Unexpected behavior on certain websites regarding security

[Axilot]

Hello there,

I've discovered a "bug" in every Chromium based browser. When you open a page like "https://youareanidiot.cc/", there is a chance that it will open more and more windows and moving them. To still close your browser and prevent it from overcontrolling your browser type in killall <browser>, which brings us to the next point. I'm a linux user, so it may be only an issue with the Linux port of Chromium. However Firefox does not have this issue, so there are ways to block things like that from happening. I would be really happy to see Brave blocking those weird behaviors. Because no website would ever need to move their page on their own.

I hope I could help by reporting that.

[Axilot]

Update: After telling more people about that, we realized that it must be an issue with chromium in general. Linux and Windows are affected.

[bsclifton]

@Axilot this site (and problem) seems to require Flash, which is now deprecated. I'm on Windows though and I opened it up, nothing happens. If I click the "Plugin not supported", it opened a bouncing window which I could easily close from the taskbar

Can you help me understand what you're asking for with this issue? The ability to block a website from creating new windows? I'm not sure what you're asking for

[Axilot]

I think it would be great if there would be at least an option in the brave settings, that allows the user to prevent the website from moving your windows because i think that this would never be used by "real" professional pages.
And as we see here: https://youareanidiot.cc/scripts/you.js
It actually is the javascript. That's why it's still working even though flash gets blocked by default.

[diracdeltas]

i can't repro this on macos but i'm guessing it's due to https://developer.mozilla.org/en-US/docs/Web/API/Window/moveTo. this API doesn't seem to do anything on macos, so i'm surprised it works still in windows/linux.

[Axilot]

Yeah, that might be the case for you. It would be really good if that would be fixed for linux and windows aswell.

[ghost]

@bsclifton
Update: this site the reporter mentioned above is updated to use HTML5 now for modern browsers, so it is working on every major browser. I have blocked all pop ups and redirects in global settings, however Brave fails to block the pop ups somehow. I am using Macbook Air MacOS 12.1 on
Brave Nightly 1.36.9 Chromium: 97.0.4692.56 (Official Build) nightly (arm64)
Revision | 04da6c66398ca50e603cc236a07dc7dfd3bbc750-refs/branch-heads/4692@{#990}

[bsclifton]

@simonhong can you help me check this one? We may have a regression with Chromium 97 if it works (blocks popups) in other browsers but not Brave

[simonhong]

@bsclifton I can see same behavior on all brave channels and chrome stable.
Just loading this site doesn't create popups. All are blocked by popup blocker by default.
When I clicks on that page, moving popup is created.