[Javascript] Approved method of "bugging out"
David T. Lovering
dlovering at gazos.com
Sun Aug 3 12:24:37 CDT 2003
I concur -- the child window is definitely the way to go. However, the authentication
thread and the history are (in this case at least) attached to the root-level parent
window (as per the customer spec), so nuking the child won't have any effect on the
core problem.
I too have had problems with window.opener.focus() in differing browsers. The way I
figure it is that window.opener is a handle pointing to the "parent" window (if that
is the correct word), but is not in DOM parlance a focusable object in its own right.
I've sometimes gotten better results by dropping down to the document layer below it,
i.e; window.opener.document.focus(). This does essentially the same thing (it brings the
primary window to the top layer), but targets a real DOM object instead of a handle.
However, I've not tested this conjecture in all possible cases, so it is still largely
supposition on my part.
Thanks for the suggestion -- I'll just have to continue scouting around for some more
"explosive" means of forcibly (and unconditionally) closing the root window. Meanwhile,
the bits I can tweak will go in child-windows ("remotes?") until I can lick the main
problem.
-- Dave Lovering
Paul - Javascript list wrote:
>
> Dave,
>
> I think the reason you're getting the "OK?" prompt when you close the
> browser window is that you're closing the root-level parent window. If you
> create a child window in which to launch your application, then in my
> experience window.close() closes it without asking.
>
> And then, if you're operating in a child window, you might have greater
> lattitude to wreak havoc with history etc. without worrying about tampering
> with the user's legit settings back in the parent browser.
>
> I like the fact that the child window can redirect the parent [as well as
> change object values in the parent]. For example, if the user transgresses,
> you can:
>
> function jsCloseChildRedirectParent(argURL){
> window.opener.location=argURL; // redirect parent
> window.opener.focus(); // bring parent window to the top
> window.close(); // close child
> }
>
> (I've had mixed results with window.opener.focus() and am not confident I'm
> using it properly. I threw that in in case the user's got several open
> windows and the parent browser isn't second from the top.)
>
> Paul
>
> At 06:37 AM 8/3/2003 -0700, you wrote:
> >
> > I am trying to harden a number of pre-existing pages by embedding a
> script in the onLoad handler (or maybe even earlier in the process tree)
> that will check the authentication info for the incoming user, and then
> unconditionally blow the window/browser
> >back out if the authorization is not validated. The first part is easy,
> and I've already got a handle on it.
> >
> > The second part appears to be more troublesome, particularly with IE
> browsers. I've tried "self.window.close()" and a number of close analogs,
> and in every case it brings up a nice little window saying "the process
> wants to close the window, is this
> >OK?" Of course, a cracker will say "no", and continue happily raping the
> application. I
> >want the equivalent of dynamite for the fishpond, that will abort the
> browser altogether without any dialogue, thereby ensuring that no passive
> authentication threads remain active and that no history can lead back to
> the page(s) in question.
> >
> > Yes, I know how to nuke the history list. However, I don't like to do
> this out-of-hand, since the user may have legitimate URLs stacked up in it
> which should be preserved. Also, I can simply redirect the
> window.location.href to somewhere innocuous,
> >but that still leaves the initial authentication thread active, and can be
> "backed" by the history list. No, only unconditional dynamite will serve.
> >
> > Anybody have any ideas? I need to get this script bundle out the door
> ASAP for a product demo at the end of this upcoming week.
> >
> >-- Dave Lovering
> >_______________________________________________
> >Javascript mailing list
> >Javascript at LaTech.edu
> >https://lists.LaTech.edu/mailman/listinfo/javascript
> >
>
> _______________________________________________
> Javascript mailing list
> Javascript at LaTech.edu
> https://lists.LaTech.edu/mailman/listinfo/javascript
More information about the Javascript
mailing list