Post Reply 
Pop-up Windows
Oct. 27, 2005, 11:38 PM
Post: #7
 
Boys and Girls;
jart Wrote:Take for example popups coming from flash files. It happens like this: the flash plugin tells the browser to open a new window. The browser has no idea if the request is legitimate (user has clicked something in the flash file) or not.
Well, that's not quite true, I mean the part where a browser has no idea how legitimate a source of command is. The browser can indeed, at its core, determine exactly how a command was initiated, should the browser's author choose to go that far. The mechanism for this is called 'tracing the chain', and in each method of opening a window, the chain will show a call do a different routine in one or more dll files. That's why it does take a browser to actually decide what's legitimate, and what to toss out.

However, that doesn't address the issue of the user. That person should have the final say-so as to what's legitimate, not the browser's author. (Nor a filter writer, for that matter.) Just because a pop-up is called from a Flash file doesn't automatically make it undesirable (unless it's on my machine, then the file doesn't even get to play!). So even if the browser does know that a Flash file called for the pop-up (a different dll services the Flash file function calls), there's still a wide latitude in deciding what to allow, and what to kill.

tBB Wrote:Test 25 is generated by Java. For this the same as for Flash ads applies.
Note that tBB didn't say Javascript. If it truly is Java, then that's even easier to track down - any such request is handled by the JRM, the Java Runtime Module (or Machine), and is identifiable as such in the chain. But the same decision-making issues are brought forth here, and they've been discussed.

As for a filter in either Prox(o|i) or Bfilter, we're doing nothing more than reading the incoming stream, usually on Port 80, comparing strings of text against locally stored strings, and taking appriate action where needed. Until such time as a "pre-processor" is written (essentially another browser, but without the rendering component), then we're stuck with the non-text portions of our incoming data being unfilterable.

Classify all this as a work-in-progress. Shocked Wink


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Post Reply 


Messages In This Thread
Pop-up Windows - toods - Oct. 27, 2005, 09:39 AM
[] - jart - Oct. 27, 2005, 12:48 PM
[] - toods - Oct. 27, 2005, 02:18 PM
[] - jart - Oct. 27, 2005, 02:34 PM
[] - toods - Oct. 27, 2005, 02:37 PM
Re: Pop-up Windows - tBB - Oct. 27, 2005, 07:32 PM
[] - Oddysey - Oct. 27, 2005 11:38 PM

Forum Jump: