Closed
Bug 70135
Opened 24 years ago
Closed 22 years ago
Should have a pref to disable sending middle/right click events to javascript
Categories
(Core :: Security: CAPS, enhancement, P2)
Core
Security: CAPS
Tracking
()
Future
People
(Reporter: cesarb, Assigned: security-bugs)
References
Details
Attachments
(1 file)
(deleted),
text/html
|
Details |
Some sites (annoyingly) block any attempt to right-click or middle click on a
page. Some other sites (even more annoyingly) display a popup whenever a user
tries to do that. Since right and middle clicks are part of the browser's UI, no
sites I've seen do anything useful with anything other than left-click, and now
we have popup blocking, I think it would be good to add a hidden pref (like with
popups in 0.8) to not send right or middle clicks to the javascript in the page
(i.e. treat the whole canvas as part of the UI whenever the click isn't on the
first button)
Comment 1•24 years ago
|
||
Confirming as an rfe.
See also bug 40535, "[RFE] disallow/queue alert (and window.open?) on right-
click".
Do alerts on middle-click break the "open link in new window" or "go to url in
clipboard" behaviors?
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Hardware: PC → All
Assignee | ||
Comment 2•24 years ago
|
||
Anyone have an example of a script that traps right/middle clicks?
Status: NEW → ASSIGNED
Comment 3•24 years ago
|
||
Comment 4•24 years ago
|
||
Mitch, let me know if the attached testcase is what you're looking for...if not,
I'll see what I can come up with. -Kritzer
Assignee | ||
Comment 5•24 years ago
|
||
chris,
testcase looks great. Don't spend too much time on this one right now though,
it's an enhancement. marking Future.
Target Milestone: --- → Future
Reporter | ||
Comment 6•24 years ago
|
||
Pretty annoying testcase:
http://www.elnet.com.br/elnet_news/index.asp
In the white-backgrounded middle column ("Notícias e Matérias"), every link is a
popup. In IE and 4x (it wasn't me who tested, but I saw it), middle-clicking or
right-clicking on any of them does what it's supposed to do, with no popup. The
popup only appears in left-click.
So, now I'm inclined to say "no pref, just block it!"
Should I morph this into "onclick/dblclick should only be called on left mouse
button", or file a new bug?
This is different from bug 40535, since it advocates that simply popups be
blocked. I advocate (now) not even running the onclick handler on non-left-click.
Oh, wait, I just found bug 71705. Never mind. (where's the related-bugs bugzilla
feature when you need it?)
Assignee | ||
Comment 7•24 years ago
|
||
Target is now 0.9.5, Priority P2.
Priority: -- → P2
Target Milestone: Future → mozilla0.9.5
Assignee | ||
Comment 8•23 years ago
|
||
time marches on...retargeting to 0.9.6
Target Milestone: mozilla0.9.5 → mozilla0.9.6
Assignee | ||
Comment 9•23 years ago
|
||
Less important bugs retargeted to 0.9.9
Target Milestone: mozilla0.9.6 → mozilla0.9.9
Comment 10•23 years ago
|
||
We basically want to make sites unable to hook into oncontextmenu events, now
that right and middle click don't trigger onclick...
Updated•23 years ago
|
Blocks: patch-soap-opera
Comment 11•23 years ago
|
||
An option to disable right-mouse-button-disabeling with JavaScript would fit
very well to the Scripts section in the Advanced Preferences. As it stands right
now you need to use WebWasher (or something similar) to achive this.
pi
Updated•23 years ago
|
Blocks: oncontextmenu
Comment 13•22 years ago
|
||
I would also love to see this preference included under Advanced/Scripts.
Allow scripts to:
[ ] Capture mouse clicks
This checkbox could be cleared, to deny JavaScript the ability to steal mouse
button events (commonly used by sites that don't want their content to be easily
saved by the user).
However, this could lead to an arms race. Sites could make pages whose links
are not provided in any form other than a hardcoded JavaScript click handler.
So it goes.
Here are more examples of a page that uses blocking scripts:
http://www.darkchronicle.co.uk/bo2script.html
Try to click on the right panel. Frustrating, isn't it? Here are the blocking
scripts that it uses:
http://www.darkchronicle.co.uk/bo2script/scripts/text.js
http://www.darkchronicle.co.uk/bo2script/scripts/rclick.js
Assignee | ||
Comment 14•22 years ago
|
||
*** This bug has been marked as a duplicate of 86193 ***
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•