MSIE 7 forces the presence of the Address Bar by default: "We think the
address bar is also important for users to see in pop-up windows. A
missing address bar creates a chance for a fraudster to forge an address
of their own.
To help thwart that, IE7 will show the address bar on all
internet windows to help users see where they are."
http://blogs.msdn.com/ie/archive/2005/11/21.aspx
Mozilla.org also intends to soon force the presence of the Location Bar
in Firefox 2:
Bug 337344: Change default dom.disable_window_open_feature.location to true
https://bugzilla.mozilla.org/show_bug.cgi?id=337344
Any Mozilla-based browsers (Firefox 1.x, Seamonkey, NS 7.x, K-meleon
1.x, etc) can force the presence of location bar with the user setting
the dom.disable_window_open_feature.location property value to true
Gérard Talbot said:MSIE 7 forces the presence of the Address Bar by default: "We think the
address bar is also important for users to see in pop-up windows. A
missing address bar creates a chance for a fraudster to forge an address
of their own.
Mozilla.org also intends to soon force the presence of the Location Bar
in Firefox 2:
In my case, the parent and the popup are both from the same webserver,
but the parent uses https and the popup doesn't!
(It's a dojo application, and I thought using http instead of https
would save downloading!)
So are you saying if they are both using https, then the location bar
goes away?
I've noticed if I use a localhost http server, then there are no
location bars in popups, but if I use a remote server somewhere on my
domain, then the location bars appear. This tells me there are some
situations where IE7 does not see a need for location bar display
forcing and I just wonder what all those types of configurations are.
For example, why force display of the location bar if both URLs are
from the same domain? (opener window, popup window) This seems
absolutely pointless to me. If it's anti-phishing, then it should
force display when the domains or the servers do not match.
For another example, XmlHttp does not allow comm between two different
servers on the same domain, as a security precaution (over zealous in
my mind, why not just limit the same as the browser, to one domain?).
This seems like a situation where the user might want to know that two
different servers are being used to feed the parent and the popup, and
therefor the location bar is displayed. But not if they both are
served from the same http server machine and port, then why bother?
jeff papineau
surfyogiATgmailDOTcom
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.