Andrew said:
Zifud said:
Andrew said:
Randy Webb wrote:
[...]
I'm glad I'm not one of those overly arty types who spend weeks and
weeks hand-crafting a design (because that's what they and their
users want/need/expect/pay for) only to have it "spoilt" it by the
inadvertent resizing of the page (causing scrollbars to appear...)
Scrollbars are not a defect, an illness to a window; quite on the
contrary. You should enable them if content overflows window dimensions;
you should not disable them when creating a secondary (script-initiated)
window.
Thank you for the usability lesson.
Sorry there but the major browser manufacturers are no longer waiting
and expecting amateur web authors to understand (basic usability lesson)
that removing the statusbar and disabling window resizability is a very
bad thing. XP Pro SP2 now forces statusbar on all script-initiated
windows, period. Opera 7.x gives entire veto power to its users to force
status bar presence. Firefox 1.0 default setting is to force statusbar,
notwithstanding giving too entire veto power to its users regarding
window toolbars presence and window funtionalities (scrollbars if
needed, resizability, modality, dependence, system command icons, etc.).
Wouldn't it have been more
appropriate for you to say something like "the default settings of FF
prevent code access to the visibility of the statusbar and, at any rate,
I believe that it is generally bad to control a user's browser
experience in this way"?
[snipped]
People in this newsgroup have been saying that for years and browser
manufacturers have listened, have understood and have echoed loud and
clear their demands. Many security hacks and exploits first start with
removing the statusbar.
Let me rephrase the question, so what does the
visibility of the statusbar in FF have to do with whether or not the
user can resize the window?
There is a window resizing grippy at the right end of the
Firefox/Mozilal statusbar.
I'm trying to learn about the application, that's why I'm asking
questions.
Mozilla and Firefox users can force all windows to be easily resizable
by setting
dom.disable_window_open_feature.resizable
to true in about:config or in their user.js file.
Though I did not note anywhere in the press release that FF
prevented certain scripts from running:
<url:
http://www.mozilla.org/products/firefox> but it does say that it's
a "Developers Best Friend".
Andrew Poulos
in MSIE 6 for XP SP2: "For windows opened using window.open():
Expect the status bar to be present, and code for it. The status bar
will be on by default and is 20-25 pixels in height. (...)" taken from
Fine-Tune Your Web Site for Windows XP Service Pack 2, Browser Window
Restrictions in XP SP2
http://msdn.microsoft.com/security/...ary/en-us/dnwxp/html/xpsp2web.asp#xpsp_topic5
"(...) windows that are created using the window.open() method can be
called by scripts and used to spoof a user interface or desktop or to
hide malicious information or activity by sizing the window so that the
status bar is not visible.
Internet Explorer windows provide visible security information to the
user to help them ascertain the source of the Web page and the security
of the communication with that page. When these elements are not in
view, the user might think they are on a more trusted page or
interacting with a system process when they are actually interacting
with a malicious host. (...)
Script-initiated windows will be displayed fully, with the Internet
Explorer title bar and status bar. (...)
Script management of Internet Explorer status bar
Detailed description
Internet Explorer has been modified to not turn off the status bar for
any windows. The status bar is always visible for all Internet Explorer
windows. (...) Without this change, windows that are created using the
window.open() method can be called by scripts and spoof a user interface
or desktop or hide malicious information or activity by hiding important
elements of the user interface from the user.
The status bar is a security feature of Internet Explorer windows that
provides Internet Explorer security zone information to the user. This
zone cannot be spoofed (...)" taken from Changes to Functionality in
Microsoft Windows XP Service Pack 2, Internet Explorer Window Restrictions
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2brows.mspx#ECAA
DU