[Javascript] Approved method of "bugging out"

David T. Lovering dlovering at gazos.com
Sun Aug 3 12:24:37 CDT 2003


I concur -- the child window is definitely the way to go.  However, the authentication
thread and the history are (in this case at least) attached to the root-level parent
window (as per the customer spec), so nuking the child won't have any effect on the
core problem.

I too have had problems with window.opener.focus() in differing browsers.  The way I
figure it is that window.opener is a handle pointing to the "parent" window (if that
is the correct word), but is not in DOM parlance a focusable object in its own right.
I've sometimes gotten better results by dropping down to the document layer below it,
i.e; window.opener.document.focus().  This does essentially the same thing (it brings the
primary window to the top layer), but targets a real DOM object instead of a handle.
However, I've not tested this conjecture in all possible cases, so it is still largely
supposition on my part.

Thanks for the suggestion -- I'll just have to continue scouting around for some more
"explosive" means of forcibly (and unconditionally) closing the root window.  Meanwhile,
the bits I can tweak will go in child-windows ("remotes?") until I can lick the main
problem.

-- Dave Lovering

Paul - Javascript list wrote:
> 
> Dave,
> 
> I think the reason you're getting the "OK?" prompt when you close the
> browser window is that you're closing the root-level parent window.  If you
> create a child window in which to launch your application, then in my
> experience window.close() closes it without asking.
> 
> And then, if you're operating in a child window, you might have greater
> lattitude to wreak havoc with history etc. without worrying about tampering
> with the user's legit settings back in the parent browser.
> 
> I like the fact that the child window can redirect the parent [as well as
> change object values in the parent]. For example, if the user transgresses,
> you can:
> 
> function jsCloseChildRedirectParent(argURL){
>         window.opener.location=argURL;  // redirect parent
>         window.opener.focus();          // bring parent window to the top
>         window.close();                 // close child
> }
> 
> (I've had mixed results with window.opener.focus() and am not confident I'm
> using it properly.  I threw that in in case the user's got several open
> windows and the parent browser isn't second from the top.)
> 
> Paul
> 
> At 06:37 AM 8/3/2003 -0700, you wrote:
> >
> >  I am trying to harden a number of pre-existing pages by embedding a
> script in the onLoad handler (or maybe even earlier in the process tree)
> that will check the authentication info for the incoming user, and then
> unconditionally blow the window/browser
> >back out if the authorization is not validated.  The first part is easy,
> and I've already got a handle on it.
> >
> >  The second part appears to be more troublesome, particularly with IE
> browsers.  I've tried "self.window.close()" and a number of close analogs,
> and in every case it brings up a nice little window saying "the process
> wants to close the window, is this
> >OK?"  Of course, a cracker will say "no", and continue happily raping the
> application.  I
> >want the equivalent of dynamite for the fishpond, that will abort the
> browser altogether without any dialogue, thereby ensuring that no passive
> authentication threads remain active and that no history can lead back to
> the page(s) in question.
> >
> >  Yes, I know how to nuke the history list.  However, I don't like to do
> this out-of-hand, since the user may have legitimate URLs stacked up in it
> which should be preserved.  Also, I can simply redirect the
> window.location.href to somewhere innocuous,
> >but that still leaves the initial authentication thread active, and can be
> "backed" by the history list.  No, only unconditional dynamite will serve.
> >
> >  Anybody have any ideas?  I need to get this script bundle out the door
> ASAP for a product demo at the end of this upcoming week.
> >
> >-- Dave Lovering
> >_______________________________________________
> >Javascript mailing list
> >Javascript at LaTech.edu
> >https://lists.LaTech.edu/mailman/listinfo/javascript
> >
> 
> _______________________________________________
> Javascript mailing list
> Javascript at LaTech.edu
> https://lists.LaTech.edu/mailman/listinfo/javascript


More information about the Javascript mailing list