window.close 和 self.close 不会关闭 Chrome 中的窗口 [英] window.close and self.close do not close the window in Chrome
问题描述
问题是当我调用 window.close() 或 self.close() 时,它不会关闭窗口.现在似乎有人认为,在 Chrome 中,您无法通过脚本关闭任何不是脚本创建的窗口.这显然是错误的,但无论如何它仍然应该这样做,即使它需要弹出警报进行确认.这些都没有发生.
那么,是否有人拥有使用诸如 javascript:window.close() 或 javascript:self.close() 之类的东西来关闭窗口的真实、实用且经过验证的方法?实际上,在不是基于 Chrome 的每个浏览器中都可以正常执行预期的操作吗?任何建议将不胜感激,我正在寻找 Javascript 特定的解决方案,没有 JQuery 或第三方实现.
更新:虽然大部分建议都存在严重的局限性和可用性问题,但最新建议(特定于 TamperMonkey)使用 //@grant window.close 脚本标题中的代码通常会起作用,即使在那些通常无法处理 close 方法的选项卡上也是如此.虽然不完全理想并且不能推广到所有情况,但在我的情况下它是一个很好的解决方案.
普通 javascript 无法随意关闭窗口.这是一项安全功能,前段时间推出,用于阻止各种恶意攻击和烦恼.
<块引用>Window对象的close()方法应该,如果满足以下所有条件,关闭浏览上下文A:
- 相应的浏览上下文A是脚本可关闭的.
- 现有脚本的浏览上下文熟悉浏览上下文A.
- 允许现有脚本的浏览上下文导航浏览上下文A.
如果浏览上下文是由脚本创建(而不是由用户的操作)创建的辅助浏览上下文,则该浏览上下文是脚本可关闭的,或者如果是会话历史记录仅包含一个 Document 的浏览上下文.
这意味着,除了一个小例外,javascript 不能关闭不是由同一个 javascript 打开的窗口.
Chrome 允许该异常——它不适用于用户脚本——但 Firefox 不允许.Firefox 实现完全无误::><块引用>
此方法只允许为使用 window.open 方法的脚本打开的窗口调用.
<小时>
如果您尝试使用 Greasemonkey/Tampermonkey/用户脚本中的 window.close,您将获得:
Firefox: 错误消息脚本可能无法关闭不是由脚本打开的窗口."
Chrome:只是默默地失败了.
长期解决方案:
解决此问题的最佳方法是制作 Chrome 扩展程序和/或 Firefox 插件.这些可以可靠地关闭当前窗口.
然而,由于 window.close 带来的安全风险对于 Greasemonkey/Tampermonkey 脚本来说要小得多;Greasemonkey 和 Tampermonkey 可以在他们的 API 中合理地提供此功能(本质上是为您打包扩展工作).
考虑提出功能请求.
hacky 解决方法:
Chrome 目前容易受到自我重定向"漏洞的攻击.所以像这样的代码过去通常可以工作:
open(location, '_self').close();这是 IMO 的错误行为,现在(截至 2015 年 4 月左右)大多被阻止.如果标签刚刚打开并且浏览历史记录中没有页面,它仍然可以使用注入代码仅.所以它只在极少数情况下有用.
但是,一个变体仍然适用于 Chrome(v43 和 v44)以及 Tampermonkey(v3.11 或更高版本).使用明确的 @grant 和普通的 window.close().EG:
//==用户脚本==//@name window.close 演示//@include http://YOUR_SERVER.COM/YOUR_PATH/*//@grant GM_addStyle//==/用户脚本==setTimeout (window.close, 5000);感谢 zanetu 的更新.请注意,如果只打开一个选项卡,这将不起作用.它只会关闭其他标签.
Firefox 可以抵御该漏洞.因此,唯一的 javascript 方法是削弱安全设置,一次一个浏览器.
你可以打开about:config并设置allow_scripts_to_close_windows 到 true.
如果您的脚本供个人使用,请继续这样做.如果你让其他人打开那个设置,他们会很聪明,也有理由带着偏见拒绝.
目前没有适用于 Chrome 的等效设置.
The issue is that when I invoke window.close() or self.close() it doesn't close the window. Now there seems to be a belief that in Chrome you can't close by script any window that is not script created. That is patently false but regardless it is supposed to still do it, even if it requires to pop up an alert to confirm. These are not happening.
So does anyone have real, functional and proven method of closing a window using something like javascript:window.close() or javascript:self.close() that actually does what is expected and something that happens just fine in every browser that is NOT Chrome based? Any suggestions would be greatly appreciated and I am looking for Javascript specific solution, nothing JQuery or third party implementation.
Update: While much of what has been suggested has serious limitations and usability issues, the latest suggestion (specific to TamperMonkey) using // @grant window.close in the script header will often do the trick even on those tabs that normally can't handle the close method. While not entirely ideal and doesn't generalized to every case, it is a good solution in my case.
Ordinary javascript cannot close windows willy-nilly. This is a security feature, introduced a while ago, to stop various malicious exploits and annoyances.
From the latest working spec for window.close():
The
close()method on Window objects should, if all the following conditions are met, close the browsing context A:
- The corresponding browsing context A is script-closable.
- The browsing context of the incumbent script is familiar with the browsing context A.
- The browsing context of the incumbent script is allowed to navigate the browsing context A.
A browsing context is script-closable if it is an auxiliary browsing context that was created by a script (as opposed to by an action of the user), or if it is a browsing context whose session history contains only one Document.
This means, with one small exception, javascript must not be allowed to close a window that was not opened by that same javascript.
Chrome allows that exception -- which it doesn't apply to userscripts -- however Firefox does not. The Firefox implementation flat out states:
This method is only allowed to be called for windows that were opened by a script using the
window.openmethod.
If you try to use window.close from a Greasemonkey / Tampermonkey / userscript you will get:
Firefox: The error message, "Scripts may not close windows that were not opened by script."
Chrome: just silently fails.
The long-term solution:
The best way to deal with this is to make a Chrome extension and/or Firefox add-on instead. These can reliably close the current window.
However, since the security risks, posed by window.close, are much less for a Greasemonkey/Tampermonkey script; Greasemonkey and Tampermonkey could reasonably provide this functionality in their API (essentially packaging the extension work for you).
Consider making a feature request.
The hacky workarounds:
Chrome is currently was vulnerable to the "self redirection" exploit. So code like this used to work in general:
open(location, '_self').close();
This is buggy behavior, IMO, and is now (as of roughly April 2015) mostly blocked. It will still work from injected code only if the tab is freshly opened and has no pages in the browsing history. So it's only useful in a very small set of circumstances.
However, a variation still works on Chrome (v43 & v44) plus Tampermonkey (v3.11 or later). Use an explicit @grant and plain window.close(). EG:
// ==UserScript==
// @name window.close demo
// @include http://YOUR_SERVER.COM/YOUR_PATH/*
// @grant GM_addStyle
// ==/UserScript==
setTimeout (window.close, 5000);
Thanks to zanetu for the update. Note that this will not work if there is only one tab open. It only closes additional tabs.
Firefox is secure against that exploit. So, the only javascript way is to cripple the security settings, one browser at a time.
You can open up about:config and set
allow_scripts_to_close_windows to true.
If your script is for personal use, go ahead and do that. If you ask anyone else to turn that setting on, they would be smart, and justified, to decline with prejudice.
There currently is no equivalent setting for Chrome.
这篇关于window.close 和 self.close 不会关闭 Chrome 中的窗口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
