Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
  1. #1
    New Coder
    Join Date
    Mar 2006
    Posts
    67
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question avoid popup window when closing explorer

    i have this line of code to close an explorer window:

    Code:
    <form><input type="button" value="Close Window" onclick="javascript:window.close();" /></form>
    it works, but when the button is clicked, a popup window comes up asks me to confirm close. is there a way that i can close a window without getting the confirmation message?
    Achievement provides the only real pleasure in life.

  • #2
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,158
    Thanks
    203
    Thanked 2,548 Times in 2,526 Posts
    You can't close a window that you did not open with Javascript. This is a security issue.

  • #3
    New Coder
    Join Date
    Mar 2006
    Posts
    67
    Thanks
    0
    Thanked 0 Times in 0 Posts
    thx philip
    Achievement provides the only real pleasure in life.

  • #4
    Senior Coder
    Join Date
    Feb 2003
    Posts
    1,665
    Thanks
    0
    Thanked 27 Times in 25 Posts
    Quote Originally Posted by Philip M
    You can't close a window that you did not open with Javascript. This is a security issue.
    Whilst it is/was possible, the 'security issue' is something I've never heard fully (read: convincingly) explained.

    Thinks back to…
    www.sitepoint.com/forums/showthread.php?t=69983

  • #5
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,158
    Thanks
    203
    Thanked 2,548 Times in 2,526 Posts
    Quote Originally Posted by Bill Posters
    Whilst it is/was possible, the 'security issue' is something I've never heard fully (read: convincingly) explained.

    Thinks back to…
    www.sitepoint.com/forums/showthread.php?t=69983

    You have obviously considered this in great depth, but the fact is that whether or not the reasoning about security is correct most browsers do not allow you to close window that you have not opened with Javascript.

    Personally I found a post from the thread you mention to be perfectly convincing:-

    -------------------------------------------------------------------------
    Users become suspicious and distrustful of software that do things behind their back - spyware apps that track user movements or send private documents back to HQ, ActiveX controls that install themselves and reconfigure your dialup networking settings (rerouting your calls through a $10/min phone line in Russia), and software that "phones home" to check your serial or for updates without asking...

    Browsers, being windows into the WWW need to be trusted by the user, and protect him and his computer from malicious software, so there is a standard security model which is designed to do just that, and restrict JavaScripts from doing certain things - for example, scripts aren't able to change your homepage URL without causing a user prompt, nor can they add themselves as a favourite without asking.

    Another of these restrictions is to prevent windows from closing windows that they haven't opened themselves. This is because it is assumed that if a script within a given window opens a new window, it is safe for it to close it again. However, if scripts had the abiity to close other windows which it had not itself opened, then there are many ways that this behaviour could be exploited to annoy the user.

    Here's a couple off the top of my head...
    1) A page could close all other windows apart from itself

    2) A page on one company's web site could close any windows which contained its competitors' web sites

    3) A malicious popup could use the onMouseOver event to spawn a new copy of itself somewhere else on the screen when a user moved over it and then close itself down, thereby evading a novice user's attempts to close it down (you could of course still close it via the taskbar).


    Now I'm not saying that this is a MAJOR, life threatening vulnerability that could be exploited to actually cause harm to a user's PC, but it could be used to bring about events that would irritate the user, and possibly affect the user's enjoyment of other web sites. It simply would be (and currently is) one more tool in the malicious coder's armoury...

    -----------------------------------------------------------------------

  • #6
    Senior Coder
    Join Date
    Feb 2006
    Location
    USA
    Posts
    1,013
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Philip, I don't think points 1 or 2 from that quote would be a problem because windows can't access other windows unless they have a direct parent/child relationship or, maybe, if two windows had the same parent.

    I think an unlimited window.close() has more chance of causing confusion and being annoying than being a real security threat.

    P.S. Philip, why didn't you use [quote][/quote]?
    Learn CSS. | SSI | PHP includes | X/HTML Validator | CSS validator | Dynamic Site Solutions
    Java != JavaScript && JScript != JavaScript
    Design/program for Firefox (and/or Opera), apply fixes for IE, not the other way around.

  • #7
    Senior Coder
    Join Date
    Feb 2003
    Posts
    1,665
    Thanks
    0
    Thanked 27 Times in 25 Posts
    Quote Originally Posted by Philip M
    The point I made about Mac in the linked thread still stands.
    Of the many hundreds of thousands of pages I've visited over the years, I don't ever recall encountering a site which has used this effect in a way that I'd consider a threat.
    Macs don't seem to be any less 'secure' as a result of not having this thing in place, so, to me, the argument that using scripting to simply close the last window is a security threat does seem a little ridiculous.

    Like I say, it's a usability 'pest' at worst, so selling it as a security issue is, imho, significantly over-dramatising it.
    There are plenty of other nefarious practices to which modern browsers - and IE/Win more than most - are still open. But the closing window situation should be judged and dealt with in the same way that those are. If a site does something which you don't like, don't go there again (or install an extension/add-on which targets it and prevents it).
    (I presume we're not comparing closing a window to installing a virus/trojun/keylogger/etc…)

    The argument about things going on 'behind out backs' isn't really complete. Browsers/sites do a great many things without or explicit knowledge or agreement. They can record our IP, they can record a plethora of details about our UA. They can store information about our browsing habits. They can store settings on our computers.
    Sites do with all the time, always 'behind our backs', so the argument that 'behind our backs' is necessarily bad is neither reasonable nor accurate.

    We've lived through more 'annoying' site behaviour than this without needing to resort to fundamentially rewiring the browser itself. When it comes to this sort of limited appeal and application practice, it should be for users to decide what sites can and cannot do without throwing alerts up, not browser developers.

    It simply smacks of an excessive response to an over-stated 'threat'.

  • #8
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,158
    Thanks
    203
    Thanked 2,548 Times in 2,526 Posts
    The question was
    "Is there a way that I can close a window without getting the confirmation message?"

    You feel that "it should be for users to decide what sites can and cannot do without throwing alerts up, not browser developers. It simply smacks of an excessive response to an over-stated 'threat'." I am sure that you are perfectly right. But again, that is the actual situation. Whether or not it ought to be so is just not relevant to the questioner's needs. He is not a browser developer, and is probably not too interested in the theory or concepts of browser development. He just wants a sensible answer to his question.

  • #9
    Senior Coder
    Join Date
    Feb 2003
    Posts
    1,665
    Thanks
    0
    Thanked 27 Times in 25 Posts
    Quote Originally Posted by Philip M
    The question was
    "Is there a way that I can close a window without getting the confirmation message?"

    You feel that "it should be for users to decide what sites can and cannot do without throwing alerts up, not browser developers. It simply smacks of an excessive response to an over-stated 'threat'." I am sure that you are perfectly right. But again, that is the actual situation. Whether or not it ought to be so is just not relevant to the questioner's needs. He is not a browser developer, and is probably not too interested in the theory or concepts of browser development. He just wants a sensible answer to his question.
    He got that in the first response. From that point on it became about the theory and concepts - a tangent which you yourself willingly walked along as well

    …just in case you were pointing the finger.


    Don't be in a hurry to dismiss idealist chatter. It's where the seeds of new ideas take root.
    It's also a little presumptuous to say what the OP probably is or isn't interested in. 65 posts on a web development forum (incl. queries about js, CSS, PHP and MySQL) tell me that s/he may actually have an interest in web dev and anyone dealing with web dev should ideally be familiar with these issues surrounding browsers.
    Besides, sometimes the tangents are the most interesting part of an exchange.

    More people have an interest in "the theory or concepts of browser development" than you might think. I'd say anyone using FF, certainly those who've switched to FF from IE, including a significant number of 'home users', did so because they have an interest and a certain level of understanding of how browsers are made and how they should be made, though their interest and understanding may not be formal.

    Anyhoo…

  • #10
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,158
    Thanks
    203
    Thanked 2,548 Times in 2,526 Posts
    "Besides, sometimes the tangents are the most interesting part of an exchange. " Yes, I agree entirely and quite see your point.

    I am afraid that I tend to the practical - like Wackford Squeers I think that 'window' is spelled w-i-n-d-e-r - now go and clean it!
    Remember Voltaire.....? My skill is taking others' ideas and making them work (I do not claim to have ever had any original ideas myself). I also believe that I am a good teacher. This is because I am often only a few pages ahead of the class, meaning that I really do have to understand the subject myself and not just rely on regurgitating what I learned years ago and have never re-examined since. (Not pointing any finger!)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •