Thursday, January 7, 2010

How to disable javascript alerts in Firefox

There are few things more annoying than clicking away from a web site only to be asked, "Are you sure you want to navigate away from this page?" Even worse are the sites that repeatedly through up alert boxes, essentially hijacking your browser.

Luckily these features can be easily (well pretty easily) disabled in Firefox by adding a few lines to your user.js file. This file does not exist by default, so unless you've already created one, you'll need to create it. It goes in your mozilla profile directory. This will be the same directory that contains your prefs.js file...

On Windows:
%APPDATA%\Mozilla\Firefox\Profiles\xxxxxxxx.default\

On Ubuntu:
~/.mozilla/firefox/xxxxxxxx.default/


Here is an example user.js file. This will block ALL javascript alert, confirm, and prompt pop-ups, as well as prevent javascript from opening a new window. Some may consider this a bit extreme, so feel free to pick and choose which lines to include:

//
// user.js: Personal prefs which mozilla shouldn't overwrite.
//

// Disable alert, confirm, and prompt windows
user_pref("capability.policy.default.Window.alert", "noAccess");
user_pref("capability.policy.default.Window.confirm", "noAccess");
user_pref("capability.policy.default.Window.prompt", "noAccess");

// Prevent javascript from opening a new window
user_pref("capability.policy.default.Window.open", "noAccess");


Now restart Firefox to activate your new preferences.

IMPORTANT NOTE: Firefox will add or overwrite these lines in your prefs.js file each time you open or close Firefox. You should never edit your prefs.js file directly. So if you want to change or undo the prefs set in your new user.js file, simply change the values back to their defaults in your user.js file. The default value for all of the prefs above is
sameOrigin, so to undo the changes made above you would simply change each noAccess value to sameOrigin, then save and restart Firefox. Once you have confirmed that the default functionality has been restored, it is safe to delete your user.js file (NOT your prefs.js file - this is a required file).

Now, what if you want to allow specific web sites access to these capabilities? Simply add the following lines to the end of your new user.js file. This will create a policy to which you can add specific web sites. This policy will override the prefs above for the listed web sites. Keep in mind that as above, you can pick and choose which lines to include:

user_pref("capability.policy.policynames", "trustable");
user_pref("capability.policy.trustable.sites", "http://www.facebook.com http://www.blogger.com");

user_pref("capability.policy.trustable.Window.alert", "sameOrigin");
user_pref("capability.policy.trustable.Window.confirm", "sameOrigin");
user_pref("capability.policy.trustable.Window.prompt", "sameOrigin");
user_pref("capability.policy.trustable.Window.open", "sameOrigin");


Note that multiple sites are separated by spaces.

More information can be found on the following pages:
http://www.mozilla.org/projects/security/components/ConfigPolicy.html
https://developer.mozilla.org/En/A_Brief_Guide_to_Mozilla_Preferences