location bar always visible in IE 7 pop-ups

[kaston3]

So it seems that in their unduly extreme crusade to fight phising,
spyware and thousand of enemies MS IE 7 designers have decided not to
let designers open popups without the address/location toolbar.

http://blogs.msdn.com/ie/archive/2005/11/21/495507.aspx

thouh in the "example" here it seems to suggest otherwise

http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/open_0.asp


window.open("Sample.htm",null,

"height=200,width=400,status=yes,toolbar=no,menubar=no,location=no");-->
is supposed to open window with no location bar.

This is really very bad news. Many game, photo and style sites rely on
no-bars-at-all pop-ups to display info elegantly without any ugly html
code trace.

Can anybody confirm if this is final since I am working with the latest
IE7 candidate release??

Is there any way around this monstruosity by Redmon designers who
happen to add this one to IE7 top bars and icon distribution ugliness?

 

[Benjamin Niemann]

So it seems that in their unduly extreme crusade to fight phising,
spyware and thousand of enemies MS IE 7 designers have decided not to
let designers open popups without the address/location toolbar.

http://blogs.msdn.com/ie/archive/2005/11/21/495507.aspx

thouh in the "example" here it seems to suggest otherwise

http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/open_0.asp


window.open("Sample.htm",null,

"height=200,width=400,status=yes,toolbar=no,menubar=no,location=no");-->
is supposed to open window with no location bar.

This is really very bad news. Many game, photo and style sites rely on
no-bars-at-all pop-ups to display info elegantly without any ugly html
code trace.

Can anybody confirm if this is final since I am working with the latest
IE7 candidate release??

Is there any way around this monstruosity by Redmon designers who
happen to add this one to IE7 top bars and icon distribution ugliness?

IIRC this is the result of a meeting of developers of the major browsers to
exchange ideas how security can be improved. So this
a) is not a "monstruosity by Redmon designers"
b) will happen in other browsers, too

A good browser may allow the *user* to remove the location bar, perhaps
permanently for popups on certain domains, if she thinks it is annoying.

IMHO this is a good idea.

 

[kaston3]

Well,

Being a designer a php developer I still think it is a monstruosity
essentially because they are trying to kill flies with cannon balls at
the expense of design beauty.

If as you say this is the result of some standarization meeting so the
monstruosity has shared responsibility but is still a bad thing.

At least, if there's an option to hide location the default should be
location=0 for pop-ups.

After years of evolution and with the help of Flash mainly, HTML has
improved its essential ugliness. Showing location in pop-ups (by
default or worse, by forcing visibility) is a major step back and it
renders the location option in javascript open.window useless

The URL usually contains code with variables that should be hidden (at
least by default). Interpreted languages are always behind compiled
languages and notably browsers' 'show source code' feature is
something designers never liked.

Malicious code should be handled in the background. I only hope that
Firefox 2.0 as usual does not surrenders to MS rules of the game.

 

[Harlan Messinger]

So it seems that in their unduly extreme crusade to fight phising,
spyware and thousand of enemies MS IE 7 designers have decided not to
let designers open popups without the address/location toolbar.

http://blogs.msdn.com/ie/archive/2005/11/21/495507.aspx

thouh in the "example" here it seems to suggest otherwise

http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/open_0.asp


window.open("Sample.htm",null,

"height=200,width=400,status=yes,toolbar=no,menubar=no,location=no");-->
is supposed to open window with no location bar.

This is really very bad news. Many game, photo and style sites rely on
no-bars-at-all pop-ups to display info elegantly without any ugly html
code trace.

So in your opinion, this is tremendously more important than security,
including the prevention of identity theft?

 

[Richard Cornford]

So it seems that in their unduly extreme crusade to fight
phising, spyware and thousand of enemies

"Unduly extreme"? Isn't making it impossible for the malicious to do
what they should never have been allowed to do in the first place a
sensible action?

MS IE 7 designers have decided not to let designers open
popups without the address/location toolbar.

<snip>

Increasingly restricting the ability of scripts to dictate the form of
their windows has been the trend in web browsers for more than half a
decade.

This is really very bad news.

Bad news for who? I have never written a script that has any interest in
whether a browser window shows a location bar or not, so from my point
of view nothing has changed.

Many game, photo and style sites rely on no-bars-at-all
pop-ups to display info elegantly

A mistake is not any less a mistake as a result of many people making
it. If some designers have kept their heads buried in the sand for the
last half decade, not seen that their control over new window features
(and even the new windows themselves) has been increasingly restricted,
not understood the reason for this trend, or denied its significance for
some "majority" of browser users, then they may have created designs
predicated upon poor/false assumptions and consequently fragile.

without any ugly html code trace.

I have no idea what that is supposed to refer to.

Can anybody confirm if this is final since I am working
with the latest IE7 candidate release??

The historical trend is that any browser feature that is subject to
abuse by (any) script authors will be increasingly restricted over time
(if not actually removed).

Is there any way around this monstruosity by Redmon
designers who happen to add this one to IE7 top bars and
icon distribution ugliness?

There is no need for any "way around" anything as the inherent
unreliability of attempting to open new browser windows has long since
made that an inappropriate action in browser script design. Alternative
approaches to the prevention of the types of content commonly placed in
pop-up windows avoid the issues of pop-up windows entirely.

Richard.

 

[Matt Kruse]

So it seems that in their unduly extreme crusade to fight phising,
spyware and thousand of enemies MS IE 7 designers have decided not to
let designers open popups without the address/location toolbar.

With the more widespread use of DIV-based popup "windows" in conjunction
with ajax, I'm not sure popup windows will even remain relevant for much
longer anyway. Especially not for the kind of functionality you're referring
to.

 

[Randy Webb]

kaston3 said the following on 8/28/2006 6:48 AM:

So it seems that in their unduly extreme crusade to fight phising,
spyware and thousand of enemies MS IE 7 designers have decided not to
let designers open popups without the address/location toolbar.

Your extreme stupidity is overwhelming and doesn't deserve much of a
response.

But, anybody who depends on popups isn't much of a "designer" but rather
they are a "wannabe".

 

[Matt Kruse]

Your extreme stupidity is overwhelming and doesn't deserve much of a
response.

Randy, you seem rather harsh as of late. You're not turning into Randy
"PointedEars" Webb, are you?

 

[Randy Webb]

Matt Kruse said the following on 8/28/2006 3:30 PM:

Randy, you seem rather harsh as of late.

Maybe, but it comes from reading posts like this one's original too many
times from different people.

You're not turning into Randy "PointedEars" Webb, are you?

I would reply to that but nothing I can think of saying in reply is fit
to be read in a public forum, even if it isn't a family oriented forum.

But, that does remind me that I can't email you at mattkruse.com from my
comcast.net email address.

 

[Matt Kruse]

But, that does remind me that I can't email you at mattkruse.com from
my comcast.net email address.

You get an error?
I get several thousand junk emails a day so I have lots of filters running.
I hope one of them isn't cutting out legitimate email.

 

[Randy Webb]

Matt Kruse said the following on 8/28/2006 10:56 PM:

You get an error?

Returned to sender.

I get several thousand junk emails a day so I have lots of filters running.
I hope one of them isn't cutting out legitimate email.

I just sent another, will see if it goes through.

I think my mail had to do with dealing with script blocks in HTML
snippets retrieved via an AJAX request so I may have gotten an address
from somewhere on the website.