IE7 window.prompt script method is blocked

Forum Moderators: open

Message Too Old, No Replies

IE7 window.prompt script method is blocked

aka Generic Spoofing Risk Reduction

Fotiman

3:04 pm on Oct 24, 2006 (gmt 0)

I've heard (though not verified myself) that IE7 has essentially killed off the window.prompt JavaScript method. As I've not yet installed it, I can't verify this info, but I've heard the release notes say this:

The window.prompt script method is blocked and the gold Information bar is displayed by default in Internet Zone for Internet Explorer 7. The helps prevent websites from spoofing things such as the logon screens of other websites. This is a new security enhancement for Internet Explorer 7.

What is Microsoft thinking?!

JAB Creations

10:14 pm on Oct 24, 2006 (gmt 0)

Post something that uses window.prompt and I'll be more then glad to test it in IE7 for you. I can compare it to IE 5.5 or IE 5.01 (but not 6.0) right now.

- John

Fotiman

2:50 pm on Oct 26, 2006 (gmt 0)


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" 
 "http://www.w3.org/TR/html4/strict.dtd"> 
<html> 
<head> 
 <meta http-equiv="Content-Type" content="text/html; charset:utf-8"> 
 <title>window.prompt example for IE7</title> 
 <script type="text/javascript"> 
 var page = function() { 
  return { 
   init : function() { 
    // Prompt User 
    var userinput = prompt("Enter some value","Your Value Here");     
    // Use this value for something 
    var p = document.createElement("p"); 
    var n = document.createTextNode(userinput); 
    var c = document.getElementById("container"); 
    p.appendChild(n); 
    c.appendChild(p); 
   } 
  }; 
 }(); 
 window.onload = page.init; 
 </script> 
</head> 
<body> 
<div id="container"> 
</div> 
</body> 
</html>

JAB Creations

11:10 pm on Oct 26, 2006 (gmt 0)

Firefox 2.0, IE 5.5, IE7, and Opera 9.02 on Windows and Konquerer 3.5.4 on Suse 10.1 all prompted me for my name and then displayed it on the page. Hope this helps! Let me know if you want me to test it with anything like Opera 2 or Netscape 4. :)

- John

[edited by: JAB_Creations at 11:11 pm (utc) on Oct. 26, 2006]

Fotiman

3:32 pm on Oct 27, 2006 (gmt 0)

Oh good! Then what I heard elsewhere must be incorrect. Thanks for checking this... I thought it seemed like an odd thing to remove. :)

fargo1999

6:32 pm on Oct 31, 2006 (gmt 0)

Fotiman, what you heard is (unfortunately) true. Try to paste this code in IE7 and you'll get "a warning"

javascript:void(prompt('test hi'));

RonPK

12:39 pm on Nov 1, 2006 (gmt 0)

The IE7 release notes are available to all: [msdn2.microsoft.com...]

Users are presented an information bar with an option to 'temporarily allow scripted windows for this site'. It is quite annoying that script execution proceeds while the user may be busy clicking and reading the information windows.

The default behavior can be changed in Tools > Internet Options > Security > enable 'allow websites to prompt for information using scripted windows'.