Comments on: Preventing browser UI spoofing

By: Bram

Bram — Tue, 30 Nov 1999 00:00:00 +0000

The strange thing with showing an address bar is that you suggest navigating in that window while the site opening the pop-up wants to discourage that. Actually surfing in that window would be quite annoying if it’s none resizable and doesn’t have all toolbars

If your purpose is just to show the current address, and some “Restore toolbars” button you could actually create a new kind of toolbar (pop-up bar?) which has more or less the same height as the statusbar and just some address label instead of a full-blown address bar.

By: Mathieu Pellerin

Mathieu Pellerin — Tue, 30 Nov 1999 00:00:00 +0000

I dont think making the statusbar permanent is the best solution (I think it can be very useful to remove the statusbar for the good looking of it)

imo, the solution should be placed in the _titlebar_ simply because the titlebar is something that the web doesnt play with (except of course giving it a different name)

a) there’s a titlebar icon change to indicate that this window is missing the statusbar (or any other part: menu, toolbar)

b) (my favorite :) and original) you add a button next to the system buttons to unhide/hide the statusbar and/or any other missing parts removed by the javascript call …

I would vote for the solution B for two reasons
- it’s visualy more obvious to see an added system button rather than a slightly changed titlebar icon
- it adds the possibility to the user to get their toolbar,menubar,statusbar back (something I often wanted when I was using a window without menubar)

dont make the statusbar permanent, that’s not the right solution (especialy if somebody simply dont like statusbar and disable it all the time :) )

By: mark

mark — Tue, 30 Nov 1999 00:00:00 +0000

The status bar is the least useful real estate on the screen. I don’t know if any one had done usability tests on the status bar, but my experience is that it is very unnatural for users to look at that area of the screen. I’m sure that even if there were two status bar displayed I would not have noticed it.

IMHO the basic problem is that a site should not be given any ability to change the GUI of the browser. Why is it assumed that when I surf a site, I give it an automatic permission to manipulate my GUI?. This the same as giving sites a permision to set my home site, and the solution should be the same, ask the user if he permits it per a specific site, then store this as prefference for the future.

By: Justin

Justin — Tue, 30 Nov 1999 00:00:00 +0000

Why not simply put a (bright red, striped, something) border around any XUL-based GUI retrieved from a remote location? Even if the GUI is opened in a new fullscreen window, the border will be there to let the user know it’s not locally generated. It’d also be fairly inconspicuous in comparison to requiring the status bar/menu bar/toolbar be visible 100% of the time, while still informing the user of what was happening.

By: i5mast

i5mast — Tue, 30 Nov 1999 00:00:00 +0000

how about checking the form submission. is it possible to determine whether it is being submitted from a spoofed window?

By: Jesse Ruderman

Jesse Ruderman — Tue, 30 Nov 1999 00:00:00 +0000

Bram (#1): Web sites have no business creating non-resizable windows (bug 177838), so that part of your argument doesn’t work. Other than that, your idea is reasonable.

Mathieu (#2): I don’t know about you, but I rarely look at the title bar. That said, I think we should do what you describe in addition to preventing web sites from hiding the address bar. Then if someone chooses “Hide address toolbar in all pop-ups from https://gmail.google.com/“, they’ll still have something they can look at.

Justin (#4): You can spoof the browser UI just as effectively with HTML+JS as you can with XUL. That’s why I didn’t mention XUL in my post.