0

So I've been experiencing several issues around pop-up windows within a corporate Intranet site, i.e. JavaScript 'window.open' the last one brought to my attention is the inability to change the URL of a pop-up once it's opened. I first tried this on Edge then Firefox to confirm.

After playing with the pop-up window options, I found that if I set 'toolbar=1' then I could change the URL in Firefox but not Edge or IE.

I was using the following code in a w3schools editor

<!DOCTYPE html>
<html>
<body>

<p>Click the button to open a new browser window.</p>

<button onclick="myFunction()">Try it</button>

<script>
function myFunction() {
    window.open('https://www.w3schools.com','123','width=560,height=340,toolbar=1');
}
</script>

</body>
</html>

This seems to be a Windows 7 and 10 issue on IE or Edge. Is there a new security setting somewhere that I'm missing?

  • I don't think there's a consistent, cross-browser way to control whether the address bar is available in popup windows. See http://stackoverflow.com/questions/2909645/open-new-popup-window-without-address-bars-in-firefox-ie – Barmar Mar 16 '17 at 16:02
  • Seems to be a sudden issue. There are many applications within this Intranet and suddenly people are starting to complain about small things like this. Mostly centered around pop-up functionality. –  Mar 16 '17 at 16:05
  • Maybe Microsoft has changed the default behavior. – Barmar Mar 16 '17 at 16:06
  • I should add, when I open a new tab with the fullscreen flag set to true, it works fine, I can change the URL and other functionality people are complaining about goes away. Only when it's a pop-up does it seem like it's dropped to a higher security setting (Edge and IE). –  Mar 16 '17 at 16:09
  • The link provided is funny, Firefox doesn't work but IE does for this guy. I haven't tried but I'd bet if I tried Safari it would work fine. –  Mar 16 '17 at 16:13
  • IE has a security zone setting for 'Scripted Windows' and has its own built-in popup blocker, so outcomes for scripted windows (window.open etc) will depend on 1. Which zone the current site is in. 2. Which zone the target 'scripted window' is in. 3. What are the users current popup blocking settings (Tools>Popup blocker). By default intranet sites allow all popups but popups to external sites should not be used. 4. Third party popup blocker Addons. eg the google toolbar has its own popup blocker too. – Rob Parsons Mar 16 '17 at 23:39
  • Other browsers (FX, etc) do not have security zones. Security settings are by domain, so outcomes between browsers for Intranet mapped sites is non consistent. Developing for intranet sites you should always open windows to external sites in a new window, as IE also has a security setting preventing navigation into a zone of lower integrity. When you request a resource from an external web site you are also sending the referrer, by default also, intranet sites allow 32bit tabs, and 32bit legacy ActiveX controls – Rob Parsons Mar 16 '17 at 23:51
  • Hey Rob, to your first comment. All pop-up are part of the Intranet. There's no external resources being referenced. For example, when using jQuery, they're not using a CDN, instead a copy of the jQuery framework is included as part of the projects resources. –  Mar 17 '17 at 15:20

0 Answers0