================================================== >@@ -84,74 +77,71 @@ > nsIObserver); > > nsresult > nsPopupWindowManager::Init() > { > mOS = do_GetService("@mozilla.org/observer-service;1"); >- mPermManager = do_GetService(NS_PERMISSIONMANAGER_CONTRACTID); > nsCOMPtr<nsIPrefService> prefs(do_GetService(NS_PREFSERVICE_CONTRACTID)); > if (prefs) >- prefs->GetBranch(sPopupPrefRoot, getter_AddRefs(mPopupPrefBranch)); >+ prefs->GetBranch("", getter_AddRefs(mPopupPrefBranch)); Why not "dom"? That way the pref service won't have to call us for changes to prefs not in the dom branch. And if you keep sPopupPrefRoot and the #define/leaf thing (I now understand why it was done that way) you can use NS_LITERAL_STRING and make things a tiny bit faster. >@@ -177,28 +167,35 @@ > { > NS_ENSURE_ARG_POINTER(aURI); > NS_ENSURE_ARG_POINTER(_retval); > > *_retval = mPolicy; > >+ /* Permission Manager won't save values if there's no host: return default */ I think this comment can be taken out. >@@ -229,25 +226,20 @@ > //***************************************************************************** > NS_IMETHODIMP > nsPopupWindowManager::Observe(nsISupports *aSubject, const char *aTopic, > const PRUnichar *aData) > { > if (nsCRT::strcmp(aTopic, sPrefChangedTopic) == 0 && >+ NS_ConvertASCIItoUCS2(sPopupDisablePref).Equals(aData)) { >+ // refresh our local copy of the "disable popups" pref >+ PRBool perm = PR_FALSE; Why not permission like elsewhere? sr=jag with those changes
Attached patch updated branch patch (obsolete) (deleted) — Splinter Review
undo the two types needs to be updated with dveditz's most recent changes (to be posted, according to jag)
Attachment #103763 - Attachment is obsolete: true
Attached patch final(?) trunk patch (deleted) — Splinter Review
The pref service only calls on the one pref we explicitly register for. Inside nsPrefBranch it recombines the root and the leafname before calling PREF_RegisterCallback to do the real work, so it really doesn't matter how we split it up. Since we're only dealing with the one pref I think it's more readable as a single string (and it's slightly faster since the pref service doesn't have to chop the prefix off before calling Observe, but that doesn't really matter). I've made the other changes.
Comment on attachment 103954 [details] [diff] [review] final(?) trunk patch carrying over reviews
Attachment #103954 - Flags: superreview+
Attachment #103954 - Flags: review+
Comment on attachment 103954 [details] [diff] [review] final(?) trunk patch >@@ -2891,24 +2871,10 @@ > return PR_FALSE; > > if (!mIsDocumentLoaded || mRunningTimeout) { >- PRBool blockOpenOnLoad = PR_FALSE; >- prefs->GetBoolPref("dom.disable_open_during_load", &blockOpenOnLoad); >- if (blockOpenOnLoad) { >-#ifdef DEBUG >- printf ("*** Scripts executed during (un)load or as a result of " >- "setTimeout() are potential javascript abuse points.\n"); >-#endif >- >-#ifdef MOZ_PHOENIX >- // see the definition of the function for details. >- PRBool whitelisted = IsPopupWhitelisted(mDocument); >- if (!whitelisted) >- FirePopupBlockedEvent(mDocument); >- return !whitelisted; >-#else >- return PR_TRUE; >-#endif >- } >+ PRBool blocked = IsPopupBlocked(mDocument); >+ if (blocked) >+ FirePopupBlockedEvent(mDocument); >+ return blocked; > } else { Nit: Get rid of the else after return here, unbrace and exdent the whole block. >+++ extensions/cookie/nsPopupWindowManager.h 24 Oct 2002 07:35:47 -0000 >@@ -67,9 +67,7 @@ > void DeInitialize(); > > PRUint32 mPolicy; >- PRBool mCustomPermissions; > nsCOMPtr<nsIObserverService> mOS; >- nsCOMPtr<nsIPermissionManager> mPermManager; > nsCOMPtr<nsIPrefBranch> mPopupPrefBranch; > }; > No need for the nsIPermissionManager.h include any longer, now that you've removed the mPermManager member? With these nits addressed, a=brendan@mozilla.org for 1.2final trunk checkin. /be
Attachment #103954 - Flags: approval+
Attached patch updated branch patch (obsolete) (deleted) — Splinter Review
Attachment #103950 - Attachment is obsolete: true
Checked in the trunk back-end patch. I'm marking this fixed because we now "support" a whitelist, even if it has be to manually entered. I created bug 176624 to cover adding the UI. Sorry if this is inconvenient, but this bug is already pretty long.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Attached patch updated branch patch (obsolete) (deleted) — Splinter Review
Attachment #104050 - Attachment is obsolete: true
various nitpicks about how we weren't using the permission manager APIs led to its removal, but it turns out that's what owns the list and needs to stay. If we try to duplicate the list owning in nsPopupWindowManager then we start conflicting with the cookie and image blocking code which uses the permission manager. I didn't ever see any problems, I suppose because my extensive list of blocked cookies ensured the permission manager service was already started. But QA saw situations where the black or white lists wouldn't work until after you opened the pref panel which uses the permission manager to enumerate the list.
Attached patch updated branch patch (obsolete) (deleted) — Splinter Review
Attachment #104094 - Attachment is obsolete: true
Comment on attachment 104094 [details] [diff] [review] updated branch patch >Index: mozilla/extensions/cookie/nsPopupWindowManager.cpp >+#include "nsIPermissionManager.h" Don't need this here, already in nsPopupWindowManager.h >+ if (mOS && mPopupPrefBranch) { I'd restore the check for mPermManager here too -- if that fails then we don't have a valid underlying list mechanism to work with. >+nsPopupWindowManager::Add(nsIURI *aURI, PRBool aPermit) Since Permission_AddHost might create a new list if one isn't found and someone someday might ignore a failure from the Init() method, I think it'd be a little safer to check mPermManager here and bail out if it's null. Otherwise our added permission might stomp on a valid cookperm.txt file >+nsPopupWindowManager::Remove(nsIURI *aURI) DOn't need the same check here, if Remove finds an empty list it just says "OK, I'm done!" so there's no danger to the cookperm.txt data with these minor changes r=dveditz
Attachment #104094 - Attachment is obsolete: false
Attachment #104094 - Flags: review+
Attachment #104094 - Attachment is obsolete: true
Comment on attachment 104099 [details] [diff] [review] updated branch patch r=dveditz
Attachment #104099 - Flags: review+
Comment on attachment 104097 [details] [diff] [review] fix damage cause by reviewer nitpicks :-) (trunk) sr=jag We'll need to clean this up.
Attachment #104097 - Flags: superreview+
Comment on attachment 104099 [details] [diff] [review] updated branch patch There are some small differences in the trunk and branch versions of nsPopupWindowManager.cpp and nsIPopupWindowManager.idl, sr=jag once you've fixed those.
Attachment #104099 - Flags: superreview+
Attached patch patch (deleted) — Splinter Review
>>Index: mozilla/extensions/cookie/nsPopupWindowManager.cpp >>+#include "nsIPermissionManager.h" > >Don't need this here, already in nsPopupWindowManager.h Stating direct dependencies instead of bootlegging them via nested includes is generally good form. Header files have idempotent-include guard #ifndefs, etc. Hope my nit-picking wasn't to blame (I see the smiley, but still). Code review != testing. I asked danm about the cookie changes when reviewing attachment 103954 [details] [diff] [review], averring that I hadn't mentally executed all the paths or examined the PERMISSION_/Permission_/permission_ (is that enough, already? ;-) layers being used. The only moral here, it seems to me, is to get the patch in and let the community test it. I'll let danm r= attachment 104097 [details] [diff] [review], then I'll sr=. /be
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Blocks: 1.2b
Just tested the current trunk with phoenix (I patched phoenix's front end code), and it all works beautifully. yay!
Keywords: mozilla1.0.2
Comment on attachment 104117 [details] [diff] [review] patch r=dveditz
Attachment #104117 - Flags: review+
Comment on attachment 104097 [details] [diff] [review] fix damage cause by reviewer nitpicks :-) (trunk) I hadn't investigated the mystery of permission list persistence. Now that I have I wish I hadn't. Sorry I missed that. Dan, your patch will work so r=me. However it seems to me that there is no owner of the permission list. All the top- and mid-level entry points into this code seem to share ownership. So I'd prefer to maintain the structure of equal nsPopupWindowManager and nsPermissionManager siblings that you began and do this instead: Index: extensions/cookie/nsPopupWindowManager.cpp =================================================================== RCS file: /cvsroot/mozilla/extensions/cookie/nsPopupWindowManager.cpp,v retrieving revision 1.7 diff -u -r1.7 nsPopupWindowManager.cpp --- extensions/cookie/nsPopupWindowManager.cpp 25 Oct 2002 04:46:19 -00001.7 +++ extensions/cookie/nsPopupWindowManager.cpp 25 Oct 2002 18:52:25 -0000 @@ -88,7 +88,8 @@ if (prefs) prefs->GetBranch("", getter_AddRefs(mPopupPrefBranch)); - if (mOS && mPermManager && mPopupPrefBranch) { + if (mOS && mPermManager && mPopupPrefBranch && + NS_SUCCEEDED(PERMISSION_Read())) { // initialize our local copy of the pref Observe(NS_STATIC_CAST(nsIPopupWindowManager *, this), sPrefChangedTopic, NS_LITERAL_STRING(POPUP_PREF).get()); Oh. I see you've already checked it in. Well, some extra overhead but no harm.
Attachment #104097 - Flags: review+
Comment on attachment 104117 [details] [diff] [review] patch carrying over sr=jag
Attachment #104117 - Flags: superreview+
i've incorporated danm's suggestion in the branch patch (comment 44)
I thought of just adding the read to the popup manager init--that solves the symptoms we encountered. But to do it right you really have to be a profile change listener, and if both managers are running they'd both be trying to do the same thing. If you incorporate the permission manager anyway as your diff shows (but I suspect that's unintentional) the read is just more overhead. Safer to leave the list to the permission manager for now and clean up the next layer down soon. We really need to re-write all that list-walking code anyway, it should use a hash table not nested for-loops over all the sites. Even a binary search down the sorted list would be better than what's there now. (this is more of an issue for cookies and image loads than the relatively infrequent popups.)
Right, comment 44 doesn't work because nsPopupWindowManager isn't listening for profile changes. Sigh. Now I'm suspicious of the other managers that claim ownership of this list. The list ownership and initialization model need some serious hammering but for now, scratch comment 44 and go with Dan's funky initialization scheme, which is the best we're going to do without a rewrite.
Comment on attachment 104117 [details] [diff] [review] patch a=chofmann for 1.0.2
Attachment #104117 - Flags: approval+
The popup blocked event is not being fired in quite the right place. If window.open specifies a window name AND that window exists then we load the content into it even if CheckForAbusePoint() return true. In this fairly uncommon case the user still gets a popup-blocked notification (beep, ui flash, whatever) although the window.open did succeed. Doing it the right place actually simplifies the code a little.
The branch patch (attachment 104117 [details] [diff] [review]) is still good to go, attachment 104214 [details] [diff] [review] fixes an extra popup-blocked notification in a minor edge case. The blocking or not of popups works perfectly fine, it's just this extra event announcing a block that didn't actually happen. I'll pursue getting it in, but it shouldn't hold up the bulk of the implementation.
Comment on attachment 104214 [details] [diff] [review] Fire event only if really blocked sr=jag
Attachment #104214 - Flags: superreview+
Comment on attachment 104214 [details] [diff] [review] Fire event only if really blocked better this way anyway. r=danm
Attachment #104214 - Flags: superreview+ → review+
Attachment #104214 - Flags: superreview+
Could it be that this checkins caused the "original" popup-manager to disappear? In the trunk (2002102508, win2000) there is no entry under tools and also the prefs for popup-blocking are not there where they used to be.
Yes. Popup blocking was intentionally disabled by the fifth patch (attachment 103753 [details] [diff] [review]), checked in after incorporation into the ninth patch (attachment 103954 [details] [diff] [review]). Comment 10 superficially explains. See also reopened bug 166442 comment 104 - 106.
Blocks: popups
Fixed on branch. Fixed on trunk as far as "support" goes. other bugs deal with the UI.
Status: REOPENED → RESOLVED
Closed: 22 years ago22 years ago
Resolution: --- → FIXED
Comment on attachment 104214 [details] [diff] [review] Fire event only if really blocked a=roc+moz for trunk
Attachment #104214 - Flags: approval+
Attachment 104214 [details] [diff] checked into the trunk
Verifying on build 2002-10-30-..-1.0 on Win2k and 2002-10-30-..-1.0 on OSX
*** Bug 179073 has been marked as a duplicate of this bug. ***
There is no popup blocker in trunk builds... dont know what to do about verifying with this.
vladimir: yes, it's there. :) check Edit - Preferences - Privacy & Security - Popup Windows.
Ah, had an old trunk build. Verifying.
Status: RESOLVED → VERIFIED
Just wanted to know if the whitelist is coming or not?? Please?
It's here and working fine. Just download 1.3b.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: