There should be some way short of viewing the source to see what happens on an onclick--the status bar would be a nice place for that, after anything else (like a link location) that needs to be shown there. See also bug 229050 about /not/ showing link text if a link also has a javascript:location.href onclick event.

> There should be some way ... to see what happens on an onclick This is what bug 229050 is about. I intentionally worded the summary openly, so we can discuss there which solution is best. FWIW, I don't think you can show what will happen, because onclick is a script, and orinary users can't decipher JS, and the evil JS will be too long /indirected to be shown there. In general, onclick could manipulate the DOM or whatever, and I don't really see a way to communicate that to the user apart from doing it. > See also bug 229050 about /not/ showing link text I only proposed to not show ther *href*. I do want to see a text msg telling me that it's a script. *** This bug has been marked as a duplicate of 229050 *** *** This bug has been marked as a duplicate of 229050 ***

The summary of bug 229050 is "Don't show URL on mouseover, if there is onclick" which seems to me to be clearly about not making people think they're going to one place when they're really going to another. This is about making it possible to see what happens on an onclick, regardless of what else the element would do. Most onclick scripts aren't too long to be shown on the status bar, and even if they are, you could still get a good idea of what they do. If it would be confusing to other users there can be a pref for it, even turned off by default.

Ops, I was connnfused about the summary, sorry. > This is about making it possible to see what happens on an onclick Not possible, as explained.

*** Bug 261701 has been marked as a duplicate of this bug. ***

This should be for all events, not just onClick. See bug 303766.

(In reply to comment #3) > Ops, I was connnfused about the summary, sorry. > > > This is about making it possible to see what happens on an onclick > > Not possible, as explained. Although you can't easily interpret the javascript to explain exactly what's going to happen, a friendly message could be shown indicating that potentially insecure javascript will be executed when you click the link.

Potentially insecure? If someone was going to exploit a security hole through javascript, they'd just do it when the page loaded, not wait for you to click somewhere. And now that I think about it, this is the kind of thing that few enough people would want that it's not worth the bytes it would entail to give it to everyone. -> WONTFIX, though I wouldn't mind seeing an extension made for it. (fixing the product/component while I'm at it)