Pale Moon forum

When I click to download a file, I get the little dialog box offering to open or save the download. But the "OK" button at the bottom of the dialog box is greyed out, and typically stays greyed out for several seconds, then becomes clickable. (It doesn't seem to have anything to do with the progress of the download.)

If I unfocus the Pale Moon window (by moving my mouse off it) and then re-focus it, the button greys out for another several seconds before it becomes clickable.

Mild annoyance but I wonder if it's fixable?

On all the Pale Moon versions I've tried since 2017, I've always seen that effect too. For me, it's an extemely precise 1 second delay. The same thing happens to the "Reload" button in the browser, which also stays grayed out for a second.

I've never figured out what caused this, though.

If I had to guess though, it's probably one of the lines in the code that looks like this:

This delay is on purpose. It is a security measure to prevent scripted events from "clicking" the OK button for you or tricking the user into having a queued up keypress causing the download (or worse: opening) of the file, and is avoiding drive-by downloads this way. You should be able to make it active by clicking elsewhere on the window yourself registering actual user interaction.

I don't recommend removing the delay. I've actually seen the malicious trick being used in the wild on some sites.

Moonchild wrote: ↑

2020-08-23, 16:44

This delay is on purpose. It is a security measure to prevent scripted events from "clicking" the OK button for you or tricking the user into having a queued up keypress causing the download (or worse: opening) of the file, and is avoiding drive-by downloads this way. You should be able to make it active by clicking elsewhere on the window yourself registering actual user interaction.

Good to know, thanks! Clicking elsewhere in the dialog box doesn't make it active for me, I still have to wait.

But now that I know it's intentional and for my own good, I will wait contently.

eater wrote: ↑

2020-08-23, 17:19

Clicking elsewhere in the dialog box doesn't make it active for me, I still have to wait.

I was pretty sure that would free it up but maybe I misremember. And maybe it's been changed by Mozilla since I last checked, too.

Moonchild wrote: ↑

2020-08-23, 16:50

I've actually seen the malicious trick being used in the wild on some sites.

I've programmed a lot of JavaScript in the past, and I truly wonder: How the heck does that attack even work? How does JavaScript code synthesize a keypress or click event like that?

The Squash wrote: ↑

2020-09-09, 01:18

Moonchild wrote: ↑

2020-08-23, 16:50

I've actually seen the malicious trick being used in the wild on some sites.

I've programmed a lot of JavaScript in the past, and I truly wonder: How the heck does that attack even work? How does JavaScript code synthesize a keypress or click event like that?

I'm sure you can find examples if you only search for it.

Aside from "automated" attack, the general response to a popup (to any popup), is to "click it".
So an automatic delay (which AFAIK) has always been the case (on Mozilla browsers), makes, or at least entices one to stop & think, for a moment, "do I want to actually do this"?