Event 1027 - Pop-Up Blocking
- Logged Message
- What Is It?
- When Is This Event Logged?
- Example
- Remediation
- Related topics
Logged Message
The Pop-Up Blocker is a feature that blocks pop-up (and pop-under) windows initiated automatically by a website. Windows Internet Explorer 8 and Windows Internet Explorer 7 block pop-up windows in the Internet and Restricted sites zones by default. However, Pop-up Blocker allows pop-up windows initiated by a user's actions. Users can configure Internet Explorer 8 and Internet Explorer 7 for Windows XP with Service Pack 2 (SP2) and Windows Vista to be more or less restrictive. Users can also turn off Pop-up Blocker completely.
What Is It?
Pop-up blocking is a mechanism to prevent new browser windows being opened automatically using script. Generally, the Pop-up Blocker enables a window to open under the following circumstances:
- When initiated by user action, such as clicking a button or hyperlink
- When opened in the Trusted sites and Local intranet zones (considered safe)
- When opened by other applications running on the local computer
The affected script methods are:
- window.open
- window.showHelp
- window.showModalDialog
- window.showModelessDialog
- window.external
- window.NavigateAndFind
Note Pop-ups created with window.createPopup are unaffected by the Pop-up Blocker.
A pop-up block log entry includes the values taken into account to determine whether or not to display the pop-up. This is a combination of multiple INewWindowManager flags (NWMF). For more information, see NWMF Enumerated Type.
When Is This Event Logged?
This event is logged when the pop-up blocker blocks a new pop-up window.
Example
Perform the following steps to see this event logged in the compatibility tool:
Create a webpage with the following contents. For this example call it 1027.html.
<html xmlns="http://www.w3.org/1999/xhtml" > <head> <title>Windows Restrictions Example</title> </head> <body> <script type="text/jscript"> window.open("https://www.microsoft.com","_blank"); </script> </body> </html>
Install the file in the root directory of the local web server. On a Microsoft Internet Information Services (IIS) server this means putting the file in this directory:
.\wwwroot
Ensure the Windows Internet Explorer popup blocker is turned on. This setting is controlled by a checkbox that can be found through Tools > Internet Options and selecting the Privacy tab of the Internet Options dialog box.
On the Privacy tab of Internet Options, click Settings in the Pop-up Blocker section. Make sure 127.0.0.1 is not in the Allowed Sites list. Remove it if it is.
Browse to the file:
http://127.0.0.1/1027.html
The page will attempt to create a new popup using window.open. Internet Explorer will block the attempt and prompt the user for confirmation that they want to open the pop-up. The event is also logged.
Remediation
There are two ways to modify the Pop-up Blocker:
- From Internet Explorer, click Tools, click Pop-up Blocker, and then click Turn On Pop-up Blocker.
- From the Internet Explorer Internet Options window, click the Privacy tab, and then check Turn on Pop-up Blocker.
From the Internet Options window, you can also click Settings and identify specific websites to enable pop-up windows.
Web developers can perform the following actions:
- Modify your webpage to open a new window by user-initiated action, such as a button click or hyperlink.
- Instruct your users to enable pop-ups from specific sites (or use Group Policy to add specific websites to the trusted or local intranet zone).
- Check for a NULL return value for any windows you open. This indicates whether the pop-up window opened successfully and enables you to handle either case.
Note Some websites call the window.open method on an onunload event to get users to stay on the site longer or to serve them with an advertisement. Some websites open a new window outside of the visible desktop area or open a window that is larger than the screen. Internet Explorer does not enable any of this to occur. For more information, see About Window Restrictions.
You can also control the pop-up blocking feature through the registry.
You manage Pop-up Blocking through a separate registry key from the other security features:
HKEY_LOCAL_MACHINE (or HKEY_CURRENT_USER)\SOFTWARE\Microsoft\Internet Explorer\New Windows\PopupMgr = 0x00000000
This feature can also be controlled by the following Group Policy settings:
GPO Policy Path | GPO Policy Setting Name | GPO Settings |
---|---|---|
Administrative Templates\Windows Components\Internet Explorer | Turn off pop-up management | If you enable this policy setting, the Control Panel information relating to pop-up management will be unavailable (grayed out) and all other pop-up manager controls, notifications, and dialog boxes will not appear. Pop-up windows will continue to function as they did in Windows XP Service Pack 1 (SP1) or earlier, although windows launched off screen will continue to be re-positioned onscreen. If you disable or do not configure this policy setting, the pop-up management feature will be functional. |
Applications that host the WebBrowser can also take advantage of the security feature control by adding their process to the same registry locations. You can do this programmatically, using the CoInternetSetFeatureEnabled function.
Note If an application does not run under this security feature control, the WebBrowser control behaves the same as previous versions of Windows Internet Explorer.
An application that hosts the WebBrowser control can also implement the INewWindowManager interface to use or extend the Pop-up Blocker.
How Can I Fix Problems Identified by this Security Feature?
You can put trusted websites on the allow list so pop-up windows are not blocked, as follows:
HKEY_CURRENT_USER
SOFTWARE
Microsoft
Internet Explorer
New Windows
Allow
URLName = <URLs of trusted sites>
For example, setting URLName = 127.0.0.1
mean that the pop-up in the example above is not blocked.
This feature can also be controlled by the following Group Policy settings:
GPO Policy Path | GPO Policy Setting Name | GPO Settings |
---|---|---|
Administrative Templates\Windows Components\Internet Explorer | Pop-up allow list | If you enable this policy setting, you can enter a list of sites which will be allowed to open pop-up windows regardless of user settings. Users will not be able to view or edit this list of sites. Only the domain name is allowed, so www.contoso.com is valid, but not https://www.contoso.com is not. Wildcards are allowed, so *.contoso.com is also valid. If you disable this policy setting, the list is deleted and users may not create their own lists of sites. If this policy is not configured, users will be able to view and edit their own lists of sites. |