window.close() security enhancementsWhy doesn't the window.close() method always work?
window.close() method could be used to close any open browser window. People being the malicious animals that they are, the window . close () command was exploited in practical jokes. For example, some jokers were able to rig their web pages so that a guest's browser would automatically close when he or she stumbled upon the joker's web page. This was never a threat to anyone's system, but it was still annoying because it caused users to "lose their place" on the web. (Closing a browser window usually destroys its history list.)
Navigator 2.0 also made it possible to send JavaScript "mail bombs" to users who used Netscape Mail. When opened, these mail bombs would automatically cause the user's mail window to close. Not only would this leave the unlucky recipient inconvenienced and confused, it might also lead him or her to believe that there was a bug or virus in the software.
Netscape addressed this problem in Navigator 3.0 by restricting the ways in which window.close() can be used. In particular, the new specification says that only windows which were opened with JavaScript can be closed by JavaScript.
On some systems, when JavaScript is used to close a window that it didn't open, the user is presented with a confirmation box that warns him or her that the window is about to be closed. At this point, the user is given an opportunity to cancel the operation.
If you are using Navigator 3.0, you can see this new security feature in action by pressing the button below. (Caution: If you are using Navigator 2.0, pushing this button will close your browser window!)
There is one exception to the rule mentioned above. If the browser window has only one item in its history list, JavaScript can close the window without the user's confirmation. Netscape's documentation says that this is a "special case for one-off windows that need to open other windows and then dispose of themselves."
Charlton Rose
8 Jan. 1997