Unwanted Flash popups

I wanted to check out the web site for the upcoming Pirates of the Caribbean video game from Bethesda Softworks. The link that I was trying came from IGN, and the link they gave me was this which redirected me here. Neither are the site for the new game -- I guess they took it down... but what surprised me was that that page that loaded (directly accessible by that second link there) popped up a window. And I'm using Mozilla. That is NOT supposed to happen!

So what's going on? Well, they've found a way around the popup protection in Mozilla by firing the popup action from within their Flash animation. You see, Flash can call JavaScript functions in a web page. It's a very useful feature for Flash developers, but now it appears this power is being used for evil. I'm really surprised I haven't seen more of this... the capability has been around since Flash 2.

I was tempted not to link to that site or to discuss this hole in Mozilla's armor, because I'm sure all the advertisers out there are going to quickly adopt this technique. Here's hoping the white hats find a way to block these too.


TrackBack URL for this entry:

Listed below are links to weblogs that reference Unwanted Flash popups:

» how to make popups that work in mozilla from anil dash's daily links
http://www.bradchoate.com/past/001500.php... [Read More]

» Using Flash to Circumvent Popup Blocking from voisen.org
Brad Choate recently expressed his displeasure with the fact that people (namely evil marketing people) are now using Flash to lauch pop-up windows with fscommand and thereby circumventing the pop-up protection in browsers like Mozilla and Safari. This... [Read More]


Nik said:

Easy solution: dont run flash. And if you really really really have a need to see the latest o-so-funny flash movie that a co-worker has just sent you and 250 other people, then flick to another browser.

Dan Hartung said:

It's always been clear that there's at least one loophole, because the Mozilla pop-up protection has never worked at the New York Times. There's a Bugzilla bug report on it somewhere. The NYT method seems to involve regular old Javascript, but perhaps works because it's modularized. I haven't investigated closely.

- said:

Flash is often miss-used, and is thus not well understood by most people. Yes, flash can do some crappy animations (which is what it was intended to do in the first place), but it can also be a formidable programming tool, more suported than java.

It is sad that flash is abused in this way, which makes its reputation suffer, but this is no reason to turn it off.

Flash delivers valuable content which I don't want to miss, and I can live with a popup or two. Don't forget that the sites that send you popups are free because of these adds (even though they bother us). Stop living in the free web bubble and realise that the web costs something, wether you like it or not.

And flash shouldn't suffer from this.

John Dowdell said:

Re: "That is NOT supposed to happen!"

I don't know the intent, promises, or implementation of the links you mentioned. But I do recall that somewhere in Mozilla's docs they describe the specific JS events they block for new windows.

This doesn't mean that all JavaScript handlings for opening new windows are defeated... if an advertiser wanted then I believe they could just set a timeout to avoid that popup pref. Few do, likely because: (a) popunders aren't perfectly persuasive; (b) few advertising targets use Mozilla; and (c) fewer still have found that Prefs setting.

A SWF wouldn't need to use the browser's script/object intercommunication scheme (whether Java-based LiveConnect or ActiveX Scripting) to open a new window. It would just request a new window. I don't recall seeing advertisers annoy people by opening popunders this way.

In this case, it seems the site you visited wanted to display some of their own presentation in their own window. I don't usually like that presentation style myself, but this doesn't seem like a generalized advertising technique specifically designed to beat the JS popup pref in Mozilla.

John Dowdell
Macromeida Support

anon said:

Nik, you silly silly little man. If you want your version of the internet to stay locked in the late 90's where you celarly are then stick with what your doing. By Not running flash your are denyying your self active to a richer experience and increasingly a richer content platform.

Advertsing and the internet are here to stay period. If you dont like it - go play with your imaginary girlfirend or somthing.

If Flash does not decide to play well with pop-up blockers, advertisers are likely to abuse that. I predict that one of the following will happen:

a) Browsers will block all window.open() calls from Flash.

b) Some users who would not have blocked Flash otherwise will block Flash, making all more legitimate uses of Flash suffer slightly. Hopefully they will use "non-lethal" methods of blocking Flash such as XBL "click to play Flash animation" placeholders or per-site blocking with whitelists or blacklists.

The Bugzilla entry is bug 150340, "plugins don't obey the 'Open unrequested windows' pref".


This article was published on April 4, 2003 9:51 PM.

The article previously posted was Token Iraq post.

The next article is Easy Amazon Links.

Many more can be found on the home page or by looking through the archives.

Powered by Movable Type