Summary
If a user double-clicks a Web link leading to a program,that program can be run. The second click may go intothe “Open” button of the file download dialog.
Severity: Moderate
Problem description
Links in Web pages only require a single click. When a userdouble-clicks on a Web link, that action is taken as twoseparate clicks: One to follow the link, and the other toany dialog that might appear where the link was.
A specially crafted page can place the link so that the”Open” button in the file download dialog is highly likelyto appear under the mouse cursor. Opera’s user interfacedoes not use double-clicks; it registers the double-clickas two clicks, and the second click can be sent to the”Open” button.
Opera’s response
Opera has added a one second delay to the “Open” button.When the download dialog appears, the button is grayed outfor a second. The user will have to wait until the buttonbecomes active before clicking it, or the mouse click willhave no effect.
The delay was added in Opera 8.02, released July 2005.All later versions of Opera have this safety feature.
The purpose of the delay is twofold. Firstly, it preventsdouble-clicks from accidentally opening a downloaded file.Secondly, it forces users to wait until they have seen thedialog before clicking “Open”.
Credits
Thanks to Jesse Ruderman for recommending the Open buttondelay feature.