浏览器如何无法阻止弹出窗口?
[英]How can a browser be unable to block pop-ups?
问题描述
I'm using firefox v84 (latest atm) and i also have ublock installed.
我正在使用 firefox v84(最新的 atm),并且我还安装了 ublock。 Firefox is set to block popups in it's settings, but i still get them (although rarely) from some sites. Firefox 在其设置中设置为阻止弹出窗口,但我仍然从某些站点获得它们(尽管很少)。 They pop up as very small windows at the corner of the screen.它们在屏幕一角弹出非常小的 windows。 Sometimes it shows "firefox blocked popup", sometimes it doesn't.有时它显示“firefox 阻止弹出窗口”,有时它不显示。 I remember reading about javascript trickery to somehow create popup windows even though it's blocked in the browser (so somehow it's still possible).我记得读过关于 javascript 的诡计,以某种方式创建弹出窗口 windows,即使它在浏览器中被阻止(所以它仍然有可能)。
Anyways, my main question is, how can a browser not be able to block the popups?无论如何,我的主要问题是,浏览器如何无法阻止弹出窗口? I'm a programmer myself and i know that, for example, in windows environment, if you want to create a window, you need to call the windows api, and relevant functions (CreateWindowEx etc) to do that (even if you don't do it explicitly, that's what happens under the hood). I'm a programmer myself and i know that, for example, in windows environment, if you want to create a window, you need to call the windows api, and relevant functions (CreateWindowEx etc) to do that (even if you don'不要明确地这样做,这就是幕后发生的事情)。 Browser is also responsible for reading parsing and executing the javascript code.浏览器还负责读取解析并执行 javascript 代码。 So just simply do NOT call the CreateWindow function, it should be that easy, is it not?所以只是简单地不要调用 CreateWindow function,它应该很容易,不是吗? Why is this still a problem, and why can't browser developers solve this?为什么这仍然是一个问题,为什么浏览器开发人员不能解决这个问题?
1 个解决方案
解决方案1
1 已采纳 2021-01-08 11:09:22
Popups opened by the browser can (mainly and basically) be of 2 types:浏览器打开的弹出窗口可以(主要和基本上)有两种类型:
- Explicit javascript call to
window.open对window.open的显式 javascript 调用 - Implicit link with a
targetspecified (ie:_blank)与指定target的隐式链接(即:_blank)
If you simply block both, then many legitimate websites will no longer work, for example (but not limited to) when using an OAuth mechanism to login.如果你只是简单地阻止两者,那么许多合法网站将不再工作,例如(但不限于)使用 OAuth 机制登录时。
There are some patterns and rules that can be detected by the browser and the plugins to attempt blocking illegitimate popups.浏览器和插件可以检测到一些模式和规则,以尝试阻止非法弹出窗口。 Example: the browser will block automatically any window.open that is not directly triggered by a user interaction (click on a button).示例:浏览器将自动阻止任何不是由用户交互(单击按钮)直接触发的window.open 。
There starts the cat and mouse game with people trying to circumvent known limitations and create inventive scenarios to force a popup to happen.人们开始了猫捉老鼠的游戏,人们试图规避已知的限制并创造创造性的场景来迫使弹出窗口发生。 Plugins in turn will try to catch those mechanisms and provide an updated detection behavior,...插件反过来会尝试捕捉这些机制并提供更新的检测行为,...
One common technique is indeed to combine the 2 popup methods and provide indirect page browsing.一种常见的技术确实是结合这两种弹出方法并提供间接页面浏览。 Example:例子:
<a href="legit_page.html" target="_blank" onclick="location.href=other_page.html">
This code will open a legitimate popup and the code inside the legitimate page will then redirect to an illegitimate site once the popup is already open while at the same time, navigating the current page to another legitimate page.此代码将打开一个合法的弹出窗口,并且一旦弹出窗口已经打开,合法页面内的代码将重定向到一个非法站点,同时将当前页面导航到另一个合法页面。
You will notice this behavior on most sites that continue to have popups.您会在大多数继续有弹出窗口的网站上注意到这种行为。 It happens on user interactions (click on a link or button,...) and browse to another page and at the same time open the popup.它发生在用户交互中(单击链接或按钮,...)并浏览到另一个页面并同时打开弹出窗口。
There is no accurate way of detecting whether or not the popup is legitimate in this case, except manual exceptions and URL block lists,...在这种情况下,没有准确的方法来检测弹出窗口是否合法,除了手动异常和 URL 阻止列表,...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.