Home Dashboard Directory Help
Search

KB2846071 breaks event.clientx and event.clienty properties in onbeforeunload event handlers in IE9 and 10 by Nico.Kaiser


Status: 

Closed
 as Fixed Help for as Fixed


Type: Bug
ID: 794228
Opened: 7/17/2013 4:37:46 AM
Access Restriction: Public
Duplicates: 795104 795720
3
Workaround(s)
view
23
User(s) can reproduce this bug

Description








This seems to affect IE9 and IE10 but not IE8

Installation of KB2846071 breaks the event.clientX and event.clientY properties when we are in an onbeforeunload event handler. Instead of the coordinates of the event we get the fixed negative top left coordinates of the window?!

We used to do something like this to warn the user if he tries to close browser without logging out first:

window.onbeforeunload = function(e) {
    if (event.clientY < 0 ) {
        // close the session
        // warn the user...
    }
};

This fires now everytime when a user clicks a link on the page because event.clientY is always negative. That means our users are losing their sessions by clicking on links or link buttons within the app!



Details
Sign in to post a comment.
Posted by AxelRMSFT on 8/16/2013 at 8:15 AM
Please update to latest cumulative update MS13-059 to address your issue.

Bulleting: http://technet.microsoft.com/en-us/security/bulletin/ms13-059
Article: https://support.microsoft.com/kb/2862772
Posted by Nico.Kaiser on 8/14/2013 at 2:14 AM
I can confirm that http://support.microsoft.com/kb/2862772 fixed the issue. This fix is also now mentioned in the original article: http://support.microsoft.com/kb/2846071/en-gb

Posted by Matthewjl19 on 8/7/2013 at 1:55 AM
Microsoft have acknowledged the issue and have updated the KB article for this security update to include a "Known issues for this security update" section.

http://support.microsoft.com/kb/2846071/en-gb

I'm assuming Microsoft will be fixing these issues in the next Cumulative Update which should be out next Tuesday.
Posted by Jeff A Montgomery on 8/6/2013 at 1:53 PM
I submitted a file called KB2846071_Bug_Demo.zip (although it may have gone into the ether, because I don't see it on this page), containing an HTM file that demonstrates the issue, if the 2846071 update is applied and the browser is IE9/10.

Basically it's the same code as is quoted at the top: use clientX or clientY in either onunload or onbeforeunload. The clientX is always zero, and clientY is always negative. I believe it used to report the last mouse click position, and IE8 still does so.

I know of no workaround. We have either found a way to hook into other events (like onclick) to do what we needed, or commented the code out.
Posted by Kjell.A on 8/2/2013 at 6:56 AM
I just noticed this post...

https://connect.microsoft.com/IE/feedback/details/795668/ie-10-patch-version-kb2846071-clienty-property

Please do better than that Microsoft. Your workaround doesn't work.. maybe it works for simple links, but it sure doesn't work for triggered javascript redirects.

You have altered the behaviour of your browser to a new behaviour that frankly cannot be viewed as anything but a bug. This means that for web applications that have been around for many many years, we either have to release a hotfix for every version ever released, force customers into upgrades they have no interests in, or tell them to switch to a non Microsoft browser. There are hundreds of corporate customers with many thousands of users just affected by our application.

Are you telling us there is no way that you can get ClientY to return correct coordinates without opening a security hole in the browser? Or does it seem like the better solution to have all the web applications in the world adapt to your new behaviour instead of you fixing it?
Posted by MrSerializable on 7/31/2013 at 2:45 PM
I work at a company that is also experiencing this issue. It affects several of our clients. Is there an ETA on a fix or workaround?
Posted by nimesh_prabhakar on 7/30/2013 at 12:11 AM
we are also facing the same issue as we are using clientY in our application.

Can we get a solution for this?


Posted by Neeraj2285 on 7/29/2013 at 8:00 PM
We are also facing the same issue. When we uninstall KB2846071 security update everything works fine. We are using clientY property in our application. As mention earlier by other users that it is working fine in IE8. It is also working fine in IE9 without the KB2846071 windows security update.

As our application become unusable this becomes the Severity 1 issue for our company. Kindly provide the suggestion ASAP.
Posted by narala on 7/29/2013 at 6:31 AM
the two workaround is not working .
Posted by Kjell.A on 7/29/2013 at 2:38 AM
Hi

We encountered this problem too... After the patch IE9 and IE10 starts giving negative coordinates for window.event.clientY properties.

Attached an index.html file.. put it in wwwroot and start with http://localhost/index.html ... When clicking link on page a patched IE9 and IE10 will yield negative coordinates for clientY.
Posted by Eddy Z on 7/26/2013 at 1:26 AM
Alas, the workaround using window.event.srcElement==null does not seem to work for us.
At this time the only thing it seems we can do, is to disable our window closing notifications, or tell our customers to rollback the security update which is not much of an option.
I hope there will be more information soon.
Posted by Subhash Lama on 7/25/2013 at 4:47 AM
we are calling the function on onbeforeunload of the body
the code we are using is as below which is always giving X=0,Y=-54:

function mp_onbeforeunload(e) {
            if (window.event.clientX < 0 || window.event.clientY < 0) {
                canClose = true;
                e = e || window.event;
                if (e) {
                    setTimeout(function () {
                        canClose = false;
                    }, 1000);
                    e.returnValue = 'You are about to leave this page. Are you Sure?';
                }
                return 'You are about to leave this page. Are you Sure?';
            }
        };
Posted by NSIDev on 7/23/2013 at 10:51 AM
I've been able to consistently duplicate this issue on four different computers with both IE 9 and IE 10. They are all X64 Windows 7 systems. The problem does not exist if KB2846071 is not installed. Once it is installed, the problem starts. I also issolated the issued to the event.clientX and event.clientY values. They previously reported the mouse position of the click event causing the form to unload. After installing KB2846071, clientX or clientY report a fixed position independent of the control clicked. They only change value when the IE window is moved. Not sure if it is part of the issue but our application does use AJAX. However, this should not affect the clientX and clientY reported when an IE button is clicked.

It is important to know if Microsoft is working on this. If they are not, I need to implement a workaround specific to IE. All other browsers I've tried work fine.
Posted by Nico.Kaiser on 7/20/2013 at 4:01 AM
@Microsoft: Thanks for the response. I'm glad to hear it's being worked on.

BTW: The status mails from connect look terrible in my web mail client (gmail). Looks like you send plain text mixed with html tags. Is that intended?

Here is an example:

Greetings from Microsoft Connect!<BR><BR>This notification was generated for feedback item: <a href="http://connect.microsoft.com/IE/feedback/details/794228/kb2846071-breaks-event-clientx-and-event-clienty-properties-in-onbeforeunload-event-handlers-in-ie9-and-10">KB2846071 breaks event.clientx and event.clienty properties in onbeforeunload event handlers in IE9 and 10</a> which you submitted at the <a href="http://connect.microsoft.com">Microsoft Connect</a> site.<BR><BR>Thank you for all of the feedback. <BR> @Nico the issue is open internally and we are actively investigating this issue further. When we complete our investigation we will post a message in this connect feedback bug.<BR><BR>Best regards,<BR><BR>The Internet Explorer Team<BR><BR>You may receive a general "Feedback Item Updated" notification as well, if any other changes were made by Microsoft.<BR><BR>Thank you for using Microsoft Connect!<BR><BR>Regards,<BR><BR>the Microsoft Connect Team<BR><BR>Please do not reply directly to this message, as it is generated from an unmonitored email account. If you have comments related to your Feedback, please enter it in the Comments section (post a comment to Microsoft) of your Feedback item by navigating to the Feedback item in the link above.<BR><BR>If you are having trouble accessing the Feedback link above, please go to the http://connect.microsoft.com/help/ page to report the issue, In your submission, please make sure to paste a copy the link above into the report.
Posted by Microsoft on 7/19/2013 at 1:40 PM
Thank you for all of the feedback.
@Nico the issue is open internally and we are actively investigating this issue further. When we complete our investigation we will post a message in this connect feedback bug.

Best regards,

The Internet Explorer Team
Posted by Nico.Kaiser on 7/19/2013 at 7:32 AM
Come on Microsoft please give us a ping or something. I even stopped receiving notifications on this thread after the bug has been marked "non reproducable" a few times by you. Now I am afraid the issue is internally on "closed" somehow...
Posted by Steve_M_99 on 7/19/2013 at 7:22 AM
Good to see others reporting this.

Our institution has recently been affected by this same bug too. Our institutional portal implements an "autoLogout" function for IE by attaching a function to the window.onunload event. And as a result of the window.event.clientX and window.event.clientY values no longer evaluating correctly the user is now getting logged out as soon as they click thru to another page in the portal (i.e. they log in, they click something, they are kicked out on the next page).


Here is the function that is now misbehaving in our environment:

function checkForWindowClosing()
{
    var browser=navigator.userAgent.toLowerCase();
    if ( typeof mainWindow == "boolean" &&
         mainWindow == true &&        // only main window
         (browser.indexOf("msie") != -1) && // only Internet Explorer
         window.event.clientX < 0 && // denotes that they did not click inside
         window.event.clientY < 0 ) // the browser window
    {
        logoutXmlHttpRequest = getXmlHttpRequest();
        httpGet( logoutXmlHttpRequest, /*URL*/ "http://<SNIPPED>/cp/home/logout?src=timeout.jsp" );
    }
}
Posted by Manubt56 on 7/19/2013 at 6:16 AM
Hello,

We are also experiencing problems with that. It seems like the parameter takes the position of the window in the screen, because it change when I move it.

If I have the window in full screen, my values are: clientX = 0, clientY = -55 always regardless my click.
Posted by GChS on 7/19/2013 at 4:37 AM
Hello,

After installing the patch KB2846071, event.clientY always negative in IE9.
Posted by Ivan Moura Jr on 7/18/2013 at 12:05 PM
I´m having the same problem on my Web Application. I used Onbeforeunload to kill my session using if (event.clientX < 0 || event.clientY < 0 ) and until KB2846071 it worked. Now it always come negative and my users are getting disconnected. Please come up with a solution or at least an alternative. Thanks.
Posted by narala on 7/18/2013 at 9:37 AM
we are also facing the some problem .is there any solution??
Posted by Drak on 7/18/2013 at 12:21 AM
The attached file 'kbbug.txt' will need to be renamed to .html to get it to work, but it is not possible to attach .html files to the item here.
Posted by Drak on 7/18/2013 at 12:18 AM
It's not only in onbeforeunload. This also happens for example with onkeydown and onselectionchanged.

See attached file for a webpage that will show these problems.
Posted by John F on 7/17/2013 at 1:55 PM
I don't have any problem loading the test page at this site:

http://kb2846071.azurewebsites.net/


and it exhibits the bug for me also, and also on an internal web application at my site. (or related bug in this update, related to a 3rd party control attempting to size itself..)
Posted by Nico.Kaiser on 7/17/2013 at 11:49 AM
ok. In the meantime I found out that IE10 is also broken.

I've moved the example page to azure. Maybe it "does load" from there.

http://kb2846071.azurewebsites.net/
Posted by Nico.Kaiser on 7/17/2013 at 11:04 AM
Thanks Tory. We have the exact same situation. Can you access the example page I provided? I double checked with 3 different browsers and 3 different carriers and had no problem...
Posted by Tory Lester on 7/17/2013 at 10:20 AM
Our web application uses a function that triggers a log out when the beforeunload event is triggered and event.clientY < 0. Prior to KB2846071, event.clientY was reliably negative (with a beforeunload event) only when the brower's close window or tab X button is clicked. after KB2846071, as the initial poster details, it is always negative. this is causing our application to logout users when navigating from page to page. I confirmed the setting of event.clientY was changed with KB2846071 by debugging the javascript both with and without KB2846071 installed. I'm using Windows 7, and IE9. Is it possible to correct the setting of event.clientY or is there another mechanism we can use to determine when a page is unloaded because the browser window/tab is closed with the X button?
Posted by Microsoft on 7/17/2013 at 10:04 AM
Thank you for your feedback.

There is insufficient information to reproduce the behavior you are observing. The sample site submitted does not load, it is in the waiting to load and never responds. If you have another sample page then you can reopen this feedback.

We value your feedback. If you have additional information, please reactivate the bug or submit a new bug with more details on how to reproduce the issue. You can also read the guidelines at <https://connect.microsoft.com/IE/content/content.aspx?ContentID=16254> regarding filing a good bug report.

Best regards,

The Internet Explorer Team
Posted by Nico.Kaiser on 7/17/2013 at 7:52 AM
What do you mean by "does not load"? I just checked and could load the example page with ie9 and firefox without problems.
Posted by Microsoft on 7/17/2013 at 7:27 AM
Thank you for your feedback.

There is insufficient information to reproduce the behavior you are observing. The sample page given does not load.

We value your feedback. If you have additional information, please reactivate the bug or submit a new bug with more details on how to reproduce the issue. You can also read the guidelines at <https://connect.microsoft.com/IE/content/content.aspx?ContentID=16254> regarding filing a good bug report.

Best regards,

The Internet Explorer Team
Posted by Nico.Kaiser on 7/17/2013 at 5:02 AM
if forgot to mention that the bug seems to be in IE9 but not in IE! My colleague with IE8 who also installed KB2846071 cannot reproduce the issue.
Sign in to post a workaround.
Posted by AxelRMSFT on 8/16/2013 at 8:16 AM
Please update to latest cumulative update MS13-059 to address your issue.

Bulleting: http://technet.microsoft.com/en-us/security/bulletin/ms13-059
Article: https://support.microsoft.com/kb/2862772
Posted by finox on 7/25/2013 at 7:27 AM
I mean http://social.msdn.microsoft.com/Forums/ie/en-US/8d242639-2f8b-4f7e-a5c0-e3985c4ca619/issue-with-kb2846071-in-ibm-webfacing-applications
Posted by finox on 7/25/2013 at 7:26 AM
There is a workarounds posted on http://social.msdn.microsoft.com/Forums/ie/en-US/47a96076-b780-4e35-963e-6da95f868561/mouse-coordinate-problem-in-ie10

if(window.event){if(window.event.srcElement==null){alert('closing window/tab');}}
File Name Submitted By Submitted On File Size  
kbbug.txt 7/18/2013 586 bytes
index.zip 7/29/2013 546 bytes
index.zip 7/29/2013 546 bytes
KB2846071_Bug_Demo.zip 8/6/2013 872 bytes