IE7’s Blocking of prompt()
I haven't experienced the supposed goodness that is IE7 first-hand as of yet, but I have heard plenty about its shortcomings and annoyances. Another I just read about today is the default settings that blocks websites from using the built-in prompt() method in JavaScript.
It wouldn't be super annoying if Microsoft handled user permission intelligently, though. As it is, IE7 displays the by-now familiar Information Bar (introduced in IE6 with Windows XP's Service Pack 2) and the user can allow "scripted windows" on the page. Unfortunately, the scripting engine simply ignores the prompt and moves on through the rest of the script, which does nobody any good. Choosing to allow scripted windows reloads the page, but for some reason still blocks the method. I have seen hundreds of sites use this technique, and I am sure there are hundreds of thousands more.
Microsoft's release notes for IE7 say:
Generic Spoofing Risk Reduction in Internet Explorer 7--The window.prompt script method is blocked and the gold Information bar is displayed by default in Internet Zone for Internet Explorer 7. The helps prevent websites from spoofing things such as the logon screens of other websites. This is a new security enhancement for Internet Explorer 7.
This can obviously be remedied by changing the setting (located in the Advanced Settings tab, of course) or trusting the site ("default Internet Zone" means sites that are not trusted or restricted), but the fact that it requires a conscious effort on the part of the user is ridiculous. Most people using IE don't even know what prompt() is, much less why they should allow it or what it does for them. I think Microsoft should add a change to this in the upcoming Service Pack 1 for Windows Vista, disabling the option by default.
I complain mostly because I used to use this function a lot, and I know a lot of sites still do. (I've moved to DHTML-style overlays now.) I really hope Microsoft makes this better, because as it is, the Information Bar isn't going to tell users much about what they're allowing, nor does it actually fix the problem.
Social Me
Badges
Subscription Options
Latest Comments
- Voyagerfan5761 on “No Evil”: My NET10 Wireless Experiences
- dogbonz on “No Evil”: My NET10 Wireless Experiences
- Voyagerfan5761 on “No Evil”: My NET10 Wireless Experiences
Latest Posts
Archives
Categories
Creations
Southwest High Robotics Team My first non-personal design work
Promotions, Causes, Etc.
- Yes, it's a shameless plug for money. A strange thing coming from me, but it supports one of the Web's greatest sites.
- I'm sure you saw this one coming. You know what I want.
- Set yourself up with OpenDNS, the fastest DNS service around! You can also set up shortcuts for frequently visited sites and filter content.
- Download the best multi-protocol IM client I've ever seen! So it crashes once in a while, but it's in active development, so they're definitely working on it. (And really, what program doesn't crash once in a while?)
- Don't let Microsoft push through a redundant, broken standard for office files! Chaos and confusion could ensue!
- This is just in case spam-bots visit this site. Click it to find out more (it only does bad things to email harvesters, don't worry).
Blogged.com says I have to leave its badge here to claim ownership of this site. I can't take it off, apparently. Whatever. What would be nice is linking to my own site's page rather than generic "technology news" listings...
blogarama and Blog Flux have similar, but implied, issues. And why does everyone link me to a generic listing page?!