Found a bit of a hack for Javascript – namely a way to inundate a user with windows – using MAILTO:
Consider this code:
<script>
var i;
for (i=0; i<5; i++) {
window.location='mailto:example@example.com';
}
</script>
You see what I mean? Worse might be
<script>
var i;
i = window.location;
window.location='mailto:andy@novolocus.com';
window.location = i;
</script>
Recursion is great, huh?
And an example is this link: Click with care
Pop-up blockers don’t seem to catch this one. Yum.
I know some people will say that this is correct functionality – the browsers is doing what we tell it too with the code. However, that’s true of browser pop-up windows – and we have to block them.
I don’t think that Javascript’s Window.location should be allowed to go to a MAILTO:.