Event 1027 - Pop-Up Blocking
Applies To: Windows 7, Windows Vista
The Pop-up Blocking feature blocks pop-up (and pop-under) windows initiated automatically by a Web site. Windows® Internet Explorer® blocks pop-up windows in the Internet and Restricted sites zones by default. However, the Pop-up Blocker enables pop-up windows initiated by a user action to appear. Users can configure Internet Explorer to be more or less restrictive, or turn off the Pop-up Blocker altogether. Generally, the Pop-up Blocker enables a window to open under the following circumstances:
When initiated by user action, such as clicking a button or hyperlink.
When opened in the Trusted sites and Local intranet zones (considered safe).
When opened by other applications running on the local computer.
The affected script methods are:
window.openwindow.showHelpwindow.showModalDialogwindow.showModelessDialogwindow.externalwindow.NavigateAndFind
The associated log entry includes the values taken into account to determine whether or not to display the pop-up. This is a combination of multiple INewWindowManager flags (NWMF). For more information, see the NWMF Enumerated Type topic on MSDN.
Note
Pop-ups created with window.createPopup are unaffected by the Pop-up Blocker.
When Is This Event Logged?
This event is logged every time the pop-up blocker blocks a new pop-up window.
Note
For more information and examples, see the Event 1027-Pop-Up Blocking topic from Internet Explorer Application Compatibility.
Remediation
There are two ways to modify the Pop-up Blocker:
From Internet Explorer, click Tools, click Pop-up Blocker, and then click Turn On Pop-up Blocker.
From the Internet Explorer, Internet Options dialog box, click the Privacy tab, and then check Turn on Pop-up Blocker.
From the Internet Options dialog box, you can also click Settings and identify specific Web sites to enable pop-up windows.
Web developers can perform the following actions:
Modify your Web page to open a new window by user-initiated action, such as a button click or hyperlink.
Instruct your users to enable pop-up windows from specific sites (or use Group Policy to add specific Web sites to the trusted or local intranet zone).
Check for a NULL return value from any windows that you open. The NULL value indicates whether the pop-up window opened successfully, enabling you to handle the result.
Some Web sites call the
window.openmethod on anonunloadevent to get users to stay on the site longer or to serve them with an advertisement. Some Web sites open a new window outside of the visible desktop area or open a window that is larger than the screen. Microsoft® Internet Explorer 6 does not enable any of this to occur. For more information, see the About Window Restrictions topic on MSDN.
Pop-up Blocking and the Registry
You can also manage pop-up blocking through a separate registry key from the other security features. Internet Explorer (Iexplore.exe) and Windows® Explorer (Explorer.exe) run under this feature control by default. The following shows the registry keys and enabled processes:
HKEY_LOCAL_MACHINE (or HKEY_CURRENT_USER)\SOFTWARE\Microsoft\Internet Explorer\New Windows\PopupMgr="Yes"HKEY_LOCAL_MACHINE (or HKEY_CURRENT_USER)\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT\process name.exe=0x00000001
Applications that host the WebBrowser control can also take advantage of the security feature control by adding their process to the same registry locations. You can do this programmatically, using the CoInternetSetFeatureEnabled function.
Note
If an application does not run under this security feature control, the WebBrowser control behaves the same as previous versions of Internet Explorer.
An application that hosts the WebBrowser control can also implement the INewWindowManager interface to use or extend the Pop-up Blocker.
Pop-up Blocking and the Trusted Web Sites List
You can add trusted Web sites to the pre-approved list, so that pop-up windows are not blocked.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\URLName = <URLs_of_trusted_sites>
You must separate the URLs with a semi-colon (;). For example, URLName = 207.46.232.182;https://www.microsoft.com. In this example, the pop-up windows will appear for both of these sites.