• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Media / Ask 404TS: What’s up with “Are you sure you want to navigate away from this page?” dialogs?

Ask 404TS: What’s up with “Are you sure you want to navigate away from this page?” dialogs?

2010-03-28 by Jason

An interesting question has been posed on the 404 Tech Support forums asking about those pop-up dialogs you might receive every once in a while that start with “Are you sure you want to navigate away from this page?”. The question also asks, “Are there any dangers related to this? Will it install malware? Is there a way to block it automatically?” These are very good questions that we should all be pondering for security reasons. Let me share with you what my experience and research can tell about these somewhat intruisive, but potentially very helpful dialog boxes.

I encounter these messages daily for many legitimate reasons. Here are a few of those cases:

  • WordPress – 404 Tech Support is powered by WordPress. If I am writing up a new post and forget to save but try to go somewhere else in that tab, I’ll see the message with “The changes you made will be lost if you navigate away from this page.” After you save the post, you can navigate away without seeing this message.
  • Gmail – Every once in a while I can catch Gmail showing this message if an e-mail hasn’t been sent or auto-saved or it’s doing something that’s taking a while. Usually a little status message will be shown at the top of Gmail, but you’ll see this message if you try to navigate away with “Your message has not been sent.”
  • Google Docs – Google Docs auto-saves very frequently so it’s hard to catch it when there have been unsaved changes to the document. If you do, you’ll see this message with “You have unsaved changes in this document. Click Cancel now, then ‘Save’ to save them. Click OK now to discard them.”.
  • Ad sites – I used to be a member of an e-mail ad service. They’d e-mail you a link, you click on it, and it takes you to an advertising partner’s website. For each e-mail you would earn anywhere between 1 to 5 cents. In the last few months that I was apart of it, a lot of these sites, started implementing this message to make it difficult for you to leave the page and stay on the site longer. This was one of the reasons I cashed out and unsubscribed from this service.

Understanding It

The source of this message is a Javascript function, called OnBeforeUnload(). All it takes to show this message on a page is a script in between the Head tags of an HTML file that calls Window.OnBeforeUnload (or many other ways of applying the attribute to the elements of webpage). The function sets the first line, last line, and the operation of the OK and Cancel buttons. The middle line can be customized. The overall message can appear differently in browsers besides Firefox:

The exact message states in Firefox:

Are you sure you want to navigate away from this page?

Any string value… (This line can change per site/page.)

Press OK to continue, or Cancel to stay on the current page.

Internet Explorer:

Google Chrome:

Safari:

Opera does not recognize the OnBeforeUnload event in Javascript and just allows navigation to continue without prompting.

The OK button allows the unload operation to continue while the Cancel button aborts it. These buttons are fixed by the function and by themselves wouldn’t be usable for a malicious payload to be delivered. If you went to a favorite or bookmark, closed the tab/window, or clicked a (safe) link, you can pretty safely rely that clicking OK won’t put your computer in risk of any harm. However, that doesn’t mean that a dialog box couldn’t be crafted through other Javascript means to look exactly like the normal dialog (probably with typos though) and the OK button might redirect you to a malicious site, but this would have to be triggered manually instead of with the OnBeforeUnload event. A link that said ‘Close this window’ could possibly be configured to be a malware redirect through a pop-up like this, but if you are able to social-engineer people into clicking the link, it would just be easier to direct that click to a malicious site directly. You can learn more about the specifics of the OnBeforeUnload function from its MSDN article.

I took the example code used in that article and created a simple page with it so you can see it in action and view the source to see how simple it is. You can find it here: http://www.404techsupport.com/blog/script.html

Preventing It

Now that we understand where these windows are coming from and that they should be relatively safe, they can still be annoying. How can we prevent them from showing up? The only way to really filter out only this Javascript function is to use Opera as your browser as a result of their not supporting the event. The way to prevent these messages in Firefox is the same as preventing any other Javascript from executing, use one of these add-ons:

NoScript – NoScript denies all Javascript unless you specifically white-list a website to allow it.

YesScript – YesScript allows all Javascript unless you specifically black-list a website to deny it.

The two philosophical approaches all you to choose which extension matches your browsing style. NoScript might certainly be safer, but YesScript would probably be a less annoying transition. Either one of these extensions could be installed in Firefox and then give you control over blocking sites that use these messages from being able to run Javascript.

Conclusion

It is very interesting to find that many people assume this message is malicious even though in most cases it is implemented with the intent to be helpful. Whether it’s trying to prevent you from losing unsaved work or just keep you on an advertisement site a little longer, it should be safe to click Ok to continue on to your normal navigation. Of course, you can use extensions in Firefox to allow blocking Javascript and prevent yourself from having to see these screens.

Filed Under: Media, Tech Solutions

Trending

  • Adding a Russian Cyrillic Phonetic Keyboard to Windows
    In Tech Solutions
  • 10 Signs of an IT Noob
    In Talking Points, Tech Solutions
  • Avast! 8 available with new features
    In Security and Privacy, Software

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • Configure Outlook to recurring appointments for the last weekday of the month Configure Outlook to recurring appointments for the last weekday of the month
  • Read the Event Logs on Windows Server Core Read the Event Logs on Windows Server Core
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • 3d rendering circuit cloud for cloud computing technology Build and Deploy a Modern Web 3.0 Blockchain App in 2022
  • Telecom Application Development: When to Outsource Telecom Application Development: When to Outsource
  • Printer printing document wirelessly from mobile phone or smartphone wifi connection vector flat cartoon illustration, file air print on fax or ink jet via cellphone bluetooth modern design Why Your Business Needs Online Fax Services In 2022
  • 6 Best Ways to Protect Your Business Account 6 Best Ways to Protect Your Business Account
  • How to download videos from Instagram How to download videos from Instagram
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • Build and Deploy a Modern Web 3.0 Blockchain App in 2022
  • Telecom Application Development: When to Outsource
  • Why Your Business Needs Online Fax Services In 2022

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2022 · Magazine Pro Theme on Genesis Framework · WordPress · Log in