Announcement

**Soldier Bob** · Jul 9, 2002, 04:18 PM

something to do with security

The parent window is opened by the user. What if he doesn't want his Web browser to be closed?

Its a built in function for security reasons last I understood.

You could load up a site map on the parent browser to navigate anthing your loading on the popup. That way at least the content is useful and not just a blank screen.

-S. Bob

**spinweb** · Jul 9, 2002, 05:25 PM

Change Parent?

Is it possible to make the child the parent and then kill the parent?

**Quiet Storm** · Jul 9, 2002, 07:18 PM

There is a way to close() the parent window from the child - on IE only, though.

**spinweb** · Jul 10, 2002, 09:39 AM

OK....

All I need is for it to work in IE. Can you post the code?

Thanks,
Rick

**Quiet Storm** · Jul 10, 2002, 12:06 PM

<HEAD>

<OBJECT id="closes" type="application/x-oleobject"
classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11">
<PARAM NAME="Command" VALUE="Close">
</OBJECT>

<script type="text/javascript">
function init() {
window.open('Page2.html','second','height=400,width=400');
window.focus();
closes.Click(); }
</script>

</HEAD>
<BODY onload="init()">

The above will automatically open Page2.html and close the parent onLoad.

To make it work by clicking a button first, remove the onload="init()" command and use this:

<A HREF="#" onClick="javascript:init();">Open & Close!</A>

**spinweb** · Jul 10, 2002, 01:41 PM

Great!

Many Thanks QS. I've wanted to be able to spawn a window from outside a browser with no toolbars, etc., at a given size for a long time. This seems to be the closest we can get (i.e., first spawning a "dummy" window that's resized to 1px x 1px and then closed.)

Rick

**spinweb** · Jul 11, 2002, 04:09 PM

Can the windows be centered?

Is it possible to have these windows, launched from a shortcut on the desktop be centered?

That would be really nice.

Thanks,
Rick

**Soldier Bob** · Jul 11, 2002, 04:53 PM

Rofl

geez, build the application already :P

I think what you are really asking is if a browser can be made to behave like a custom app. This isnt a good road to travel upon. If you really need all this and more, you might want to try looking into modifying the mozilla core and open it up to allow for things like this.

From what I understand its open source etc.

Internet for people, not profit

http://www.mozilla.org/

Mozilla is the not-for-profit behind the lightning fast Firefox browser. We put people over profit to give everyone more power online.

-S. Bob

**joh6nn** · Jul 11, 2002, 05:12 PM

i suggest you leave it alone, period. if it's a built in security feature, then there's gotta be a good reason why you shouldn't be doing it, in which case you'd better have a REAL good reason to bypass it. and i can't imagine such a reason.

on that note, i'd like to politely request, that those few of us, who know how to bypass that security measure, don't tell other people how. the measure is there for a reason, and we're doing no favors by making it easier to get around.

**Roy Sinclair** · Jul 11, 2002, 05:20 PM

on that note, i'd like to politely request, that those few of us, who know how to bypass that security measure, don't tell other people how. the measure is there for a reason, and we're doing no favors by making it easier to get around.

I also recommend that these "bypass the security" things not be given out for an additional reason. These are bugs in the browser which need to be fixed, not hidden capabilities and when those bugs are fixed this code will suddenly no longer function and your page will break unexpectedly. You don't need that grief so don't try to take advantage of a bug.

FWIW, some more serious problems related to the use of this bug have recently been reported on BUGTRAQ (specifically, unrestricted cross site scripting) and MS will be scrambling right now to disable this so this particular bug is going to have a short life.

**spinweb** · Jul 11, 2002, 05:31 PM

gee

For those of us who are looking to get the most out of our browsers, it seems to me a reasonable goal to be able to:

Launch a centered window from a link on the desktop, without all the browser accoutremonts.

For web designers/developers this comes up frequently.

Regards,

Rick

**joh6nn** · Jul 11, 2002, 06:14 PM

without wanting to sound hostile, i'd like to say that if your design is at the cost of my security, i'd rather have my security.

try looking at HTAs, in the MS link in my sig. that might be what you're looking for.

**Quiet Storm** · Jul 11, 2002, 07:03 PM

HTA's secure? BS!

(edited) is a tool which allows ANY file to be encoded and then embedded in plain HTML web page code as a script which will execute automatically by making use of the Hypertext Application (HTA) functions of the Microsoft Windows Scripting Host (WSH) which is called by a script embedded along with the encoded content inside that web page. It is not necessary to click on any link. The mere presence of the script in the page will automatically activate and execute (edited) which will then save the exploit to the computer's hard drive as an HTA file. This exploit was described previously by Georgi Guninski ("scriptlet exploit") but this represents the first time an automatic generator has been released along with all of the necessary source code to permit others to exploit further.

Besides, I've used this trick on a few of my sites. Never had any complaints. The Chromeless window trick is also a bug in IE - you gonna want to remove that feature from all the different sites that use it, too?

**joh6nn** · Jul 11, 2002, 07:24 PM

that's a rather moot point you make. The fact that neither HTAs nor embedded objects are in any way a good answer to this problem, is another excellent reason to give up on this. It can't be done without circumventing important security measures in some way, which ought to suggest that it shouldn't be done.

Announcement

How to Close Parent Window w/o Alert?

How to Close Parent Window w/o Alert?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment