Advisory: Double-clicking a link can run a program from the Internet

Summary

If a user double-clicks a Web link leading to a program, that program can be run. The second click may go into the "Open" button of the file download dialog.

Severity: Moderate

Problem description

Links in Web pages only require a single click. When a user double-clicks on a Web link, that action is taken as two separate clicks: One to follow the link, and the other to any dialog that might appear where the link was.

A specially crafted page can place the link so that the "Open" button in the file download dialog is highly likely to appear under the mouse cursor. Opera's user interface does not use double-clicks; it registers the double-click as two clicks, and the second click can be sent to the "Open" button.

Opera's response

Opera has added a one second delay to the "Open" button. When the download dialog appears, the button is grayed out for a second. The user will have to wait until the button becomes active before clicking it, or the mouse click will have no effect.

The delay was added in Opera 8.02, released July 2005. All later versions of Opera have this safety feature.

The purpose of the delay is twofold. Firstly, it prevents double-clicks from accidentally opening a downloaded file. Secondly, it forces users to wait until they have seen the dialog before clicking "Open".

Credits

Thanks to Jesse Ruderman for recommending the Open button delay feature.

Support

• New to Opera
• Register Opera Mobile
• Tutorials
• Knowledge base
• Community
• Reporting bugs
• Premium support
• Documentation

Web analytics powered by HitsLink. Copyright Opera Software ASA. All rights reserved.

Site Index | Contact | Privacymy.opera.com | operamini.com | widgets.opera.com | dev.opera.com | jobs.opera.com | operapowered.com
jp.opera.com | ru.opera.com | pl.opera.com | de.opera.com | cn.opera.com | tw.opera.com | in.opera.com