6

Firefox has long had a feature to protect users from over-aggressive Javascript websites that would generate repeated pop-ups to trick or annoy visitors. Is there a way to disable this protection on specific websites, rather than disabling it entirely?

I've found a way of doing the latter and while it's been years since I've seen one of those popup-bait websites I'd rather not risk my browser's security or stability by disabling the warning globally.

While I understand that any legitimate website has no business abusing pop-ups in this fashion, the ERP portal that I need to use introduced this amazing pop-up feature in a recent update.

Note: this question is about disabling the warning from the user-side.

Lilienthal
  • 512
  • 3
  • 6
  • 19
  • As an aside, in Chrome (where one does not get an overlay, but a truly modal dialog) this could sort of hijack one's full browser. But even then some trickery can help to get out of it, like [knowing what window to focus, to enable the proper Close menus](http://superuser.com/questions/396108/mackeeper-has-hijacked-my-safari-browser/714039#714039) or by simply typing a different URL in the location bar. The URL trick also works in Firefox on a Mac, and no trickery is needed to access the Firefox menus. – Arjan Aug 14 '14 at 07:57
  • A [related question](http://stackoverflow.com/questions/8851299/) can be found on StackOverflow which examines Firefox' behaviour in more detail. – Lilienthal Aug 04 '15 at 10:20

3 Answers3

4

This behaviour can be controlled by setting the config parameter dom.successive_dialog_time_limit. This integer value represents a time window in seconds since the last pop-up. If a website generates a new pop-up within that window, Firefox will instead trigger the "Prevent..." dialog.

To set this value:

  1. Copy this string to your clipboard: dom.successive_dialog_time_limit
  2. In FireFox Address bar Enter: about:config and press enter.
  3. Accept the warning dialog.
  4. In the preferences area right-click.
  5. Select New-> Integer
  6. Paste the string you copied previous and click OK
  7. Enter the integer 0 in the next dialog box and click OK.1
  8. Close the about:config page.


1: for most cases, setting this value to 1 or 2 seconds will be sufficient to allow pop-up heavy websites to work without interruption while still stopping malicious infinite pop-up JavaScript code.

Lilienthal
  • 512
  • 3
  • 6
  • 19
Mayank Bhanderi
  • 66
  • 2
  • Accepting this since it seems to work. There's an obvious security/annoyance risk with disabling this of course. From a related question's [answer](http://stackoverflow.com/a/8851597/1103571) it seems like the popup dialog is shown if the **time that passed since the last website popup is smaller than this value**. Setting it to 1 would presumably work for the majority of cases while still blocking malicous javascript. – Lilienthal Aug 04 '15 at 10:09
0

Try this

if (confirm("Do stuff?")) 
  Dostuff(); 
else 
  location.reload();
zx485
  • 2,170
  • 11
  • 17
  • 24
Abel
  • 1
0

Take a look at the noscript firefox extension. By default all js is disabled. You then selectively enable it as and when needed:

The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).

NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.

NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...

Community
  • 1
DavidPostill
  • 153,128
  • 77
  • 353
  • 394
  • So you'd suggest blanket-disabling the pop-up protection and then only allowing trusted JS to run? That does seem like a valid solution. Personally, I ended up removing NoScript due to the amount of configuration involved in getting new sites to function properly so I'd likely prefer the inconvenience of ignoring security dialogs over that. – Lilienthal Aug 14 '14 at 12:19