Issue metadata
Sign in to add a comment
|
Pop-up blocker Bypass
Reported by
anasmahm...@gmail.com,
Apr 26 2017
|
||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; rv:50.0) Gecko/20100101 Firefox/50.0 Steps to reproduce the problem: First visit this link https://jsfiddle.net/zn2jkvd2/. OR Save this code --- <script>window.open('http://www.evil.com','width=150,height=150')</script> ---- as html and open the html file in chrome browser. Browser block popups.(If not then manually turn on popup blocker ) Next Visit this link https://jsfiddle.net/g8xom7qb/ OR save this code -------- <script> function makePopups(){ for (i=1;i<6;i++) { window.open('http://www.evil.com','spam'+i,'width=150,height=150'); } } </script> <body> <a href="#" onclick="makePopups()">Spam</a> ------ as html and open the file and click on 'Spam' ,Browser show popup blocked but popup successfully executed. What is the expected behavior? Browser should not allows popup if the popup blocker is on. What went wrong? Browser allows popup if the popup blocker is on. Thus This Bypass the browser popup security filter. Did this work before? N/A Chrome version: 57.0.2935.0 Channel: n/a OS Version: Win7 Flash Version: Shockwave Flash 10.2 r159
,
Apr 26 2017
Bypassing the popup blocker isn't a security bug. Everything is working as expected here. The browser treat the mouse click as a "user initiated action" and this grants the window permission to open one popup. The other five popups attempted by the script are blocked, as indicated in the notification shown at the right-hand side of the omnibox. |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by anasmahm...@gmail.com
, Apr 26 2017