Closed
Bug 240246
Opened 21 years ago
Closed 16 years ago
popup window passed between frames can evade blocker
Categories
(SeaMonkey :: UI Design, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: danm.moz, Unassigned)
References
()
Details
Attachments
(3 files)
A window contains at least two frames. At load time one of them (frame B) calls a function in the parent window which in turn calls a function in a second frame (frame A) which opens a new window. If frame A happens to finish loading before frame B, Mozilla doesn't realize the window is still loading, and opens the popup. In codeish form, the main page looks like this: <html><head><script> function startPopup() { try { // frameA may not be loaded yet frameA.openPopup(); } catch(e) { } } </script></head> <frameset rows="50,50"> <frame src="frameA.html" name="frameA"> <frame src="frameB.html"> </frameset> </html> frame A contains the openPopup function <html><head><script> function openPopup() { // alert if running on local hard drive window.open("about:blank", "_blank"); } </script></head></html> frame B starts the load in motion <html><head><script> parent.startPopup(); </script></head></html> This technique is used, probably accidentally, at www.bonus.com. That site attempts to open a bunch of popups, some of them "invisible" (though not in Mozilla) and succeeds in opening one on perhaps every third attempt. The chances can be raised by inserting more intervening frames between A and B. An alert inserted in the function in frame A shows the popup every time when attempting to reproduce from a local hard disk.
http://www.designobject.com/main/index.html?product=389 is a similar example. It does the same thing, but rather than go through a function in the parent window it calls the other frame's function directly. That is, in its load handler, frame[3] calls a function in parent.frame[1], which opens a window.
Comment 5•20 years ago
|
||
This site http://www.sportsline.com/nfl/story/7538370 seems to be using a similar techinque using setTimeout and an iframe.
Updated•20 years ago
|
Blocks: pop-up-arms-race
I too can reproduce this from www.sportsline.com. I think the offending code is here: <br clear="all"> <iframe src="/blank.html" name="popunder" id="popunder" width="1" height="1" scrolling="no" frameborder="0"></iframe> <SCRIPT language='JavaScript'> var _popTag=""; function createPop() { if (IE||DOM) {window.frames.popunder.document.write(_popTag);} return; } var _l=2105058073; var pub_click_url = ''; var _isaclick=1; var _extra = (pub_click_url == "" ? "" : ( _isaclick ? "&aclick="+pub_click_url : "&pclick="+pub_click_url)); var _cn = "L"+_l+"="; var _pop=document.cookie.indexOf(_cn); var _il = 1; var _tl = 0; var _ex; if (_pop >= 0) { _pos=document.cookie.substring(_pop).indexOf(';'); if (_pos >0 ) _val = document.cookie.substring(_pop+_cn.length,_pop+_pos); else _val = document.cookie.substring(_pop+_cn.length); if (_val.indexOf('.') > 0 ) { _il = _val.substring(0,_val.indexOf('.')); _ex = _val.substring(_val.indexOf('.')+1); _tl = _ex - (new Date()).getTime(); } if (_tl <= 0) document.cookie=_cn+";path=/;expires="+(new Date((new Date()).getTime() - 1000000)).toGMTString()+";"; } if ( _il > 0 || _tl <=0 ) { _popTag="<html><body>" + "<sc"+"ript language='javascript' src='http://adopt.specificclick.net/adopt.sm?l="+_l+"&sz=pop&r=j&pfc=1&rnd="+random+""+_extra+"'>" + "</sc"+"ript>" + "</body></html>"; setTimeout("createPop();",2000); } </SCRIPT> BTW, if I take a local copy of the web page & change the sc"+"ript to script I can pretty much at will cause the popup to either occur or not occur. When I tested this I made sure to delete the cookies after each attempt. I am no expert at javascript but is this how it could be evading the popup blocker?
Updated•20 years ago
|
Group: security
Comment 7•20 years ago
|
||
Comments 5 and 6 refer to another way to evade our pop-up blocker, bug 253780.
Bug was made security confidential because of the script posted in comment 6. It's more effective than the testcase already in this bug and, by the way, unrelated to this bug. See comment 7.
Clearing confidentiality flag, since evading the popup blocker is not a major security issue, and methods for such evasion are publically known already anyway.
Group: security
Updated•20 years ago
|
Product: Core → Mozilla Application Suite
Comment 10•20 years ago
|
||
Have noticed this behaviour in 1.8b1 - ever since upgrading from 1.7, I get frequent popunders that aren't blocked.
Comment 11•20 years ago
|
||
I also encounter in webmail hosted by everyone.net. I think the web ad company is intentionally using this technique to bypass Firefox/Mozilla popup blocker.
Comment 12•20 years ago
|
||
I'm pretty sure this issue has been fixed in bug 252326. I can reproduce it in Mozilla 1.7.3 but not in 1.7.8 or a current trunk build. Dan, please confirm. rubbish@dr.com: if you have Mozilla 1.7.5/Firefox 1.0 or higher please open a separate bug on this problem. If not - upgrade your browser.
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•