In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Matthew Thomas) wrote:
> Henri Sivonen wrote:
> >...
> > <[EMAIL PROTECTED]> wrote:
> >...
> > > This is a great list. While we're at it, can any helpful readers
> > > suggest any more things that users will want to block from this
> > > panel?
> >
> > [ ] Set the size of new windows
>
> How would turning this off be useful?
It would prevent
* sites from grabbing my entire screen.
* sites from creating overly small navigation windows.
> It seems to me that all it would
> get you would be 300*300 popups appearing in 700*550 windows -- arguably
> even more annoying than at their intended size.
I want to suppress all pop-ups that I didn't request (window.open
invoked from onLoad). OTOH, when I deliberately click a JavaScript
"link" I want to get a window whose size is the same as the size of my
other windows. I don't want the designer to be able to decide that I
can't handle windows taller than 440 px.
Example:
The page at http://homepage.mac.com/hsivonen/PhotoAlbum.html has been
created with Apple's iTools. (I could fix the page but I haven't and
that's unimportant here.) If you click a thumbnail, a larger version of
the photo will appear in a pop-up window. That window is too small for
the photo. You'll have to manually resize each and every pop-up to see
each photo without scrolling. That sort of scripts are *annoying*.
There are also sites that uselessly pop-up 640 px * 480 px windows (and
deprive the user of the location field or other basic parts of the UI in
the process).
> `Make new windows non-resizable', however, would be a useful thing to
> block
I want to block that one, too. I also don't want Web designers to be
able to deprive me of toolbars.
> > [ ] Discover the properties of the screen and the size of the window
> > [ ] But let the script believe the screen size is [800*600 |v]
> >...
>
> How do we block this? What happens when a script asks for the size? Do
> we return (0, 0), or what?
a) Throw a security exception. This happens now if I go and block those
properties by editing prefs.js (which I have done, BTW).
or
b) Give believable but bogus values to the script. (This is the purpose
of the second checkbox there.) This way, the user can't be segregated
because (s)he had the nerve to throw exceptions.
or
c) Grant access to the values, but make setting the window size a no-op
from the user point of view but reflect the "changed" back to the
script. (This way a script can't set the window size, then check it,
notice that nothing has changed and start whining at the user that the
user should grant the script more priviliges. OK, this might be a
far-fetched scenario, but many sites have no hesitations about blocking
users who have blocked cookies.)
BTW, from a privacy point of view, the more environment values there
are, the more likely it is that the combination is unique and can be
used as a GUID. For example, it would be easy to identify Apple Cinema
Display users.
Why were the screen properties exposed in the first place? I can't see
any user benefit arising from that.
> Perhaps what you want here is a way to prevent an author from creating a
> window that is larger than the display.
Of course, but most importantly, I want pop-up (invoked by a user
action) have the same size and toolbar properties as a new window
created by pressing accel-N.
--
Henri Sivonen
[EMAIL PROTECTED]
http://www.clinet.fi/~henris/
