Window.close and Explorer 7 problem!

[Jan Tovgaard]

Hey everyone

We have a critical problem, which I can see that other people also has ran
into.
In Internet Explorer 7 it is no longer possible to do a window.close after
opening a window,
without getting a alert message that ask if u want to close the window.
This did NOT happen in Internet Explorer 6, Mozilla firefox or other
browsers.

Here is the code:

<SCRIPT type="text/javascript">

WindowName="";
var left, top;
left = (window.screen.availWidth - 400)/2;
top = (window.screen.availheight - 250)/2;
settings=
"toolbar=no,location=no,directories=no,"+
"status=no,menubar=no,scrollbars=no,"+
"resizable=no, top="+top+", left="+left+", height=250,width=400";

window.open('login.asp?p=ja&<%=Request.Querystring%>',WindowName,settings);

window.opener=self;
window.close();

</SCRIPT>


I have searched for days about this problem and have found the following.

http://www.codeproject.com/useritems/Immediate_Close__new_try_.asp

Can anyone get this example to work in IE 7 final?

Does anyone know another way to solve this problem with a hack...?
In firefox there is a config file called user.js, where u can set
"allow_scripts_to_close_windows". Is there a file like this in IE 7 or
explorer?

We need to remove the toolbar, like above, with the window.open,
without getting this alert message..

if u can help solve this, i would call u the best programmer in the world

sincerly
Jan

 

[Randy Webb]

Jan Tovgaard said the following on 11/20/2006 9:45 AM:

Hey everyone

We have a critical problem, which I can see that other people also has ran
into.

"critical problem"?

In Internet Explorer 7 it is no longer possible to do a window.close after
opening a window,

Sure it is.

without getting a alert message that ask if u want to close the window.

Yes I can.

This did NOT happen in Internet Explorer 6, Mozilla firefox or other
browsers.

I am not sure I believe that claim.

Here is the code:

<SCRIPT type="text/javascript">

WindowName="";
var left, top;
left = (window.screen.availWidth - 400)/2;
top = (window.screen.availheight - 250)/2;
settings=
"toolbar=no,location=no,directories=no,"+
"status=no,menubar=no,scrollbars=no,"+
"resizable=no, top="+top+", left="+left+", height=250,width=400";

window.open('login.asp?p=ja&<%=Request.Querystring%>',WindowName,settings);
window.open('','_parent','');
window.close();

window.opener=self;
window.close();

</SCRIPT>


I have searched for days about this problem and have found the following.

http://www.codeproject.com/useritems/Immediate_Close__new_try_.asp

That's a VB solution with a button to click.

Can anyone get this example to work in IE 7 final?

When IE7 Final comes out maybe. As for now, yes I can.

Does anyone know another way to solve this problem with a hack...?
Yes.

In firefox there is a config file called user.js, where u can set
"allow_scripts_to_close_windows". Is there a file like this in IE 7 or
explorer?
No.

We need to remove the toolbar, like above, with the window.open,
without getting this alert message..

Nah, you don't "need" to, you "want" to. Huge difference.

if u can help solve this, i would call u the best programmer in the world

Don't call me the best programmer in the world, call me the best JS
hacker in the world that can spell properly.

 

[Guest]

Jan,

It may help to see the context that the script is in. It looks like
maybe IE thinks you are trying to close the only open window, and as
far as I know, it won't let you do that without a warning (in any
version).

If you have a link to an example I may be able to better determine the
problem.

 

[Randy Webb]

spamgrabs said the following on 11/20/2006 4:25 PM:

Jan,

It may help to see the context that the script is in.

No it won't.

It looks like maybe IE thinks you are trying to close the only open
window, and as far as I know, it won't let you do that without a
warning (in any version).

It makes no difference if it is "the only open window" or tab. It's
irrelevant. And, yes, I can close IE (any IE4+ version) without a prompt.

 

[Andrew Poulos]

spamgrabs said the following on 11/20/2006 4:25 PM:

No it won't.


It makes no difference if it is "the only open window" or tab. It's
irrelevant. And, yes, I can close IE (any IE4+ version) without a prompt.

What's the big deal with a script closing a window it did *not* open?

Is it more the stopping of an annoyance that the prevention of
maliciousness?

I do a fair bit of work for clients who run their pages on a more or
less secure/trusted server and it's getting painful trying to explain
why something that was "safe" only six months ago can't be done today
(on the latest version browsers.)

Andrew Poulos

 

[Randy Webb]

Andrew Poulos said the following on 11/20/2006 7:59 PM:

What's the big deal with a script closing a window it did *not* open?

Two things:

1) It allows a web author to control what toolbars/etc are on the window
instead of it being the users choice.

2) It allows a potentially malicious site to try to imitate a desktop app.

Is it more the stopping of an annoyance that the prevention of
maliciousness?

Both.

 

[Jan Tovgaard]

Nah, you don't "need" to, you "want" to. Huge difference.

well i must So these 2 linies of code u send will not remove the toolbar
and
thats what we need...

so this will unfortunately not solve my problem.

 

[Andrew Poulos]

Two things:

1) It allows a web author to control what toolbars/etc are on the window
instead of it being the users choice.

I don't follow. How does a script that can close a window control
toolbars? In IE you can close a window by pressing Alt+F4, the x button
on the title bar, clicking the icon on the title bar and selecting
close. The web author can't prevent me from closing a window I want
closed (and with a popup blocker there's nothing the web author can do
about it.)

2) It allows a potentially malicious site to try to imitate a desktop app.

Again I don't follow. How can a script that closes a window be malicious?

I'm not trying to be stubborn but I can't see how a script that can
close pages, that came from the same domain as it, be bad.

Andrew Poulos

 

[Randy Webb]

Jan Tovgaard said the following on 11/21/2006 2:16 AM:

well i must So these 2 linies of code u send will not remove the toolbar
and thats what we need...

I didn't say it would. It closes the active window/tab in IE7 though.
Which *is* what you asked.

so this will unfortunately not solve my problem.

That's true. The problem is you feel a need to try to remove my toolbars
without my consent.

 

[Richard Cornford]

Andrew Poulos said the following on 11/20/2006 7:59 PM:
*not* open?

Two things:

1) It allows a web author to control what toolbars/etc are on
the window instead of it being the users choice.

2) It allows a potentially malicious site to try to imitate
a desktop app.

<snip>

3) It destroys the user's recent browsing history (their ability to go
back to where they have been using the back button).

That history is data that belongs to the user and no web site should be
allowed to destroy it (much as they should not be allowed to wipe data
stored on the clipboard).

Richard.

 

[Andrew Poulos]

<snip>

3) It destroys the user's recent browsing history (their ability to go
back to where they have been using the back button).

That history is data that belongs to the user and no web site should be
allowed to destroy it (much as they should not be allowed to wipe data
stored on the clipboard).

Don't people who use, say, Firefox set it so that it deletes all private
data on exit - so a browsing history is not that important (at least to
them)?

Can you give me a realistically example of malicious (not annoying) way
a web author could use the ability to close a window using javascript
(that was not opened using javascript)?

Andrew Poulos

 

[Richard Cornford]

Richard Cornford wrote:

Don't people who use, say, Firefox set it so that it deletes all private
data on exit - so a browsing history is not that important (at least to
them)?

What if they do? If a script closes the window the user did not, it is
the user who should be deciding at which point their data is destroyed.

Can you give me a realistically example of malicious (not annoying) way
a web author could use the ability to close a window using javascript
(that was not opened using javascript)?

What qualifies as malicious? Destroying other people's property sounds
pretty malicious to me.

Richard.

 

[Randy Webb]

Andrew Poulos said the following on 11/21/2006 3:28 AM:

I don't follow. How does a script that can close a window control
toolbars? In IE you can close a window by pressing Alt+F4, the x button
on the title bar, clicking the icon on the title bar and selecting
close. The web author can't prevent me from closing a window I want
closed (and with a popup blocker there's nothing the web author can do
about it.)

window.open without any toolbars, close the original window. Now, you
have taken my toolbars away from me - against my will.

Again I don't follow. How can a script that closes a window be malicious?
I'm not trying to be stubborn but I can't see how a script that can
close pages, that came from the same domain as it, be bad.

See above.

 

[The Magpie]

Randy Webb wrote:

Again I don't follow. How can a script that closes a window be malicious?

Any script of any sort from anyone other than me that buggers about
with my windows and my programmes and my running software is *by
definition* malicious because it is doing things I did not ask it to do.

 

[Andrew Poulos]

What qualifies as malicious? Destroying other people's property sounds
pretty malicious to me.

The property that you talk about as getting destroyed happens
automatically with most people's browsers. I care as much about the
resilience of my history as I do other temporary files, that is not at
all. Any URL I want remembered I bookmark.

Can you give an example of, say, deleting a bookmark using a script that
closes a window it didn't open?

Andrew Poulos

 

[Andrew Poulos]

Any script of any sort from anyone other than me that buggers about
with my windows and my programmes and my running software is *by
definition* malicious because it is doing things I did not ask it to do.

You don't want a script to be able to close a window that wasn't opened
by a script because you believe it's malicious (in the sense of being
evil in intent) and then provide facetious arguments like it "I did not
ask it" or "it causes the recent browser history to disappear".

I believe there are lots of real-life situations where scripts
manipulating (even closing) windows are not only acceptable but
desirable. If you cannot provide an example where a script closing a
window causes something malicious to happen then so be it.

Andrew Poulos

 

[Richard Cornford]

The property that you talk about as getting destroyed
happens automatically with most people's browsers.

But it happens when they choose to close their browsers. It is their
data and it is their choice to destroy it, or hang on to it.

I care as much about the resilience of my history as I do
other temporary files, that is not at all.

What you may or may not care about is not a guide to what other people
may care about. I don't care very much about house plants, is it now
reasonable form me to go about pouring herbicide onto those I encounter?

Any URL I want remembered I bookmark.

You bookmark individual google searches?

Can you give an example of, say, deleting a bookmark
using a script that closes a window it didn't open?

Why should I? I have given an example of data belonging to the user that
is destroyed when a script closes a window that it did not open. Just
because it is data you have no use for doesn't make it insignificant to
everyone.

Richard.

 

[Randy Webb]

Andrew Poulos said the following on 11/21/2006 3:27 PM:

The property that you talk about as getting destroyed happens
automatically with most people's browsers. I care as much about the
resilience of my history as I do other temporary files, that is not at
all. Any URL I want remembered I bookmark.

Open your browser.
Go to Google.
Do a search.
Click the #3 article in the search.
Click Back.
Right click the #4 link and open it in a new window.
Close the original window.

That mimics the behavior that is a problem. Your history trail is
destroyed. Now, are you telling me that you bookmark every single web
search you do and re-open it each time some moronic website owner closes
your window? Think about that.

 

[Andrew Poulos]

But it happens when they choose to close their browsers. It is their
data and it is their choice to destroy it, or hang on to it.

"I closed the browser and it lost my data. How dare it. I didn't tell it
to lose my data. I choose to close the browser window but the browser
lost my data anyway."

My copy of Word prompts me to save unsaved data why doesn't a browser
behave itself.

What you may or may not care about is not a guide to what other people

Just because you disagree doesn't mean that you represent a consensus
opinion.

may care about. I don't care very much about house plants, is it now
reasonable for me to go about pouring herbicide onto those I encounter?

Yes, if those plants were in your house and were poisonous and you had a
young child who was close to learn to walk.

You bookmark individual google searches?

Since when is a google search generally considered a URL?

Why should I? I have given an example of data belonging to the user that

To show me that it was evil. Anyhow, I didn't think you could give an
example of an evil use of a script closing a window.

is destroyed when a script closes a window that it did not open. Just
because it is data you have no use for doesn't make it insignificant to
everyone.

In the same manner just because you think of windows closed by scripts
as being evil doesn't mean everyone should.

The only data anyone has mentioned is *temporary* data which, if you
don't make a record of, will always be lost when the browser closes.
Yes, it could well be an annoyance but certainly not evil.

Andrew Poulos

 

[The Magpie]

Any script of any sort from anyone other than me that buggers about
with my windows and my programmes and my running software is *by
definition* malicious because it is doing things I did not ask it to do.

[snip]
I believe there are lots of real-life situations where scripts
manipulating (even closing) windows are not only acceptable but
desirable. If you cannot provide an example where a script closing a
window causes something malicious to happen then so be it.

There are *no* situations where anyone other than me has any right to
do *anything* I did not authorise. I challenge you to provide even
one. I can certainly provide many where it is malicious since the very
definition of something doing an unauthorised thing to my PC is that
it is malicious.