- From: Jonathan Zuckerman <j.zuckerman@gmail.com>
- Date: Wed, 13 Apr 2016 15:54:49 -0400
- To: "Michael A. Peters" <mpeters@domblogger.net>
- Cc: whatwg@lists.whatwg.org
I have heard of a lot of abuses but never actually come across this particular one, can you point us to a site that demonstrates it? On Wed, Apr 13, 2016 at 3:53 PM, Michael A. Peters <mpeters@domblogger.net> wrote: > This btw is a security issue. Many of the scam sites that do things like > tell the user their computer is infected and they have to call a number > disable the ability to use the back button via JavaScript hovers. > > This puts users who don't understand technology into a mental state where > they feel like they have no control. > > It's effing stupid that anyone ever thought it was a good idea to let > JavaScript disable the standard browser controls. As browsers have done > that, it needs to be specified that JavaScript can't do that. > > > On 04/13/2016 12:44 PM, Michael A. Peters wrote: > >> It needs to be made very clear as a web standard that no JavaScript >> action can disable UI functions such as the back button. >> >> A very common abuse is that when pulling the mouse to hit the back >> button because you are not interested in a page, a hover comes up and >> when the hover comes up, the back button no longer works. >> >> This is a browser UI issue but it needs to specified that browsers must >> not disable the back button in response to JavaScript. The web is enough >> of a cesspool as it is. >> >
Received on Wednesday, 13 April 2016 19:55:34 UTC