unUnload and beforeUnload Javascript events enable malicious site actions, should be completely disabled permanently
Reported by
anonymou...@gmail.com,
Jul 26 2016
|
||||||
Issue descriptionWhat steps will reproduce the problem? (1) Start filling out a form on any page (2) Attempt to navigate away from page (3) "Are you sure you want to leave this page?" popup appears What is the expected result? I should be able to navigate to any page I want without the PERMISSION of the owners of the domain I'm currently looking at. When I click to navigate away, any action other than NAVIGATING AWAY is against my wishes and a malicious action against me. What happens instead? A popup appeared preventing me from navigating away until I click on it. This is not the desired action. Please provide any additional information below. Attach a screenshot if possible.
,
Aug 8 2016
,
Sep 13 2016
Showing a prompt is Working-as-Intended; if the LEAVE button does not work, that's potentially a bug.
,
Sep 13 2016
,
Sep 16 2016
No. When I click the "back" button or a link, "showing a prompt" is NOT the intended action. Letting a site prevent me from leaving by nagging me with a "prompt" is spam, and it's a possible attack vector too. When I click a link it should go to the URL, not go to a prompt. That is NOT the intended action. It's not working, it's a bug and it's an attack.
,
Sep 23 2016
Thank you for providing more feedback. Adding requester "tkonchada@chromium.org" for another review and adding "Needs-Review" label for tracking. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 7 2016
Sorry, we're keeping onbeforeunload. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by tkonch...@chromium.org
, Jul 27 2016Labels: Needs-Feedback