By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,027 Members | 1,088 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,027 IT Pros & Developers. It's quick & easy.

Window.close and Explorer 7 problem!

P: n/a
Hey everyone:)

We have a critical problem, which I can see that other people also has ran
into.
In Internet Explorer 7 it is no longer possible to do a window.close after
opening a window,
without getting a alert message that ask if u want to close the window.
This did NOT happen in Internet Explorer 6, Mozilla firefox or other
browsers.

Here is the code:

<SCRIPT type="text/javascript">

WindowName="";
var left, top;
left = (window.screen.availWidth - 400)/2;
top = (window.screen.availheight - 250)/2;
settings=
"toolbar=no,location=no,directories=no,"+
"status=no,menubar=no,scrollbars=no,"+
"resizable=no, top="+top+", left="+left+", height=250,width=400";

window.open('login.asp?p=ja&<%=Request.Querystring %>',WindowName,settings);

window.opener=self;
window.close();

</SCRIPT>
I have searched for days about this problem and have found the following.

http://www.codeproject.com/useritems...__new_try_.asp

Can anyone get this example to work in IE 7 final?

Does anyone know another way to solve this problem with a hack;)...?
In firefox there is a config file called user.js, where u can set
"allow_scripts_to_close_windows". Is there a file like this in IE 7 or
explorer?

We need to remove the toolbar, like above, with the window.open,
without getting this alert message..

if u can help solve this, i would call u the best programmer in the world;)

sincerly
Jan


Nov 20 '06 #1
Share this Question
Share on Google+
37 Replies


P: n/a
Jan Tovgaard said the following on 11/20/2006 9:45 AM:
Hey everyone:)

We have a critical problem, which I can see that other people also has ran
into.
"critical problem"?
In Internet Explorer 7 it is no longer possible to do a window.close after
opening a window,
Sure it is.
without getting a alert message that ask if u want to close the window.
Yes I can.
This did NOT happen in Internet Explorer 6, Mozilla firefox or other
browsers.
I am not sure I believe that claim.
Here is the code:

<SCRIPT type="text/javascript">

WindowName="";
var left, top;
left = (window.screen.availWidth - 400)/2;
top = (window.screen.availheight - 250)/2;
settings=
"toolbar=no,location=no,directories=no,"+
"status=no,menubar=no,scrollbars=no,"+
"resizable=no, top="+top+", left="+left+", height=250,width=400";

window.open('login.asp?p=ja&<%=Request.Querystring %>',WindowName,settings);
window.open('','_parent','');
window.close();
window.opener=self;
window.close();

</SCRIPT>
I have searched for days about this problem and have found the following.

http://www.codeproject.com/useritems...__new_try_.asp
That's a VB solution with a button to click.
Can anyone get this example to work in IE 7 final?
When IE7 Final comes out maybe. As for now, yes I can.
Does anyone know another way to solve this problem with a hack;)...?
Yes.
In firefox there is a config file called user.js, where u can set
"allow_scripts_to_close_windows". Is there a file like this in IE 7 or
explorer?
No.
We need to remove the toolbar, like above, with the window.open,
without getting this alert message..
Nah, you don't "need" to, you "want" to. Huge difference.
if u can help solve this, i would call u the best programmer in the world;)
Don't call me the best programmer in the world, call me the best JS
hacker in the world that can spell properly.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Nov 20 '06 #2

P: n/a
Jan,

It may help to see the context that the script is in. It looks like
maybe IE thinks you are trying to close the only open window, and as
far as I know, it won't let you do that without a warning (in any
version).

If you have a link to an example I may be able to better determine the
problem.

Nov 20 '06 #3

P: n/a
spamgrabs said the following on 11/20/2006 4:25 PM:
Jan,

It may help to see the context that the script is in.
No it won't.
It looks like maybe IE thinks you are trying to close the only open
window, and as far as I know, it won't let you do that without a
warning (in any version).
It makes no difference if it is "the only open window" or tab. It's
irrelevant. And, yes, I can close IE (any IE4+ version) without a prompt.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Nov 21 '06 #4

P: n/a
Randy Webb wrote:
spamgrabs said the following on 11/20/2006 4:25 PM:
>Jan,

It may help to see the context that the script is in.

No it won't.
>It looks like maybe IE thinks you are trying to close the only open
window, and as far as I know, it won't let you do that without a
warning (in any version).

It makes no difference if it is "the only open window" or tab. It's
irrelevant. And, yes, I can close IE (any IE4+ version) without a prompt.
What's the big deal with a script closing a window it did *not* open?

Is it more the stopping of an annoyance that the prevention of
maliciousness?

I do a fair bit of work for clients who run their pages on a more or
less secure/trusted server and it's getting painful trying to explain
why something that was "safe" only six months ago can't be done today
(on the latest version browsers.)

Andrew Poulos
Nov 21 '06 #5

P: n/a
Andrew Poulos said the following on 11/20/2006 7:59 PM:
Randy Webb wrote:
>spamgrabs said the following on 11/20/2006 4:25 PM:
>>Jan,

It may help to see the context that the script is in.

No it won't.
>>It looks like maybe IE thinks you are trying to close the only open
window, and as far as I know, it won't let you do that without a
warning (in any version).

It makes no difference if it is "the only open window" or tab. It's
irrelevant. And, yes, I can close IE (any IE4+ version) without a prompt.

What's the big deal with a script closing a window it did *not* open?
Two things:

1) It allows a web author to control what toolbars/etc are on the window
instead of it being the users choice.

2) It allows a potentially malicious site to try to imitate a desktop app.
Is it more the stopping of an annoyance that the prevention of
maliciousness?
Both.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Nov 21 '06 #6

P: n/a
>
>We need to remove the toolbar, like above, with the window.open,
without getting this alert message..

Nah, you don't "need" to, you "want" to. Huge difference.

well i must :) So these 2 linies of code u send will not remove the toolbar
and
thats what we need...

so this will unfortunately not solve my problem.:(
Nov 21 '06 #7

P: n/a
Jan Tovgaard said the following on 11/21/2006 2:16 AM:
>>We need to remove the toolbar, like above, with the window.open,
without getting this alert message..
Nah, you don't "need" to, you "want" to. Huge difference.


well i must :) So these 2 linies of code u send will not remove the toolbar
and thats what we need...
I didn't say it would. It closes the active window/tab in IE7 though.
Which *is* what you asked.
so this will unfortunately not solve my problem.:(
That's true. The problem is you feel a need to try to remove my toolbars
without my consent.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Nov 21 '06 #8

P: n/a
Randy Webb wrote:
>>
What's the big deal with a script closing a window it did *not* open?

Two things:

1) It allows a web author to control what toolbars/etc are on the window
instead of it being the users choice.
I don't follow. How does a script that can close a window control
toolbars? In IE you can close a window by pressing Alt+F4, the x button
on the title bar, clicking the icon on the title bar and selecting
close. The web author can't prevent me from closing a window I want
closed (and with a popup blocker there's nothing the web author can do
about it.)
2) It allows a potentially malicious site to try to imitate a desktop app.
Again I don't follow. How can a script that closes a window be malicious?

I'm not trying to be stubborn but I can't see how a script that can
close pages, that came from the same domain as it, be bad.

Andrew Poulos
Nov 21 '06 #9

P: n/a
Randy Webb wrote:
Andrew Poulos said the following on 11/20/2006 7:59 PM:
<snip>
>What's the big deal with a script closing a window it did
*not* open?

Two things:

1) It allows a web author to control what toolbars/etc are on
the window instead of it being the users choice.

2) It allows a potentially malicious site to try to imitate
a desktop app.
<snip>

3) It destroys the user's recent browsing history (their ability to go
back to where they have been using the back button).

That history is data that belongs to the user and no web site should be
allowed to destroy it (much as they should not be allowed to wipe data
stored on the clipboard).

Richard.
Nov 21 '06 #10

P: n/a
Richard Cornford wrote:
Randy Webb wrote:
>Andrew Poulos said the following on 11/20/2006 7:59 PM:
<snip>
>>What's the big deal with a script closing a window it did
*not* open?

Two things:

1) It allows a web author to control what toolbars/etc are on
the window instead of it being the users choice.

2) It allows a potentially malicious site to try to imitate
a desktop app.
<snip>

3) It destroys the user's recent browsing history (their ability to go
back to where they have been using the back button).

That history is data that belongs to the user and no web site should be
allowed to destroy it (much as they should not be allowed to wipe data
stored on the clipboard).
Don't people who use, say, Firefox set it so that it deletes all private
data on exit - so a browsing history is not that important (at least to
them)?

Can you give me a realistically example of malicious (not annoying) way
a web author could use the ability to close a window using javascript
(that was not opened using javascript)?

Andrew Poulos
Nov 21 '06 #11

P: n/a
Andrew Poulos wrote:
Richard Cornford wrote:
<snip>
3) It destroys the user's recent browsing history (their ability to go
back to where they have been using the back button).

That history is data that belongs to the user and no web site should be
allowed to destroy it (much as they should not be allowed to wipe data
stored on the clipboard).

Don't people who use, say, Firefox set it so that it deletes all private
data on exit - so a browsing history is not that important (at least to
them)?
What if they do? If a script closes the window the user did not, it is
the user who should be deciding at which point their data is destroyed.
Can you give me a realistically example of malicious (not annoying) way
a web author could use the ability to close a window using javascript
(that was not opened using javascript)?
What qualifies as malicious? Destroying other people's property sounds
pretty malicious to me.

Richard.

Nov 21 '06 #12

P: n/a
Andrew Poulos said the following on 11/21/2006 3:28 AM:
Randy Webb wrote:
>>>
What's the big deal with a script closing a window it did *not* open?

Two things:

1) It allows a web author to control what toolbars/etc are on the
window instead of it being the users choice.

I don't follow. How does a script that can close a window control
toolbars? In IE you can close a window by pressing Alt+F4, the x button
on the title bar, clicking the icon on the title bar and selecting
close. The web author can't prevent me from closing a window I want
closed (and with a popup blocker there's nothing the web author can do
about it.)
window.open without any toolbars, close the original window. Now, you
have taken my toolbars away from me - against my will.
>2) It allows a potentially malicious site to try to imitate a desktop
app.

Again I don't follow. How can a script that closes a window be malicious?
I'm not trying to be stubborn but I can't see how a script that can
close pages, that came from the same domain as it, be bad.
See above.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Nov 21 '06 #13

P: n/a
Andrew Poulos said the following on 11/21/2006 5:12 AM:
Richard Cornford wrote:
>Randy Webb wrote:
>>Andrew Poulos said the following on 11/20/2006 7:59 PM:
<snip>
>>>What's the big deal with a script closing a window it did
*not* open?

Two things:

1) It allows a web author to control what toolbars/etc are on
the window instead of it being the users choice.

2) It allows a potentially malicious site to try to imitate
a desktop app.
<snip>

3) It destroys the user's recent browsing history (their ability to go
back to where they have been using the back button).

That history is data that belongs to the user and no web site should be
allowed to destroy it (much as they should not be allowed to wipe data
stored on the clipboard).

Don't people who use, say, Firefox set it so that it deletes all private
data on exit - so a browsing history is not that important (at least to
them)?
Mine isn't and it is installed default.
Can you give me a realistically example of malicious (not annoying) way
a web author could use the ability to close a window using javascript
(that was not opened using javascript)?
See my other post. And it depends on your definition of "malicious".
Anybody who tries to force something on me - against my will - is acting
maliciously.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Nov 21 '06 #14

P: n/a
Andrew Poulos wrote:
Randy Webb wrote:

Again I don't follow. How can a script that closes a window be malicious?
Any script of any sort from anyone other than me that buggers about
with my windows and my programmes and my running software is *by
definition* malicious because it is doing things I did not ask it to do.
Nov 21 '06 #15

P: n/a
Richard Cornford wrote:
>Can you give me a realistically example of malicious (not annoying) way
a web author could use the ability to close a window using javascript
(that was not opened using javascript)?

What qualifies as malicious? Destroying other people's property sounds
pretty malicious to me.
The property that you talk about as getting destroyed happens
automatically with most people's browsers. I care as much about the
resilience of my history as I do other temporary files, that is not at
all. Any URL I want remembered I bookmark.

Can you give an example of, say, deleting a bookmark using a script that
closes a window it didn't open?

Andrew Poulos
Nov 21 '06 #16

P: n/a
The Magpie wrote:
Andrew Poulos wrote:
>Randy Webb wrote:

Again I don't follow. How can a script that closes a window be malicious?
Any script of any sort from anyone other than me that buggers about
with my windows and my programmes and my running software is *by
definition* malicious because it is doing things I did not ask it to do.

You don't want a script to be able to close a window that wasn't opened
by a script because you believe it's malicious (in the sense of being
evil in intent) and then provide facetious arguments like it "I did not
ask it" or "it causes the recent browser history to disappear".

I believe there are lots of real-life situations where scripts
manipulating (even closing) windows are not only acceptable but
desirable. If you cannot provide an example where a script closing a
window causes something malicious to happen then so be it.

Andrew Poulos
Nov 21 '06 #17

P: n/a
Andrew Poulos wrote:
Richard Cornford wrote:
>>Can you give me a realistically example of malicious (not
annoying) way a web author could use the ability to close
a window using javascript (that was not opened using
javascript)?

What qualifies as malicious? Destroying other people's
property sounds pretty malicious to me.

The property that you talk about as getting destroyed
happens automatically with most people's browsers.
But it happens when they choose to close their browsers. It is their
data and it is their choice to destroy it, or hang on to it.
I care as much about the resilience of my history as I do
other temporary files, that is not at all.
What you may or may not care about is not a guide to what other people
may care about. I don't care very much about house plants, is it now
reasonable form me to go about pouring herbicide onto those I encounter?
Any URL I want remembered I bookmark.
You bookmark individual google searches?
Can you give an example of, say, deleting a bookmark
using a script that closes a window it didn't open?
Why should I? I have given an example of data belonging to the user that
is destroyed when a script closes a window that it did not open. Just
because it is data you have no use for doesn't make it insignificant to
everyone.

Richard.

Nov 22 '06 #18

P: n/a
Andrew Poulos said the following on 11/21/2006 3:27 PM:
Richard Cornford wrote:
>>Can you give me a realistically example of malicious (not annoying) way
a web author could use the ability to close a window using javascript
(that was not opened using javascript)?

What qualifies as malicious? Destroying other people's property sounds
pretty malicious to me.

The property that you talk about as getting destroyed happens
automatically with most people's browsers. I care as much about the
resilience of my history as I do other temporary files, that is not at
all. Any URL I want remembered I bookmark.
Open your browser.
Go to Google.
Do a search.
Click the #3 article in the search.
Click Back.
Right click the #4 link and open it in a new window.
Close the original window.

That mimics the behavior that is a problem. Your history trail is
destroyed. Now, are you telling me that you bookmark every single web
search you do and re-open it each time some moronic website owner closes
your window? Think about that.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Nov 22 '06 #19

P: n/a
Richard Cornford wrote:
Andrew Poulos wrote:
>Richard Cornford wrote:
>>>Can you give me a realistically example of malicious (not
annoying) way a web author could use the ability to close
a window using javascript (that was not opened using
javascript)?
What qualifies as malicious? Destroying other people's
property sounds pretty malicious to me.
The property that you talk about as getting destroyed
happens automatically with most people's browsers.

But it happens when they choose to close their browsers. It is their
data and it is their choice to destroy it, or hang on to it.
"I closed the browser and it lost my data. How dare it. I didn't tell it
to lose my data. I choose to close the browser window but the browser
lost my data anyway."

My copy of Word prompts me to save unsaved data why doesn't a browser
behave itself.
>I care as much about the resilience of my history as I do
other temporary files, that is not at all.

What you may or may not care about is not a guide to what other people
Just because you disagree doesn't mean that you represent a consensus
opinion.
may care about. I don't care very much about house plants, is it now
reasonable for me to go about pouring herbicide onto those I encounter?
Yes, if those plants were in your house and were poisonous and you had a
young child who was close to learn to walk.
>Any URL I want remembered I bookmark.

You bookmark individual google searches?
Since when is a google search generally considered a URL?
>Can you give an example of, say, deleting a bookmark
using a script that closes a window it didn't open?

Why should I? I have given an example of data belonging to the user that
To show me that it was evil. Anyhow, I didn't think you could give an
example of an evil use of a script closing a window.
is destroyed when a script closes a window that it did not open. Just
because it is data you have no use for doesn't make it insignificant to
everyone.
In the same manner just because you think of windows closed by scripts
as being evil doesn't mean everyone should.

The only data anyone has mentioned is *temporary* data which, if you
don't make a record of, will always be lost when the browser closes.
Yes, it could well be an annoyance but certainly not evil.

Andrew Poulos
Nov 22 '06 #20

P: n/a
Andrew Poulos wrote:
The Magpie wrote:
>Andrew Poulos wrote:
>>Randy Webb wrote:

Again I don't follow. How can a script that closes a window be
malicious?
Any script of any sort from anyone other than me that buggers about
with my windows and my programmes and my running software is *by
definition* malicious because it is doing things I did not ask it to do.
[snip]
I believe there are lots of real-life situations where scripts
manipulating (even closing) windows are not only acceptable but
desirable. If you cannot provide an example where a script closing a
window causes something malicious to happen then so be it.
There are *no* situations where anyone other than me has any right to
do *anything* I did not authorise. I challenge you to provide even
one. I can certainly provide many where it is malicious since the very
definition of something doing an unauthorised thing to my PC is that
it is malicious.
Nov 22 '06 #21

P: n/a
In comp.lang.javascript message <Rp********************@telcove.net>,
Tue, 21 Nov 2006 03:30:01, Randy Webb <Hi************@aol.comwrote:
>
That's true. The problem is you feel a need to try to remove my
toolbars without my consent.
The default assumption in this newsgroup is that questions relate to WWW
pages, primarily written for outsiders to use.

But it is rude to presume that an assumption is necessarily correct.

Some pages are Intranet pages where control of usage may be appropriate.

Some pages, while WWW-accessible, are intended only for usage by a
closed group.

And at least one page has been written entirely to suit the author's
convenience, but put on the Web so that others may copy and adapt it.

It's a good idea to read the newsgroup and its old FAQ. See below.

--
(c) John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v6.05 IE 6
<URL:http://www.jibbering.com/faq/ Old RC FAQ of news:comp.lang.javascript
<URL:http://www.merlyn.demon.co.uk/js-index.htmjscr maths, dates, sources.
<URL:http://www.merlyn.demon.co.uk/TP/BP/Delphi/jscr/&c, FAQ items, links.
Nov 22 '06 #22

P: n/a
Dr J R Stockton said the following on 11/22/2006 9:44 AM:
In comp.lang.javascript message <Rp********************@telcove.net>,
Tue, 21 Nov 2006 03:30:01, Randy Webb <Hi************@aol.comwrote:
>>
That's true. The problem is you feel a need to try to remove my
toolbars without my consent.

The default assumption in this newsgroup is that questions relate to WWW
pages, primarily written for outsiders to use.
And nobody said any different.
But it is rude to presume that an assumption is necessarily correct.
And to say my assumption is incorrect is rude as well.
Some pages are Intranet pages where control of usage may be appropriate.
Which is irrelevant to the question.
Some pages, while WWW-accessible, are intended only for usage by a
closed group.
Which is irrelevant to the question.
And at least one page has been written entirely to suit the author's
convenience, but put on the Web so that others may copy and adapt it.
Which is irrelevant to the question.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Nov 22 '06 #23

P: n/a
The Magpie wrote:
Andrew Poulos wrote:
>The Magpie wrote:
>>Andrew Poulos wrote:
Randy Webb wrote:

Again I don't follow. How can a script that closes a window be
malicious?

Any script of any sort from anyone other than me that buggers about
with my windows and my programmes and my running software is *by
definition* malicious because it is doing things I did not ask it to do.
[snip]
>I believe there are lots of real-life situations where scripts
manipulating (even closing) windows are not only acceptable but
desirable. If you cannot provide an example where a script closing a
window causes something malicious to happen then so be it.
There are *no* situations where anyone other than me has any right to
do *anything* I did not authorise. I challenge you to provide even
one. I can certainly provide many where it is malicious since the very
definition of something doing an unauthorised thing to my PC is that
it is malicious.
Do you mean that if something behaves outside the relative narrow range
of what you believe you ought to have total control over then that
constitutes something necessarily evil in intent? [So if closing windows
was outside your range then, by magic, it would no longer be malicious.]

As for your challenge how do you discount the posters that regularly ask
in this newsgroup about closing a window with script? Do you believe
that none of them could possibly have a valid real-life situation?
Andrew Poulos
Nov 22 '06 #24

P: n/a
Randy Webb wrote:
Dr J R Stockton said the following on 11/22/2006 9:44 AM:
>In comp.lang.javascript message <Rp********************@telcove.net>,
Tue, 21 Nov 2006 03:30:01, Randy Webb <Hi************@aol.comwrote:
>>>
That's true. The problem is you feel a need to try to remove my
toolbars without my consent.

The default assumption in this newsgroup is that questions relate to
WWW pages, primarily written for outsiders to use.

And nobody said any different.
>But it is rude to presume that an assumption is necessarily correct.

And to say my assumption is incorrect is rude as well.
He didn't say your assumption was incorrect but that your automatic
presumption of correctness might be.
>Some pages are Intranet pages where control of usage may be appropriate.

Which is irrelevant to the question.
No it's not. Are you saying that every page in the world should behave
the way you think it should even though you are not part of the intended
audience and nor will you even ever be in a position to view the page?
>Some pages, while WWW-accessible, are intended only for usage by a
closed group.

Which is irrelevant to the question.
No it's not. Are you saying that every page in the world should behave
the way you think it should even though you are not part of the intended
audience?
>And at least one page has been written entirely to suit the author's
convenience, but put on the Web so that others may copy and adapt it.

Which is irrelevant to the question.
No it's not. Are you saying that every page in the world should behave
the way you think it should even though you are not part of the intended
audience?

To go sideways a bit, popup blockers are considered good but when you
get your 100th phone call in a week where a user can't access the
e-learning course they are required to do because they don't realise
that the popup blocker is preventing the LMS from launching the course
then your opinion of popup blockers gets tempered a bit.

Andrew Poulos
Nov 22 '06 #25

P: n/a
Andrew Poulos wrote:
>
Do you mean that if something behaves outside the relative narrow range
of what you believe you ought to have total control over then that
constitutes something necessarily evil in intent? [So if closing windows
was outside your range then, by magic, it would no longer be malicious.]
I mean - and I presumed that I had made it perfectly clear - that the
PC is mine, the software it runs is mine and the effects of that
software are either within the bounds of what I have agreed for it to
do or - by definition - they are not appropriate. Should such software
in any circumstance interfere with what *is* appropriate to my needs
then it is by definition malicious.
>
As for your challenge how do you discount the posters that regularly ask
in this newsgroup about closing a window with script? Do you believe
that none of them could possibly have a valid real-life situation?
When people *open* a window in their code, then their code is
*expected* to close them again when the window is finished. That is
quite different from your request.
Nov 24 '06 #26

P: n/a
The Magpie wrote:
Andrew Poulos wrote:
>Do you mean that if something behaves outside the relative narrow range
of what you believe you ought to have total control over then that
constitutes something necessarily evil in intent? [So if closing windows
was outside your range then, by magic, it would no longer be malicious.]
I mean - and I presumed that I had made it perfectly clear - that the
Are you arguing just for the sake of it?
PC is mine, the software it runs is mine and the effects of that
My guess is that you don't actually own any software. You most likely
have a license to use it - that's all.
software are either within the bounds of what I have agreed for it to
do or - by definition - they are not appropriate. Should such software
So when did MS, MZ or any other browser vendor ask you for permission to
add/remove any software feature whatsoever?
in any circumstance interfere with what *is* appropriate to my needs
So you would also consider any bugs you encountered malicious?
then it is by definition malicious.
Malicious means to be characterised by malice. And malice means that
someone must have the desire to cause injury or a desire to act
wickedly. Closing a window with a script generally is neither and, in
fact, is often desirable (if it a required part of a software spec.)

Just because you don't like something doesn't automatically make it
malicious.
>As for your challenge how do you discount the posters that regularly ask
in this newsgroup about closing a window with script? Do you believe
that none of them could possibly have a valid real-life situation?
When people *open* a window in their code, then their code is
*expected* to close them again when the window is finished. That is
quite different from your request.
Do you believe that no one could possibly ever have a valid real-life
situation?

Andrew Poulos
Nov 24 '06 #27

P: n/a
Andrew Poulos wrote:
Richard Cornford wrote:
>Andrew Poulos wrote:
>>Richard Cornford wrote:

Can you give me a realistically example of malicious (not
annoying) way a web author could use the ability to close
a window using javascript (that was not opened using
javascript)?
What qualifies as malicious? Destroying other people's
property sounds pretty malicious to me.

The property that you talk about as getting destroyed
happens automatically with most people's browsers.

But it happens when they choose to close their browsers.
It is their data and it is their choice to destroy it, or
hang on to it.

"I closed the browser and it lost my data. How dare it.
I didn't tell it to lose my data. I choose to close the
browser window but the browser lost my data anyway."
What relevance is that?
My copy of Word prompts me to save unsaved data why
doesn't a browser behave itself.
Are you saying that a browser should unconditionally prompt the user for
confirmation whenever a script attempts to close a window that was not
opened with a script?
>>I care as much about the resilience of my history
as I do other temporary files, that is not at all.

What you may or may not care about is not a guide to
what other people

Just because you disagree doesn't mean that you represent
a consensus opinion.
Consensus is not relevant when the question is whether or not to take
action that will directly result in the property of others.
>may care about. I don't care very much about house plants,
is it now reasonable for me to go about pouring herbicide
onto those I encounter?

Yes, if those plants were in your house and were poisonous
and you had a young child who was close to learn to walk.
Using herbicides inside a building where small children reside is a
guaranteed way of having to deal with a mother in a state somewhere
between extreme anger and hysteria (a situation where any attempt to
present a justification for that action can only make the situation
worse).

However, can a case be presented which would paint the user's recent
browsing history as in any way hazardous or harmful to that user?
>>Any URL I want remembered I bookmark.

You bookmark individual google searches?

Since when is a google search generally considered a URL?
A page of search results are certainly an item that a user may desire to
return to using their back button. You were the one who proposed using
bookmaking as an alternative mechanism for the back button (and so
making the act of destroying the user's recent browsing history
justified (in some sense). Search results can be bookmarker, but most
would not want to keep them around for longer than one browser session.
>>Can you give an example of, say, deleting a bookmark
using a script that closes a window it didn't open?

Why should I? I have given an example of data belonging
to the user that

To show me that it was evil.
Do I take it that you do not see it as wrong to destroy other people's
property, or that it is no justification to assert that you would have
no purpose for property if it was yours.
Anyhow, I didn't think you could give an
example of an evil use of a script closing a window.
If you don't see destroying the property of other's as morally suspect
then you may never perceive an issue following from any scripted action.
>is destroyed when a script closes a window that it did not
open. Just because it is data you have no use for doesn't
make it insignificant to everyone.

In the same manner just because you think of windows closed
by scripts as being evil doesn't mean everyone should.
I did not say it was evil (and I was not asked to, as you asked for an
example of something that was "malicious" not evil). I happen to think
that it is wrong to destroy other people's property, and I to live in a
country where that position is broadly inline with criminal law
(suggesting that is it a position that is seen as appropriate by
society).
The only data anyone has mentioned is *temporary* data which,
if you don't make a record of, will always be lost when the
browser closes.
The eventual fate of that data is not relevant. The act of destroying it
prevents it from being used in the period between when it is destroyed
and when the user closing their browser would destroy it. That is
precisely the period when the user would use it.
Yes, it could well be an annoyance but certainly not evil.
It may not be evil (it certainly is not comparable to genocide) but
knowingly destroying other people's property without any regard for
their wishes, or the use they may have for that property (or what value
they may place in it), is pretty much definitively malicious.

Richard.
Nov 26 '06 #28

P: n/a
Richard Cornford wrote:

It may not be evil (it certainly is not comparable to genocide) but
knowingly destroying other people's property without any regard for
their wishes, or the use they may have for that property (or what value
they may place in it), is pretty much definitively malicious.

If I put a *big* button in a window with the improbable label

"Click me to close this window. Note that when the window closes you
will lose any and all temporary browser history. Please refer to this
browser's help file, or google for it, to find out more about temporary
browser history before you click this button."

and when clicked it called a script that actually caused the window to
close then all of a sudden the user knows what is going to happen and
all your arguments against scripts closing windows (emotive, irrelevant
and otherwise) are now moot.
Andrew Poulos

PS. water at a higher temperature than, I believe, 104 degrees
Fahrenheit (40 degrees Celsius) can be used as a herbicide.

Nov 26 '06 #29

P: n/a
Andrew Poulos wrote:
Richard Cornford wrote:
>It may not be evil (it certainly is not comparable to genocide)
but knowingly destroying other people's property without any
regard for their wishes, or the use they may have for that
property (or what value they may place in it), is pretty much
definitively malicious.


If I put a *big* button in a window with the improbable label

"Click me to close this window. Note that when the window closes
you will lose any and all temporary browser history. Please refer
to this browser's help file, or google for it, to find out more
about temporary browser history before you click this button."

and when clicked it called a script that actually caused the
window to close then all of a sudden the user knows what is
going to happen and all your arguments against scripts closing
windows (emotive, irrelevant and otherwise) are now moot.
Yes, if the user makes an informed decision to close their browser
window then they have all the responsibility for the consequences.

But the user always has the ability to close the browser whenever they
want (and will be familiar enough with their computer's OS to find and
operate the mechanisms provided) so providing scripted button for the
task is pointless. Allowing a script to close a window only as a direct
result of a user action and otherwise preventing scripts from doing it
maliciously is effort to no purpose. Once the window has a close button
(and can be shut down in numerous other ways) it is easier just to stop
scripts from closing windows that they did not open and leave it at
that.

Richard.
Nov 26 '06 #30

P: n/a
Richard Cornford wrote:
Andrew Poulos wrote:
>Richard Cornford wrote:
>>It may not be evil (it certainly is not comparable to genocide)
but knowingly destroying other people's property without any
regard for their wishes, or the use they may have for that
property (or what value they may place in it), is pretty much
definitively malicious.

If I put a *big* button in a window with the improbable label

"Click me to close this window. Note that when the window closes
you will lose any and all temporary browser history. Please refer
to this browser's help file, or google for it, to find out more
about temporary browser history before you click this button."

and when clicked it called a script that actually caused the
window to close then all of a sudden the user knows what is
going to happen and all your arguments against scripts closing
windows (emotive, irrelevant and otherwise) are now moot.

Yes, if the user makes an informed decision to close their browser
window then they have all the responsibility for the consequences.

But the user always has the ability to close the browser whenever they
want (and will be familiar enough with their computer's OS to find and
operate the mechanisms provided) so providing scripted button for the
task is pointless. Allowing a script to close a window only as a direct
result of a user action and otherwise preventing scripts from doing it
maliciously is effort to no purpose. Once the window has a close button
(and can be shut down in numerous other ways) it is easier just to stop
scripts from closing windows that they did not open and leave it at
that.
A. A script is used to open a new window and the user navigates to other
pages. Then a script closes the window and destroys the user's property.

B. A user closes a window using, say, the x button on the title bar and
they get their property destroyed.

C. A script closes a window it didn't open and the user gets their
property destroyed.

Why is only one considered malicious when all three destroy the user's
property without warning?

Andrew Poulos
Nov 26 '06 #31

P: n/a
VK
Andrew Poulos wrote:
If I put a *big* button in a window with the improbable label
"Click me to close this window. Note that when the window closes you
will lose any and all temporary browser history. Please refer to this
browser's help file, or google for it, to find out more about temporary
browser history before you click this button."
So do you propose to build into UA's an algorithm for searching this
button and if presented then OK on closing? :-) That is an age-old
problem of good intentions and bad intentions and the fact that
JavaScript engine is not God to read them out of your mind. The modern
Web is a "society" acting on the *presumption of guiltiness* - as
opposed to the presumption of innocence anyone used to. This way any
web page is considered as a criminal seeking for any opportunity to rib
off and kill anyone coming close enough. It is the web page duty to
prove that it's not a criminal but a good member of the society (server
certificate, code signing, trusted sites list). Until then anyone is
presumed to be criminal maniac and ok to shoot w/o alert. It is sad but
it is exactly in the way people themselves make it to be over the last
12 years.

In application to "closing window w/o prompt even if you did not open
it": there is not *immediate* security exploits out of it. But regular
users got deadly tired of mf'ers forcing them to stay on the current
page or to close the window. It is an inextinguishable cockroach specie
living in the Internet: out of the first basic knowledge of JavaScript
they try to produce a page locking the visitor on it. First appeared
somewhere back in 1997 they are keep mutating and reproducing.
Thousands and thousands of them are going away each month but thousands
of new coming right away. No insecticides are helping for a long run as
they adapt very quickly. So yes (with your analogy of boiling water as
pesticide) sometimes the house is so infected that the only way is to
burn it out. (where the "house" is in reference to scripted window
closing, not to the Internet :-)

And I don't take too close scream crying of a kind "our Big Corporate
International Solution just got nuked because of it". There are
certificate authorities, HTA, remote administration packs and hell of
other things: so the nuke state (if it is) suggests that everything was
back-a** made on the first place so now it is a great time to re-make
it descently. I'm too long in this business to buy things on pity of
crying :-)

Nov 26 '06 #32

P: n/a
Andrew Poulos said the following on 11/26/2006 5:01 PM:
Richard Cornford wrote:
>Andrew Poulos wrote:
>>Richard Cornford wrote:

It may not be evil (it certainly is not comparable to genocide)
but knowingly destroying other people's property without any
regard for their wishes, or the use they may have for that
property (or what value they may place in it), is pretty much
definitively malicious.

If I put a *big* button in a window with the improbable label

"Click me to close this window. Note that when the window closes
you will lose any and all temporary browser history. Please refer
to this browser's help file, or google for it, to find out more
about temporary browser history before you click this button."

and when clicked it called a script that actually caused the
window to close then all of a sudden the user knows what is
going to happen and all your arguments against scripts closing
windows (emotive, irrelevant and otherwise) are now moot.

Yes, if the user makes an informed decision to close their browser
window then they have all the responsibility for the consequences.

But the user always has the ability to close the browser whenever they
want (and will be familiar enough with their computer's OS to find and
operate the mechanisms provided) so providing scripted button for the
task is pointless. Allowing a script to close a window only as a direct
result of a user action and otherwise preventing scripts from doing it
maliciously is effort to no purpose. Once the window has a close button
(and can be shut down in numerous other ways) it is easier just to stop
scripts from closing windows that they did not open and leave it at
that.
A. A script is used to open a new window and the user navigates to other
pages. Then a script closes the window and destroys the user's property.

B. A user closes a window using, say, the x button on the title bar and
they get their property destroyed.

C. A script closes a window it didn't open and the user gets their
property destroyed.

Why is only one considered malicious when all three destroy the user's
property without warning?
A and C are both malicious. B is not because it is user initiated. Your
same line of reasoning can be applied to popups. Why are some ok and
some are not?

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Nov 26 '06 #33

P: n/a
Andrew Poulos wrote:
The Magpie wrote:
>I mean - and I presumed that I had made it perfectly clear - that the

Are you arguing just for the sake of it?
Far from it. I made a point and it was questioned so I answered the
question raised. Simple.
>
My guess is that you don't actually own any software. You most likely
have a license to use it - that's all.
Your guess is wrong for many reasons.
>
So when did MS, MZ or any other browser vendor ask you for permission to
add/remove any software feature whatsoever?
If features of the product are removed from future versions then that
is their issue. If they are removed from existing and running versions
on my PC without my consent then not only is that malicious but it is,
in fact, a criminal offence.
>
So you would also consider any bugs you encountered malicious?
No, and I made it perfectly clear that that was not what I said at
all. I said - and repeat - that if one piece of software interferes
with another that I choose to run then that interference is malicious.
>
Malicious means to be characterised by malice. [snip]
While correct in etymological terms, in legal terms that is not the
case (malicious: Law. vicious, wanton, or mischievous in motivation or
purpose). In the case of the proposed scrip, it is mischievous at best.
>
Closing a window with a script generally is neither and, in
fact, is often desirable (if it a required part of a software spec.)
Just because you don't like something doesn't automatically make it
malicious.
If it closes part of *its_own* software, then as I already stated I
would agree. However, that is quite clearly *not* the intent of the
original question at all.
>
Do you believe that no one could possibly ever have a valid real-life
situation?
Yes, I do.

The only valid real-life application can be one which is explicitly
intended as a primary part of its function to close windows from other
software. Such applications do exist as part of system security
packages but there are no other legitimate reasons to bugger about
with my running software.
Nov 27 '06 #34

P: n/a
The Magpie wrote:
>Do you believe that no one could possibly ever have a valid real-life
situation?
Yes, I do.

The only valid real-life application can be one which is
Contradicting yourself again?

Andrew Poulos
Nov 27 '06 #35

P: n/a
Andrew Poulos wrote:
The Magpie wrote:
>>Do you believe that no one could possibly ever have a valid real-life
situation?
Yes, I do.

The only valid real-life application can be one which is

Contradicting yourself again?
No, Andrew, and I have not contradicted myself at all. I clearly said
if you note (and had quoted the entire sentence) that it would be
valid *only* if I had chosen the software with the *specific* intent
that it could close other windows.

Which - of course - is not what you want. Hence your request is and
remains malicious.
Nov 28 '06 #36

P: n/a
The Magpie wrote:
Andrew Poulos wrote:
>The Magpie wrote:
>>>Do you believe that no one could possibly ever have a valid real-life
situation?

Yes, I do.

The only valid real-life application can be one which is
Contradicting yourself again?
No, Andrew, and I have not contradicted myself at all. I clearly said
if you note (and had quoted the entire sentence) that it would be
valid *only* if I had chosen the software with the *specific* intent
that it could close other windows.
Hmm, let's see. I asked about the possibility of a valid real-life
situation. You replied "no" and then proceeded to provide one (which
makes it a "yes"). You now claim that this is not self contradictory.
You win, I give up!

Andrew Poulos

Nov 29 '06 #37

P: n/a
Andrew Poulos wrote:
>
Hmm, let's see. I asked about the possibility of a valid real-life
situation. You replied "no" and then proceeded to provide one (which
makes it a "yes"). You now claim that this is not self contradictory.
You win, I give up!
Oh, for goodness sake, Andrew! You asked for a valid situation in
which a script should close other application windows *without*
explicit permission. I gave you the *only* valid example as being one
where it is *explicitly* given permission. Surely you can see the
difference between the two!
Nov 29 '06 #38

This discussion thread is closed

Replies have been disabled for this discussion.