Use window.open():
<a onclick="window.open(document.URL, '_blank', 'location=yes,height=570,width=520,scrollbars=yes,status=yes');">
Share Page
</a>
This will create a link titled Share Page which opens the current url in a new window with a height of 570 and width of 520.
Best practices for opening new window (pop up or pop under) with JavaScript
javascript - Open a URL in a new tab (and not a new window) - Stack Overflow
Automatically open a new window on the browser with javascript on a website
Open in new window in JS
Videos
Use window.open():
<a onclick="window.open(document.URL, '_blank', 'location=yes,height=570,width=520,scrollbars=yes,status=yes');">
Share Page
</a>
This will create a link titled Share Page which opens the current url in a new window with a height of 570 and width of 520.
Just use window.open() function? The third parameter lets you specify window size.
Example
var strWindowFeatures = "location=yes,height=570,width=520,scrollbars=yes,status=yes";
var URL = "https://www.linkedin.com/cws/share?mini=true&url=" + location.href;
var win = window.open(URL, "_blank", strWindowFeatures);
Here at work, we do a fair bit of surveys on various sites via Survey Monkey. The MO has always been to do a pop under window - focus the parent, not the child/new window. I've stressed how I think this is slimey (hiding the new window), but it is what it is and that's that :)
Seems every time we have a survey, I'll get people coming to me because the new window is getting blocked by someone. I've looked at the code they're using and it's using the typical window.onload event. I tell them this is probably why they're getting blocked as the pop up blockers are no doubt seeing automatically opened windows as unwanted advertising. Because the window onload and onunload events have been so abused, this is why we have pop up blockers built into browsers as well as plugins.
I thought about perhaps using a timer to delay execution of the pop up from onload, but not sure if this will make any difference. I'm kind of guessing not but I haven't tested it yet. I can't really test it as it's another dept. that has access to the server, not me... I've also thought about using onmousemove to trigger it (user-triggered event) and then nulling that out but that seems even more stupid.
I've suggested adding static survey promos which would be user-triggered events as I think those might fare better in the world of pop up blockers - even though there's still no guarantee. So the user clicks to pop the new window.
I've also suggested removing JS from the equation altogether and having the promos link straight to Survey Monkey. The counter there is that they've lost where they are in our site (they could have deep-linked in). They can't just easily close the Survey Monkey window to pick back up where they left off in their task. Off the top of my head, I don't know if they can use their back button to backtrack from the end of the Survey Monkey survey, either.
Is there a general consensus of best practices in regards to opening a new pop up (or pop under) window with JavaScript with pop up blockers?
This is a trick,
function openInNewTab(url) {
window.open(url, '_blank').focus();
}
// Or just
window.open(url, '_blank').focus();
In most cases, this should happen directly in the onclick handler for the link to prevent pop-up blockers, and the default "new window" behavior. You could do it this way, or by adding an event listener to your DOM object.
<div onclick="openInNewTab('www.test.com');">Something To Click On</div>
Reference: Open a URL in a new tab using JavaScript
Nothing an author can do can choose to open in a new tab instead of a new window; it is a user preference. (Note that the default user preference in most browsers is for new tabs, so a trivial test on a browser where that preference hasn't been changed will not demonstrate this.)
CSS3 proposed target-new, but the specification was abandoned.
The reverse is not true; by specifying certain window features for the window in the third argument of window.open(), you can trigger a new window when the preference is for tabs.
ok i know that the title isn't clear but i don't know how to explain it. so, i was reading at this interesting article about telegram web token: https://lyra.horse/blog/2024/05/stealing-your-telegram-account-in-10-seconds-flat/
at the end of the article the author wrote "We start off by sending “z.t.me” in their Telegram app and tapping on the link. This will redirect their browser to telegram.org/#tgWebAuthToken=.... From here we edit the domain in the browser to telegramz.org - a domain I own - and hit/tap enter. The javascript on my domain will take it from here, logging one of my own devices in with the token."
and there is a video showing the attack: https://cdn.hobune.stream/tg_video_1080p.mp4
now my question is: the author created the telegramz.org website with some js code that took the token from the url and used it to logging its device with that token. but how? i mean, the website is on some sever, how is it possible that it was able to open up a new window in the browser that automatically went to web.telegram.org/stolentokenfromvictimcomputer?