June 05, 2004
Say Farewell To window.open()

With the advent of Windows XP Service Pack 2 which is expected to be released in September this year a new challenge is waiting for Flash developers: under the title "safer browsing" Microsoft will introduce some new security features into Internet Explorer. One of them is the integrated Pop-Up Blocker which will be activated by default.

As helpful as this might sound it will create some headaches for Flash Developers, because one of the side-effects is that the window.open() method will cease to function if the Pop-Up Blocker is activated. Unfortunately that's currently the only way to open new windows from Flash. This excerpt from Microsoft's developer checklist tells it straightforward:

Q: Does your Web site launch pop-up windows through other objects (e.g., Macromedia Flash movies)?
A: These pop-up blocker blocks these pop-up windows. There is no workaround.

We will see how long it will take until someone finds a solution, but be prepared for some phonecalls by your former clients whose sites have stopped working...

Posted at June 05, 2004 12:12 AM | Further reading
Comments

If I got it right it only happens if you write the actual javascript inside Flash (e.g. getURL("javascript:window.open('...')") .

You should still be able to call javascript function that is embedded in the HTML that serves the SWF.

It's really very annoying, imagine the amount of reworks needed to Flash sites - on the other hand, more work for us freelancers ;)

Posted by: Peter on June 5, 2004 12:34 AM

"There is no workaround."

HAHA YEH RIGHT!

Posted by: Achilles on June 5, 2004 03:36 AM

I think that at first this will be a pain for a lot of people, but overall, I agree with Microsoft's decision. Not only for popup ads, but in general, I think there is very seldom a real need to open a page in a pop-up window. Especially if you're developing in Flash.

Posted by: Marcus Vorwaller on June 5, 2004 05:01 AM

the only hope is that pc-users maybe will change there explorer bullshit browser for a better one ...

Posted by: kurt on June 5, 2004 12:06 PM

and is there a better one? :\

the problem with this micro$oft popup blocker is that it shouldn't block when the open function is called via user input instead.

Posted by: dns on June 5, 2004 01:40 PM

My first reaction was of shock. But while I was writting my outrage I came to the conclusion that this is not that bad of a move.

Lets see it in perspective. What we are talking about here is of a popup blocker built in IE. After all, how many other browsers out there do you know that have popup blocker functionality?... Exactly. Almost all of them.

Posted by: Marfig on June 5, 2004 03:20 PM

Marfig: yeah, but browsers with popup blockers (ie, firefox) are usually used by people who can figure that a popup is being blocked and that they need to allow popups from a given site. Now imagine if IE doesn't support popups anymore; clueless users won't understand why the shiny site isn't working anymore.

Granted, looks like there's a few workarounds as long as it's one window only, etc. But it's still shocking because it'll probably require a lot of work done to get around it for sites that rely on several popups at the same time.

Posted by: zeh on June 5, 2004 10:29 PM

I posted your info on my site too, and was wondering about one other thing after browsing the M$ Q/A a bit:
"Microsoft Internet Explorer will block ActiveX controls in the follow(ing) cases: ... Navigation that would result in an ActiveX installation prompt"

Isn't the Flash Plug-in for IE an ActiveX too, and wouldn't that nullify all the detection scripts we now use?

Posted by: eyezberg on June 6, 2004 11:28 PM

Hi All,

Just to clarify ... If i call my flash movie from the index.html file using window.open ... is that going to be considered a popup???

If it is then is there any other way I can control the IE browser window to turn off the toolbars ?

Cheers

Posted by: Lawrence on June 7, 2004 03:20 AM

Um... just use flash to call a js function that does a detect for a IE 6.x (whatever version comes with SP2) or just check via if(window.open) maybe. With that conditional in your js function serve the browser a window.open or use the new method being provided as of SP2 (I think there is a new IE method being provided). Seems simple enough to do moving forward and not that big of a deal fixing old scripts. As a professional web developer I don't think that this is all that big of deal. What say you?

Posted by: Sarge on June 7, 2004 04:59 AM

"There is no workaround" !
Did you read the Microsoft article..?

Posted by: eyezberg on June 7, 2004 08:02 AM

of course there will be a workaround. no-one has found it yet, but that doesn't meant it exists. i mean, come on, it's Micro$oft.

of course, it's bad manners to open popup windows anyway. only stupid graphic designers who haven't a clue about accessibility or usability do that.

Posted by: njs on June 7, 2004 08:41 AM

I am really sad about this new position. In Fact i mastered popups as well as context menus in IE and they can be very helpful with bigger applications for browser. Its something like: ahh they found out you can do banners with flash so that you can't read any content anymore uhh we have to deactivate flash ...

I have to say it again IE SUCKS!

Posted by: Martin Heidegger on June 7, 2004 09:21 AM

Kirupa has the XP Servicepack Beta and writes how this effect will look in real life:

http://www.kirupaforum.com/forums/showthread.php?p=532108#post532108

Posted by: Mario Klingemann on June 7, 2004 03:35 PM

I think this is an awesome decision. Popups are an annoying, destructive gateway to unwanted spyware installs. I don't like having to equip every machine I own with three programs (Pop-Up Stopper, Ad-Aware and McCaffee antivirus) just to be sure I'm safe when surfing the internet. I wish everyone would stop using them.

Posted by: mike britton on June 7, 2004 09:38 PM

"of course, it's bad manners to open popup windows anyway. only stupid graphic designers who haven't a clue about accessibility or usability do that." - njs

I disagree that pop-ups don't have their place.

Say I was writing some tracking software of sorts, I am using Flash so I can be cross browser compatible, but I wanted to add the ability to upload and associate files with items. I don't want to unload the application to do this. I want to pop-up a window, let the user do what he/she needs to do and close the window. Opening modals has been a part of windows application development for a loooooong time. Extending that into the browser world extends upon what users already know. Changing this setting makes it more difficult to develop applications in a style that people are a custom too.

Posted by: Phillip R. Cargo on June 8, 2004 12:39 AM

Sounds like a job for Central! You don't need popup windows, Phillip.

Posted by: mike britton on June 8, 2004 05:16 PM

I looked at Central, the offline capability had me excited till I found out you couldn't download files to the system. Which leaves you with an application platform that doesn't play well with others (cannot integrate with other applications by using other file types).

For that same reason it doesn't work well online, The inability to download, edit, upload a file makes its usefulness limited. Business applications are all about integration, w/o it you have nothing.

Posted by: Phillip R. Cargo on June 8, 2004 07:24 PM

Well, the scary part is that msft can just decide to change ways the world works--all because their products are not up to a task. Quite a reason to be pissed off...

On the other hand, I wonder how many of those mega-annoying zooming, view-obstructing dhtml/layers are we going to see from then on...

Posted by: zee on June 8, 2004 10:53 PM

"Pop-up Blocker blocks most unwanted pop-up windows from appearing. Pop-up windows that are opened when the end user clicks a link will not be blocked."

Did I miss something?

Posted by: #/cisnky/# on June 9, 2004 11:42 AM

@cisnky: this statement is only true for links clicked within the HTML code. But if an Active-X control (like Flash) could simply tell IE "this link is initiated by a user interaction" then the Popup-Blocker would be pretty worthless as everybody would just use flash to bombard users with popups.

Posted by: Mario Klingemann on June 9, 2004 12:05 PM

Well, I've just installed WINXP sp2. There are no problems when you call a javascriptfunction. Just do not call a javascriptfunction directly from within flash e.g. (getURL("<script...

Posted by: Olivier on June 22, 2004 06:23 PM

At first, I was like OMG. Flash developers are screwed! But I read through Microsoft's feature page and actually, as others have said, this is fine guys. No sweat.

First of all, when you click a link and a popup is activated, it allows it. This means in Flash if you have a button that activates the getURL("javascript:window.open(whatever)"); that will STILL WORK.

However, if you are trying to automatically open windows without any clicking, it wont allow it.

One good thing to note however, is the popup blockers has an option to allow your site to open popups all the time.


It is stated as this:

"Allow Pop-up Windows from This Site. Adds the current site to the Allow list."


This feature can easily be found by going to TOOLS > POPUP BLOCKER > Allow from this site


So if people are on your site and go... hey... nothing happened... they will figure it out.


Now all we have to do is constantly tell them a popup opened. So if you automatically open popups, make a little box appear saying "WINDOW OPENED" so they know.


GOOD MOVE MICROSOFT. KICK ALL THOSE POPUNDERS AND POPUPS GOODBYE! HAHAHA.

This move has definately screwed all those damn popunders and popups. YAY.

Flash Forever.
Peace.

--Chad

Posted by: Chad on July 8, 2004 06:23 PM

So, compacting & resizing unto popups ..either its hip, or bot? - I'm a flash dev. myself .. Popups are annoying .. Actually I hate popup-flash sites leaving a "main site" under to "squeeze, resize content" to a minimum?

Not that I approve Mr. Gates limitations of pop-creativiness, but - the broad-lot-of-us has got tired of this pop-f* jam big jam ;)

In the end (like in .. "GAME OVER") i actually do appreciate the pop-honk/Pop-silly culture is finally dead .. Long live the real world ;)

/Chief

Posted by: Chief on July 9, 2004 01:19 AM

How many folks out there don't like getting paid?... ( crickets chirp ) ... I thought so.

Like it or not, Ad Agencies and Advertisers like pop-ups and pop-unders because they are tring to sell stuff. Take away ad money and lots of things on the web will just fade away.

So MS has changed the rules for everyone ( again) but this could be a good thing...

What happens now? What opportunities have been created by this move? How will advertiser's compensate? ( They're not going to lay down and die...)

For example, what happens to Unicast Interstitials?

This is a great chance to make some serious jack by coming up with solutions. This block is a barrier to entry to those who don't know how to deal with it. Ok, so YOU can code around the block, but what do we offer as more general/universal solutions?

Maybe this is one of the best things that ever happened to Flash...if we capitalize on it.

Suggestions? E.g. components, actionscripts, etc. How do Falshers come to the rescue and win more customers?

Posted by: socean on August 30, 2004 11:16 AM

My experience is that Windows (SP2) does not react with blocks at many javascripts in encrypted websites. So there is still hope...

Posted by: peter on September 13, 2004 10:29 PM

Any ideas on developing sites with Flash?? I just installed SP2 and now my local pc html sites with flash that I developed. They do not work (or javascript menus for that matter) directly anymore. I get the "IE has restricted that file" message. I've tried changing the settings on the internet, local intranet, trusted sites on the tools->security but it just won't let it through. I got a big headache, another step just to get something to work on my PC.

Posted by: badHheadache on September 14, 2004 06:48 PM

The only thing that get blocked for me is window.open() commands issued from an onLoad event on the HTML code.

If you call a javascript function with a windows.open() command in it, from a HTML link or if you call the function from flash using getURL("javascript:functionname('')");
then it wont be blocked.

But another annoying thing about servicepack2 is that you cannot make an html window truely fullscreen, you will always get the minimum browser window :-(

Just my 2 cents

Posted by: Anders on September 17, 2004 11:31 AM

It will not allow you to open espn.com

Posted by: john on September 18, 2004 03:30 AM

In my flash navigator I've got:

getURL("javascript:launchwin('http://www...


and a simple js function in my html:

var newwin;
function launchwin(winurl,winname,winfeatures)
{ newwin = window.open(winurl,winname,winfeatures);
newwin.focus();}


Now here's odd. The pop-up is blocked by IE UNLESS the html is part of a frameset.

???

Posted by: agentx on September 21, 2004 02:07 AM

OK _ I think I've got this pinned down (after hours of hair-pulling).

There appear to be one or two variables microsoft have not told us about - effecting window opening from flash on IE. Maybe they hope to slow the hackers by not laying it all on a plate.

The wmode transparent parameter is the key.
Far as I can see, if you employ this parameter the user can't launch a javascripted pop-up from your flash movie without triggering IE's pop-up blocker.

I guess with hindsight I can see why MS would choose to do this (invisible flash movie launching nasties).

But... if the transparent movie is within a frameset the pop-up is not blocked. Hmmn...

Posted by: agentx on September 21, 2004 03:30 AM

One other little discovery:

target="_blank" from a flash movie in transparent mode is also blocked by IE under Service Pack 2(regardless of whether it's in a frameset).

Note also "setTimeout" is also forbidden if you want to avoid the block (as stated by MS).

Posted by: AgentX on September 22, 2004 07:47 PM

CORRECTION!

It was blocked because I used "setInterval" with the target="_blank" in the movie.

Clearly they're blocking attempts to launch a delayed pop-ups (from transparent swfs).

Posted by: AgentX on September 22, 2004 08:08 PM

Please check out this Macromedia Technote and download the Hotfix that deals with some of the problems:
http://www.macromedia.com/support/flash/ts/documents/xpsp2.htm

Posted by: Mario Klingemann on September 27, 2004 05:01 PM

It looks like people have found a way to circumvent the IE-popup blocker:

http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2004-12/0274.html

Demo here:
http://www.malware.com/flopup.html

Posted by: Mario Klingemann on December 13, 2004 03:52 PM

hi, can anyone help me
I cant open a fullscreen using a html.
I used window.open() function
It works fine with SP1

but can anyone tell me how it can be sorted if i have SP2

Posted by: balaji on January 18, 2005 01:04 PM

Hi guys. Simple solution for: How to open new windows or any javascript from Flash under XP-SP2 msie? Have a look at my site code, the halfway how-to is there. The flash onpress calls a FSCommand Function (instead of js) which is handled by a js/vbs. You can mail me.

Posted by: RasaRavi on January 20, 2005 04:35 PM

hi,
exist any way how to open 2 popup window? one is easy, but i cant open two separated window.
K

Posted by: Kuba on January 26, 2005 04:56 PM

But FSCommand means Mac browsers will get no pop ups.

Posted by: PennyMachines.co.uk on February 11, 2005 12:40 AM

My comment from January 20, 2005 04:35 PM is an old one. My site is copl. redesigned not using the FScommand anymore. The trick works fine, of course Mac browsers will get no pop ups with FSCommand, but the whole thing was created to get it on the f´d winXP-SP2.

Posted by: RasaRavi on December 16, 2005 12:33 AM
Post a comment
Name:


Email Address:


URL:


Comments:


Remember info?



Thank you!

Most Visited Entries
Sketches, Works & Source Code
Lectures
Contact
Backlog
In Love with
Powered by
Movable Type 2.661

© Copyright Mario Klingemann

Syndicate this site:
RSS 1.0 - RSS 2.0

Quasimondo @ flickr
Quasimondo @ LinkedIn
Quasimondo @ Twitter
Quasimondo @ Facebook
Quasimondo @ MySpace
Quasimondo is a Bright
Citizen of the TRansnational Republic
My other blog in german
Impressum


My family name is written Klingemann,
not Klingelmann, Klingeman, Klingaman, Kingemann,
Kindermann, Killingaman, Klingman, Klingmann, Klingonman
Klingemman, Cleangerman, Klingerman or Kleangerman

profile for Quasimondo at Stack Overflow, Q&A for professional and enthusiast programmers