stackoom
  简体   繁体   中英

How can a browser be unable to block pop-ups?

 原文  2021-01-08 10:23:41       javascript

Question

I'm using firefox v84 (latest atm) and i also have ublock installed. Firefox is set to block popups in it's settings, but i still get them (although rarely) from some sites. They pop up as very small windows at the corner of the screen. Sometimes it shows "firefox blocked popup", sometimes it doesn't. I remember reading about javascript trickery to somehow create popup windows even though it's blocked in the browser (so somehow it's still possible).

Anyways, my main question is, how can a browser not be able to block the popups? I'm a programmer myself and i know that, for example, in windows environment, if you want to create a window, you need to call the windows api, and relevant functions (CreateWindowEx etc) to do that (even if you don't do it explicitly, that's what happens under the hood). Browser is also responsible for reading parsing and executing the javascript code. So just simply do NOT call the CreateWindow function, it should be that easy, is it not? Why is this still a problem, and why can't browser developers solve this?

1 answers

solution1
 1 ACCPTED  2021-01-08 11:09:22

Popups opened by the browser can (mainly and basically) be of 2 types:

  • Explicit javascript call to window.open
  • Implicit link with a target specified (ie: _blank )

If you simply block both, then many legitimate websites will no longer work, for example (but not limited to) when using an OAuth mechanism to login.

There are some patterns and rules that can be detected by the browser and the plugins to attempt blocking illegitimate popups. Example: the browser will block automatically any window.open that is not directly triggered by a user interaction (click on a button).

There starts the cat and mouse game with people trying to circumvent known limitations and create inventive scenarios to force a popup to happen. Plugins in turn will try to catch those mechanisms and provide an updated detection behavior,...

One common technique is indeed to combine the 2 popup methods and provide indirect page browsing. Example:

<a href="legit_page.html" target="_blank" onclick="location.href=other_page.html">

This code will open a legitimate popup and the code inside the legitimate page will then redirect to an illegitimate site once the popup is already open while at the same time, navigating the current page to another legitimate page.

You will notice this behavior on most sites that continue to have popups. It happens on user interactions (click on a link or button,...) and browse to another page and at the same time open the popup.

There is no accurate way of detecting whether or not the popup is legitimate in this case, except manual exceptions and URL block lists,...

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I check whether or not pop-ups are allowed to show in client's browser? How to solve this problem with pop-ups in Leaflet How can I add Vanilla JS to my react app to create Image Modal pop-ups? Problems with pop-ups in JavaScript Modal pop-ups flashing to the side of the screen. How can I fix this? JSF Pop-ups; can I set their location? Keeping Pop-ups in viewport QWebView allow pop-ups? Multiple pop-ups with blur how to make something similar to what kissmetrics does with their pop-ups?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM