Most current browsers, including Mozilla, allow a class of profitable
denial of service attacks. These attacks involve opening a large number
of ad windows, or opening a new ad window each time the user tries to
close an open one. Unlike most other forms of advertisement in any
medium, these ads do not even give the user a chance to leave the site
rather than view the ads, and cannot be ignored because they're in your
way. Most of the sites using this type of DoS are adult sites, but
there are are others, such as exitfuel.com partners (see bug 84749 for
an example).
Somewhat less annoying are ordinary pop-up and pop-under ads. Some
users think of them as interstitials, no more annoying than television
ads. Some users are confused by them because they're used to having
only one browser window open at a time. Some users are annoyed by them
to the point where they'll immediately stop visiting a site that uses
them or advertises in them.
The solution we come up with should:
a. Not be vulnerable to denial-of-service attacks such as "hydras" and
cascading pop-up ads, at least with the default settings.
b. Not force Netscape to choose between (not being able to show pop-ups
on netscape.com) and (being vulnerable to a widely exploited denial of
service attack).
c. Have a user-interface simple enough that mpt won't complain about the
number of prefs added.
d. Not break a large number of existing sites. Breaking a few sites is
ok: pop-ups annoy a lot more people than browsers using alt text for
tooltips, and we changed that at the expense of breaking more than
several sites.
e. Make it possible to use bookmarklets
<http://dmoz.org/Bookmarks/J/jesser/Bookmarklets/> and benign javascript
in web pages while disallowing pop-up ads.
Here's my proposed plan:
1. Provide a pref:
Web pages may open new browser windows:
( ) Always
(*) Only when I click on the page or select "open in new window"
( ) Only when I select "open in new window"
See bug 55696 for some ideas about how the third option might work.
2. If "Always" is selected, windows opened by javascript will require a
click before they can call window.open anyway. This will let users kill
"hydras" as easily as they can kill normal pop-up ads. However, after
the user clicks, the window will revert to the "Always" setting, because
the user may have started using the window as a normal browser window.
3. Limit the number of consecutive window.opens to 3 or so. If a web
page exceeds that limit, deny access to the last window.open call. This
will break the "open selected links" bookmarklet
<http://www.squarefree.com/bookmarklets/pagelinks.html>, but bug 9274
will make up for that.
4. Disallow window.open, alert, prompt, and confirm in and after the
onunload event (bug 33448).
5. Make sure a failed window.open call is reported to the user in some
way (bug 47128, bug 83131).
6. Perhaps allow holding Ctrl while a page loads to enable onload pop-ups.
7. Allow power users to change the settings for specific sites or groups
of sites using zone prefs (ui: bug 38966).
8. Make it so that activating a bookmarklet counts as a click, and
selecting "open bookmark in new window" on a bookmarklet works similarly
to selecting "open link in new window".
Comments?
