Pop-up instead of new tab when using window.open

[alois-bissuel]

Hi,

We have some issue when using the window.open event registration method. Instead of opening a new tab, it opens the link in a pop-up. We took example from the code in the API doc, ie window.open("https://myadvertiser.com", "_blank", "attributionsrc=https://mymeasurementendpoint.com/myencodedquery")

We check for the ARA API availability, so that we only add the third parameter in windows.open when the API is available.

Last time we checked, we did not have this issue, and to the best of my knowledge we did not change anything in our code related to the call of windows.open. One perplexing thing is that calling window.open with the exact same arguments in the debug console does not trigger a pop-up but rather a new tab.

Do you know a way out of this problem? Thanks a lot.

How to reproduce:

1. Open this test Criteo ad in a Chrome instance either taking part in the OT, or with the privacy-sandbox-ads-apis flag activated (chrome://flags/#privacy-sandbox-ads-apis) .
2. Click on a "product"
3. You should see a pop-up opening a page on criteo.com
4. Check in chrome://attribution-internals that you have a click registered (to be sure that your browser actually takes part in the OT).

[alois-bissuel]

To further complicate the issue, I do not get pop-ups when testing on the official demo.

[maudnals]

(Sorry for the delayed reply, internal event)

I was able to repro on you site (and not in the demo code indeed).

Looking into it⏤2 questions:

• Can you share where the window.open call can be found in the source code of the demo site (test Criteo ad) you shared?
• Are you using both window.open and the attributionsrc HTML attribute? (If you need window.open, the HTML attribute isn't needed)

Quick thought: One possible issue may be this: in case the third argument of the window.open call is misconfigured for attribution reporting, the browser may consider this argument to be a config for the windowFeatures, and hence will open a window (popup). This is just one possibility, it could also be a browser bug⏤hence the request above for details on the exact window.open call.

[alois-bissuel]

OK, I am pretty sure I found the bug (while writing an answer to you). This is on our side. For some reason there are parts of the URL of attributionsrc which we did not encode twice, and I think the parsing code of the windowfeatures argument split it at the equal sign which was left in the URL query, leading it to add another argument which was interpreted as a popup flag.

Minimal working example: In the console, run window.open("https://example.com", "_blank", "attributionsrc=https://example.com/tracking?param1%3D0%26param2%3D1"); A new tab is opened, the measurement API should call https://example.com/tracking?param1=0&param2=1.

Then run window.open("https://example.com", "_blank", "attributionsrc=https://example.com/tracking?param1%3D0%26param2%3D1&param3=0");. Notice the end part of the query which is not encoded. You should get a popup, the measurement API should ping https://example.com/tracking?param1=0&param2=1&param3. Notice the missing value for the third parameter.

While the issue is solved, there is still something which perplexes me. I have a different behaviour for Chrome 106 stable and Chrome 106 beta, both having the privacy sandbox ads apis flag activated (and no other). I don't get a pop-up for the stable version, while I get one on the beta version.

[maudnals]

Good to hear this is solved and that this is indeed a misconfiguration of the third parameter.

I don't get a pop-up for the stable version, while I get one on the beta version.

I can't reproduce this behavior, Stable and Beta behave similarly on my side. Perplexing indeed! I don't know of an implementation change that would explain this, but I'll look.

• Can you share the exact Chrome version numbers you're running?
• Can you reproduce the different behaviors when all extensions are disabled?