About Window Restrictions

  • Article

In Windows Internet Explorer, scripts can open two different types of windows and can resize and reposition existing windows. Malicious coders have used these script-opened windows and the script-driven window positioning to mislead and deceive users. The Window Restrictions security feature in Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2 (SP2) now restricts the opening and placement of windows by script to prevent malicious coders from misleading users. These restrictions include constraints on new Internet Explorer windows created by the window.open method and HTML pop-up windows created by the window.createPopup method, and positioning and sizing of Internet Explorer windows. By understanding Window Restrictions and how they work, you can write your scripts so that your Web pages function as expected.

This document assumes that you are familiar with Dynamic HTML (DHTML) and scripting.

The following topics are discussed in this document.

  • Why Do We Need Window Restrictions?
  • Window-opening Methods Affected by Window Restrictions
  • Restrictions on Internet Explorer Frame Windows
  • Guidelines for Scripting Internet Explorer Frame Windows
  • Restrictions on Internet Explorer HTML Pop-up Windows
  • Guidelines for Scripting HTML Pop-up Windows
  • Related Topics

Why Do We Need Window Restrictions?

The visible security features of Internet Explorer windows, such as the status bar, provide information to users to help them determine the source of a Web page and the security of that Web page. Hiding these features can lead users to think that they are on a trusted page or that they are interacting with a system process when they are actually interfacing with a malicious host. Maliciously relocating or hiding a window can present the user with false information, can obscure important information, or can even spoof (that is, imitate) important elements of the user interface, all in an attempt to get the user to take unsafe actions or to divulge sensitive information.

Internet Explorer 6 for Windows XP SP2 requires that the window title bar and status bar are always in the visible area of the display; if the address bar is displayed, it must also remain visible. By placing these restrictions on script-opened windows, the Window Restrictions security feature prevents malicious code from hiding information and from spoofing user interfaces. The Window restrictions feature is on by default for the Internet zone, and the feature is off by default for the Local Intranet and Trusted Sites zones.

Window restrictions are managed through a feature control registry key (FEATURE_WINDOW_RESTRICTIONS). Applications hosting the WebBrowser Control can take advantage of these restrictions. For more information, see Window Restrictions

Window-opening Methods Affected by Window Restrictions

There are two methods by which you can call in scripts to open windows.

  • window.open This method creates new Internet Explorer frame windows that can include such interface elements as a status bar, an address bar, and a title bar. These interface elements are often referred to as "chrome." The presence of these elements in an Internet Explorer frame window is determined by the sFeatures parameter of the window.open call.
  • window.createPopup This method creates HTML pop-up windows, or "chromeless" windows (that is, without the interface elements mentioned above). The caller determines the appearance of these HTML pop-up windows.

Restrictions on Internet Explorer Frame Windows

Window restrictions constrain script-driven placement of new Internet Explorer frame windows and script-driven positioning of existing frame windows to ensure that the status bar, title bar, and address bar (if displayed) always remain visible after the open operation is complete. There are several ways in which window restrictions constrain windows created by the window.open method.

Script Positioning of Internet Explorer Windows

Window positioning on the screen can be dictated by scripts that call the window.open method. Prior to Internet Explorer 6 for Windows XP SP2, script-opened windows could potentially be placed anywhere, including entirely off the screen and hidden from the user.

When a script opens a new Internet Explorer frame window, window restrictions constrain the window's placement so that the status bar and the title bar in the window are always visible. Scripts themselves cannot move a window offscreen, although the user can move the window offscreen after it has opened. If your script attempts to open a window offscreen, Internet Explorer will reposition the window by the smallest distance necessary so that the window appears onscreen.

To ensure that your Internet Explorer frame windows appear in the proper position onscreen, and to ensure that Internet Explorer does not reposition your windows to an undesired location on the screen, set the position parameters to window.open() as follows:

  • left Property; sets position relative to the upper-left corner of the display containing the Internet Explorer window that is calling window.open to display the new window. Value must be greater than or equal to 0.
  • top Property; sets position relative to the upper-left corner of the display containing the Internet Explorer window that is calling window.open to display the new window. Value must be greater than or equal to 0.

Window restrictions also constrain script-driven positioning of existing frame windows so that the status bar, title bar, and address bar (if displayed) are always visible to the user. If your script initiates movement of existing frame windows, be sure to set the position parameters as follows:

  • left Property; sets position relative to the upper-left corner of the display containing the Internet Explorer window that is calling window.open to display the new window. Value must be greater than or equal to 0.
  • right Property; sets position relative to the upper-right corner of the display containing the Internet Explorer window that is calling window.open to display the new window. Value must be greater than or equal to 0.
  • moveTo Method; moves the screen position of the upper-left corner of the window to the specified coordinates. iX specifies the horizontal scroll offset in pixels, and iY specifies the vertical scroll offset in pixels. Both values must be greater than or equal to zero.
  • moveBy Method; moves the screen position of the window by the specified iX and iY offset values. iX specifies the horizontal scroll offset in pixels, and iY specifies the vertical scroll offset in pixels. Both values must be greater than or equal to zero.

Script Sizing of Internet Explorer Windows

Window size can be set by scripts that call the window.open method. Prior to Internet Explorer 6 for Windows XP SP2, script-opened Internet Explorer frame windows could be sized so that the status bar was not visible on the screen. The status bar could be hidden either by making the windows extremely small or by making the windows larger than the screen.

Window restrictions constrain the maximum size of script-opened frame windows. Along with the positioning constraints described above, these restrictions ensure that the status bar and the title bar are always visible to the user. Scripts cannot size windows so that the status bar is not visible, nor can scripts open windows in kiosk mode. Kiosk mode is a mode that does not display the title bar, the status bar, or the address bar.

Note  The user can still choose to open windows in kiosk mode; the user or site administrator can also manually change this state.

Script Management of Internet Explorer Status Bar

The status bar is an Internet Explorer security feature that provides the user with Internet Explorer security zone information. Prior to Internet Explorer 6 for Windows XP SP2, the status bar could be hidden from the user by scripts that call the window.open method. With the status bar hidden from view, users could be deceived into thinking that they were on a trusted site when they were actually interacting with a malicious host.

With window restrictions in place, the status bar cannot be turned off for any window created by the window.open method; it is always visible for all Internet Explorer windows. The zone information that the status bar contains cannot be spoofed or hidden from view, so that the user always knows in what security zone the content is being displayed.

Guidelines for Scripting Internet Explorer Frame Windows

To obtain the best results and to avoid unexpected outcomes with your script-opened Internet Explorer frame windows, follow these guidelines when you code windows that open by using the window.open method.

  • The status bar is always on by default, so be sure that your code allows for the space the status bar takes up in the display. Allow 20-25 pixels for the height of the status bar.
  • To account for the status bar, you might need to modify scripts that use resizeTo method calls to resize new frame windows that do not have a status bar. The size parameters for the resizeTo method are for the entire Internet Explorer frame window.
  • The window will not cover the taskbar. Be sure your window is sized vertically so that it is no more than 30 pixels outside the taskbar. Code your windows so that they fit well visually with the window's overall size.
  • Windows will not open offscreen. If a window is coded to open offscreen, Internet Explorer will reposition it by the smallest X and Y coordinates so that the window opens fully onscreen. Position your windows so that they open onscreen and in the correct location by always using positive integers for your position parameters.
  • Be sure that your script takes into account the fact that if your script calls window.open with the fullscreen=yes specification, the result is a maximized window, not a window in the kiosk mode.
  • Be sure to account for user UI settings for font size, display theme, and screen resolution when you code your windows.

Restrictions on Internet Explorer HTML Pop-up Windows

Window restrictions constrain script-opened HTML pop-up windows, also known as "chromeless" windows, to ensure that the windows do not obscure important user interface elements of the parent Internet Explorer window. There are several ways in which window restrictions constrain HTML pop-up windows that are created by the window.createPopup method.

Script Positioning of HTML Pop-up Windows

Pop-up window position on the screen can be dictated by scripts that call the window.createPopup method. Prior to Internet Explorer 6 for Windows XP SP2, script-opened HTML pop-up windows could potentially be placed anywhere, so that they could either obscure or replace important elements or information. HTML pop-up windows could also open entirely offscreen and be hidden from the user. HTML pop-up windows were also created as "topmost" windows, which means that they would overlay other windows related to the Internet Explorer window opening the HTML pop-up window; in particular, HTML pop-up windows could overlay dialog boxes opened by Internet Explorer.

The window restrictions feature places two constraints on the positioning of HTML pop-up windows:

  1. HTML pop-up windows must be entirely onscreen horizontally, and must overlap the parent window horizontally. If the show() call attempts to place the HTML pop-up window partially or completely off the visible display area, or in a position that does not horizontally overlap the window containing the script showing the HTML pop-up window, Internet Explorer will reposition the the HTML pop-up window by the smallest distance necessary so that the HTML pop-up window appears fully onscreen and overlaps the parent window horizontally.
  2. HTML pop-up windows must appear between the top of the parent window (typically the bottom of the address bar) and the bottom of the parent window (typically the top of the Internet Explorer status bar). If necessary, Internet Explorer will reposition or shrink the vertical size of the HTML popup (or both) to ensure that it meets the vertical positioning constraints.

In addition, HTML pop-up windows are no longer "topmost" windows. HTML pop-up windows will remain immediately above the Internet Explorer window from which they are shown. Scripts cannot change an HTML pop-up window's z-order.

Windows created with the window.createPopup method are displayed by using the window.show method. To ensure that your HTML pop-up windows appear in the proper position onscreen, and that Internet Explorer does not reposition your pop-up windows to an undesired location on the screen, set your position parameters as follows, where iX=the x-coordinate of the HTML pop-up window in pixels, and iY=the y-coordinate of the pop-up window in pixels. You can also optionally specify an element to which you want your HTML pop-up window to be relative.

  • iX = integer; sets position relative to the upper-left corner of the specified element. If you do not specify an element to which your window is relative, iX is relative to the desktop. The value of iX must be greater than or equal to 0.
  • iY = integer; sets position relative to the upper-left corner of the specified element. If you do not specify an element to which your window is relative, iY is relative to the desktop. The value of iY must be greater than or equal to 0.

Script Sizing of HTML Pop-up Windows

Pop-up window size can be dictated by scripts that call the window.createPopup method. Prior to Internet Explorer 6 for Windows XP SP2, script-opened HTML pop-up windows could be sized to cover the entire screen so that the window could obscure important security elements and spoof the user interface or the desktop. The code could also hide malicious information or activity from the user.

In addition to repositioning HTML pop-up windows, the Window restrictions feature constrains the size of HTML pop-up windows so that they cannot cover the address bar or the Internet Explorer status bar. If you size a window with dimensions taller than allowed, the HTML pop-up window will be truncated so that it appears on the screen only between the status bar on the bottom and the address bar on the top. The HTML pop-up window's content will also be truncated, so that your content appears to be cut off, and important information can be lost below the status bar.

Guidelines for Scripting HTML Pop-up Windows

Follow these guidelines when you code HTML pop-up windows that open by using the window.createPopup method.

  • Window restrictions will not allow HTML pop-up (chromeless) windows to cover the parent window's status bar or title bar. Code your windows so that they are vertically sized no larger than the currently visible area of the page.
  • HTML pop-up windows will not open offscreen. If a window is coded to open offscreen, Internet Explorer will reposition it by the smallest X and Y coordinates so that the window opens fully on screen. Position your HTML pop-up windows so that they open onscreen.
  • Be sure to plan for the fact that Internet Explorer no longer allows more than one pop-up window per page.
  • As with new Internet Explorer frame windows, be sure to account for user UI settings for font size, display theme, and screen resolution when you code your HTML pop-up windows.