IE7’s Blocking of prompt()

closeThis post was published 12 years 9 months 12 days ago. A number of changes have been made to the site since then, so please contact me if anything is broken or seems wrong.

I haven’t experienced the supposed goodness that is IE7 first-hand as of yet, but I have heard plenty about its shortcomings and annoyances. Another I just read about today is the default settings that blocks websites from using the built-in prompt() method in JavaScript.

It wouldn’t be super annoying if Microsoft handled user permission intelligently, though. As it is, IE7 displays the by-now familiar Information Bar (introduced in IE6 with Windows XP’s Service Pack 2) and the user can allow “scripted windows” on the page. Unfortunately, the scripting engine simply ignores the prompt and moves on through the rest of the script, which does nobody any good. Choosing to allow scripted windows reloads the page, but for some reason still blocks the method. I have seen hundreds of sites use this technique, and I am sure there are hundreds of thousands more.

Microsoft’s release notes for IE7 say:

Generic Spoofing Risk Reduction in Internet Explorer 7–The window.prompt script method is blocked and the gold Information bar is displayed by default in Internet Zone for Internet Explorer 7. The helps prevent websites from spoofing things such as the logon screens of other websites. This is a new security enhancement for Internet Explorer 7.

This can obviously be remedied by changing the setting (located in the Advanced Settings tab, of course) or trusting the site (“default Internet Zone” means sites that are not trusted or restricted), but the fact that it requires a conscious effort on the part of the user is ridiculous. Most people using IE don’t even know what prompt() is, much less why they should allow it or what it does for them. I think Microsoft should add a change to this in the upcoming Service Pack 1 for Windows Vista, disabling the option by default.

I complain mostly because I used to use this function a lot, and I know a lot of sites still do. (I’ve moved to DHTML-style overlays now.) I really hope Microsoft makes this better, because as it is, the Information Bar isn’t going to tell users much about what they’re allowing, nor does it actually fix the problem.


I am an avid technology and software user, in addition to being reasonably well-versed in CSS, JavaScript, HTML, PHP, Python, and (though it still scares me) Perl. Aside from my technological tendencies, I am also a theatre technician, sound designer, violinist, singer, and actor.

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail (or subscribe without commenting)

Comments are subject to moderation, and are licensed for display in perpetuity once posted. Learn more.