Browser window popups - risks and special features
Posted
by
Sandeepan Nath
on Stack Overflow
See other posts from Stack Overflow
or by Sandeepan Nath
Published on 2010-11-20T11:48:53Z
Indexed on
2011/01/05
7:53 UTC
Read the original article
Hit count: 254
1. What exactly is the security risk with popups?
The new browsers provide settings to block window popups (on blocking, sites with active popups display a message to user). What exactly is the security risk with popups? If allowing popups can execute something dangerous, then the main window can too. Is it not the case. I think I don't know about some special powers of window popups.
2. Any special features of popup windows?
Take for example the HDFC bank netbanking site. The entire netbanking session happens in a new window popup and a user neither manually edit the URL or paste the URL in the main browser window. it does not work. Is a popup window needed for this feature? Does it improve security? (Asking because everything that is there in this site revolves around security - so they must have done that for a reason too). Why otherwise they would implement the entire netbanking on a popup window?
3. Is it possible to override browser's popup blocking settings
Lastly, the HDFC site succcessfully displays popup window even when in the browser settings popups are blocked. So, how do they do it? Is that a browser hack?
To see this -
- go to http://hdfcbank.com/
- Under the "Login to your account" section select "HDFC Bank NetBanking" and click the "Login" button.
You can verify that even if popups are blocked/popup blocker is enabled in the browser settings, this site is able to display popups.
The answers to this question say that it is not possible to display popup windows if it has been blocked in browser settings.
Solved
Concluded with Pointy's solution and comments under that. Here is a fiddle demonstrating the same.
© Stack Overflow or respective owner