Have you ever noticed how some popup windows seem to hide all the toolbars you're used to seeing in your web browser? That's because JavaScript's window.open() method gives developers a great deal of control over the look of their new window. Sometimes this feature is used correctly by a website to provide a clean interface, but it can be used maliciously as well.
For example, let's say that on a certain bank's website, clicking Login opens a new window for you to check your balance, make transfers, and pay bills. The popup code hides the address bar to make the user experience more sleek. Now suppose the website gets hacked, and the attacker changes the popup code to point to his web server. The login prompt looks exactly the same, but now your password is being sent to a criminal instead of to the bank. Congratulations, you're broke.
Internet Explorer turned this on by default in version 7. Users can disable it through the program's settings if they choose, but websites can't force it to hide under the default settings. This is a good thing, and I'm surprised Firefox hasn't followed suit.
You can enable this feature manually in Firefox by opening a new tab and typing about:config in the location bar. This is the command and control center of Firefox, and it's possible to break things if you're reckless, so click with care. The filter bar at the top of the page lets you quickly navigate the hundreds of internal Firefox settings. You are looking for dom.disable_window_open_feature.location. I found that just typing location narrowed the list down enough to find it. Double click on the entry in the list so the Value becomes true. That's it.
Other components you can force to always display.
Now when you open a popup, the URL will always display, even if the web developer intended to disable it.
The location bar will always display now.
The additional security of knowing where you are more than outweighs the drawback of a slightly messier user interface.
Don't drive at night with your lights off.
1 comment:
Nice useful post. however needs some more information regarding that to make it quite clear for those who are unaware of such things. thanks for this valuable post.
Post a Comment