window.close和self.close不要在Chrome中关闭该窗口 [英] window.close and self.close do not close the window in Chrome
问题描述
问题是,当我调用 window.close()或 self.close()时,关闭窗户。现在似乎有人相信,在Chrome中,您无法通过脚本关闭任何不是脚本创建的窗口。这显然是虚假的,但无论它是否应该仍然这样做,即使它需要弹出警报来确认。这些都没有发生。
那么有没有人使用 javascript:window.close()来关闭窗口的真实, 或 javascript:self.close()实际上是做什么事情,并且在基于非Chrome的每个浏览器中都会发生这种情况。任何建议将不胜感激,我正在寻找Javascript特定的解决方案,没有什么JQuery或第三方实施。 更新:虽然大部分建议都存在严重的限制和可用性问题,但最新建议(特定于TamperMonkey)使用脚本头文件中的 // @grant window.close 通常会在那些通常无法处理close方法的选项卡上执行。虽然不是完全理想的,并且不会推广到每一种情况,但对我来说这是一个很好的解决方案。 解决方案
普通的javascript不能关闭窗户,无所畏惧。这是前段时间介绍的一项安全功能,用于阻止各种恶意漏洞和攻击。
来自 window.close() 的最新工作规范:
如果满足以下所有条件,Window对象上的
close()方法应该,关闭浏览上下文 A :
- 相应的浏览上下文 A em> script-closable 。
- 现任脚本的浏览上下文熟悉浏览上下文 A 。
- 允许现任脚本的浏览上下文浏览浏览上下文 A 。
如果浏览上下文是由脚本创建的辅助浏览上下文(与用户的操作相反),则脚本可关闭,或者如果它是一个浏览上下文,其会话历史记录只包含一个Document。
这意味着,除了一个小例外, javascript must不允许关闭未由同一个JavaScript打开的窗口。
Chrome允许该例外 - 它不适用于userscript - - 但Firefox不。 Firefox的执行情况持平状态:
只允许为使用
window.open的脚本打开的窗口调用此方法
如果您尝试要使用Greasemonkey / Tampermonkey / userscript中的 window.close ,您将获得:
Firefox:错误消息 脚本可能无法关闭未通过脚本打开的窗口。
Chrome:只是静静地失败。
长期解决方案:
解决此问题的最佳方法是改为使用Chrome扩展程序和/或Firefox插件。这些可以可靠地关闭当前窗口。
然而,由于 w构成的安全风险indow.close ,对于Greasemonkey / Tampermonkey脚本来说要少得多; Greasemonkey和Tampermonkey可以在他们的API中合理地提供这种功能(本质上为你打包扩展工作)。
考虑提出功能请求。
哈克解决方法:
Chrome 当前易受自我重定向攻击的影响。所以这样的代码通常用于工作:
open(location,'_self')。close();
这是错误的行为,IMO,现在(截至2015年4月)大部分被封锁。如果标签刚刚打开并且浏览历史记录中没有页面,它仍然可以从已注入代码 运行。所以它只适用于一小部分情况。
然而,一个变体在Chrome(v43& v44)加上Tampermonkey(v3.11或更高版本)。使用明确的 @grant 和普通的 window.close()。 EG: // == UserScript ==
// @name window.close demo
/ / @include http://YOUR_SERVER.COM/YOUR_PATH/*
// @grant GM_addStyle
// == / UserScript ==
setTimeout(window.close,5000 );
感谢 zanetu 进行更新。请注意,如果只有一个选项卡打开,这将不起作用。它只会关闭其他标签。
Firefox 可以有效抵御这种攻击。所以,唯一的javascript方法是一次性瘫痪安全设置,一个浏览器。
您可以打开 about:config 并将
allow_scripts_to_close_windows 设置为 true 。
如果您的脚本是供个人使用的,请继续并执行此操作。如果你要求其他人改变这种情况,那么他们会很聪明,而且有理由拒绝这种偏见。
目前没有与Chrome等效的设置。
The issue is that when I invoke window.close() or self.close() it doesn't close the window. Now there seems to be a belief that in Chrome you can't close by script any window that is not script created. That is patently false but regardless it is supposed to still do it, even if it requires to pop up an alert to confirm. These are not happening.
So does anyone have real, functional and proven method of closing a window using something like javascript:window.close() or javascript:self.close() that actually does what is expected and something that happens just fine in every browser that is NOT Chrome based? Any suggestions would be greatly appreciated and I am looking for Javascript specific solution, nothing JQuery or third party implementation.
Update: While much of what has been suggested has serious limitations and usability issues, the latest suggestion (specific to TamperMonkey) using // @grant window.close in the script header will often do the trick even on those tabs that normally can't handle the close method. While not entirely ideal and doesn't generalized to every case, it is a good solution in my case.
Ordinary javascript cannot close windows willy-nilly. This is a security feature, introduced a while ago, to stop various malicious exploits and annoyances.
From the latest working spec for window.close():
The
close()method on Window objects should, if all the following conditions are met, close the browsing context A:
- The corresponding browsing context A is script-closable.
- The browsing context of the incumbent script is familiar with the browsing context A.
- The browsing context of the incumbent script is allowed to navigate the browsing context A.
A browsing context is script-closable if it is an auxiliary browsing context that was created by a script (as opposed to by an action of the user), or if it is a browsing context whose session history contains only one Document.
This means, with one small exception, javascript must not be allowed to close a window that was not opened by that same javascript.
Chrome allows that exception -- which it doesn't apply to userscripts -- however Firefox does not. The Firefox implementation flat out states:
This method is only allowed to be called for windows that were opened by a script using the
window.openmethod.
If you try to use window.close from a Greasemonkey / Tampermonkey / userscript you will get:
Firefox: The error message, "Scripts may not close windows that were not opened by script."
Chrome: just silently fails.
The long-term solution:
The best way to deal with this is to make a Chrome extension and/or Firefox add-on instead. These can reliably close the current window.
However, since the security risks, posed by window.close, are much less for a Greasemonkey/Tampermonkey script; Greasemonkey and Tampermonkey could reasonably provide this functionality in their API (essentially packaging the extension work for you).
Consider making a feature request.
The hacky workarounds:
Chrome is currently was vulnerable to the "self redirection" exploit. So code like this used to work in general:
open(location, '_self').close();
This is buggy behavior, IMO, and is now (as of roughly April 2015) mostly blocked. It will still work from injected code only if the tab is freshly opened and has no pages in the browsing history. So it's only useful in a very small set of circumstances.
However, a variation still works on Chrome (v43 & v44) plus Tampermonkey (v3.11 or later). Use an explicit @grant and plain window.close(). EG:
// ==UserScript==
// @name window.close demo
// @include http://YOUR_SERVER.COM/YOUR_PATH/*
// @grant GM_addStyle
// ==/UserScript==
setTimeout (window.close, 5000);
Thanks to zanetu for the update. Note that this will not work if there is only one tab open. It only closes additional tabs.
Firefox is secure against that exploit. So, the only javascript way is to cripple the security settings, one browser at a time.
You can open up about:config and set
allow_scripts_to_close_windows to true.
If your script is for personal use, go ahead and do that. If you ask anyone else to turn that setting on, they would be smart, and justified, to decline with prejudice.
There currently is no equivalent setting for Chrome.
这篇关于window.close和self.close不要在Chrome中关闭该窗口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
