[etcet]

> This appears to be in the same vein as that trick where you could use popups to spawn more popups, and by the time the user realized what was going on their computer was completely unresponsive. (fixed with popup blocking in any browser in the last decade.)

I recently visited a site that did something similar but was still effective. It opened up mailto: URI's in a loop and since I had Thunderbird set up to handle the links, it practically killed my X session.

[SaneMethod]

Interesting. Quick test result: looks like flipping network.protocol-handler.external.mailto in the firefox config to false prevents this (of course, in the process, prevents action on mailto links).

There's an open bug in regards to this issue: https://bugzilla.mozilla.org/show_bug.cgi?id=566893

[JoshTriplett]

It shouldn't be possible to launch mailto links without an interactive prompt; if it is, please file a bug on the browser.

[etcet]

Simple proof of concept: http://jsfiddle.net/rVxkv/

This opens 2 Thunderbird windows in Firefox 26 but only one in Chromium 31.0.1650.63.

edit: I totally agree it shouldn't be possible :)

[aaronem]

I've never seen a prompt to open a mailto: link. Where is it specified there should be one?

[mobweb]

I think by "interactive prompt" he means "user interaction".

[aaronem]

I suppose I can see an argument for popping something up before firing the schema handler when something sets location.href to a mailto: URL, but that seems like the sort of thing where you'd really want to wait for evidence that it's a problem for anyone before you implement it; it both annoys the user and complicates your code, neither of which is desirable in the absence of real provocation.