1

How is this site triggering its popup while bypassing Chrome's pop-up blocker?

http://undertexter.se/

I thought pop-up blockers only allowed window.open if it was triggered by a user action but that's not the case here so how are they doing it?

user1767586
  • 438
  • 1
  • 8
  • 19
  • 1
    I opened the above site using IE, Chrome, Firefox and Safari. There are no pop-ups at all. – Abhitalks Jul 31 '13 at 09:52
  • They simply aren't, but it is very easy to do user action without realizing it since just clicking anywhere on the page is enough already. Simply **just** clicking the link here and staying back doesn't give me any popups. – Esailija Jul 31 '13 at 23:15

6 Answers6

1

OUTDATED Origin resources and fiddles do not work anymore.

I figured out that there is an popup opening in chrome if you visit the Website first time (empty cache) and click somewhere on the document. After a refresh and a click on it again nothing will happen if cache wasn't removed.

So lets start the game of reverse engineering...

Took the script from http://undertexter.se/ and startet refuscation.

After a few steps I got the following code and I think this is not planned by browser manufactures to support something like this.

Now I wish you a lot of luck to use that for your own but I think it's evil.

Look on js fiddle for the result: Its the reverse of:

http://www.wigetmedia.com/tags/undertexter.se.js

http://jsfiddle.net/W9BdS/

Bernhard
  • 4,855
  • 5
  • 39
  • 70
  • @mplungjan Obviously yes. Both links aren't working anymore. Not suprised after 7years – Bernhard Jul 23 '20 at 08:54
  • Can you find the JSFiddle one? It did not disappear, just got renamed and went HTTPS as well – mplungjan Jul 23 '20 at 08:54
  • 1
    nope I do not have a jsfiddle account as it was years ago possible to create fiddles without account. Tried to reset wit all my email addresses – Bernhard Jul 23 '20 at 08:57
0

Tested on my own server, This opens up http://google.com in a new (standalone) window in Chromium 28 on Ubuntu 12.04. Adblock is active.

<script type="text/javascript">
document.addEventListener('click', function() {
    window.open('http://google.com','...','width=1080 height=640')
})
</script>
MetalGodwin
  • 3,784
  • 2
  • 17
  • 14
  • The site is gone but I believe this was how they did it. So in other words no pop-up was opened until a click happened (anywhere on the page). This works since many people click for no reason while they are reading stuff etc. – user1767586 Aug 13 '13 at 07:25
  • Glad you find it suitable. And yes and yes, I've seen a lot of sites implementing popups like this. And people (me included) clicks just for the fun of clicking sometimes. :) – MetalGodwin Aug 19 '13 at 14:15
0

try this using JQuery

        $('#yourCotrolId').on('click', function() {
    window.open('yourLink','...','width=1080 height=640')
});
Saad Soliman
  • 82
  • 2
  • 12
0

window.open is blocked by modern browsers when called not in a click event handler.

I faced this myself while using Rails' format.js responses and wrote a small plugin that makes showing JS popups as simple as calling window.open():

Popup("<div>Hello world</div>").show('up')
Anton Khamets
  • 111
  • 1
  • 6
-1

You could use the .trigger method for simulating an user action:

<a href="javascript:" onClick="window.open('example.html','example','width=200,height=200');">Click</a>
$('a').trigger('click');
alexP
  • 3,672
  • 7
  • 27
  • 36
  • Take a look at this: http://theandystratton.com/2012/how-to-bypass-google-chromes-javascript-popup-blocker – alexP Jul 29 '13 at 10:01
  • Thanks but it doesn't explain how this page is doing it since it opens it without any user action at all. – user1767586 Jul 29 '13 at 10:20
-1

.trigger() can not be used to mimc such native browser events, you can use .simulate() from simulate.js to mimic such events.

include simulate.js in your file and use,

$('a').simulate('click');

schnill
  • 905
  • 1
  • 5
  • 12