[Webkit-unassigned] [Bug 11522] New: In the WebUIDelegate protocol, allow JavaScript alert panels to be sheets so that JavaScript cannot hijack your application

Sun Nov 5 08:54:33 PST 2006

http://bugs.webkit.org/show_bug.cgi?id=11522

           Summary: In the WebUIDelegate protocol, allow JavaScript alert
                    panels to be sheets so that JavaScript cannot hijack
                    your application
           Product: WebKit
           Version: 420+ (nightly)
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebKit API
        AssignedTo: webkit-unassigned at opendarwin.org
        ReportedBy: Alexandre at OzEmail.com.au

Replace the following three WebUIDelegate protocol methods with versions which
use a listener to indicate the result of user interaction (like the related
WebUIDelegate protocol method
webView:runOpenPanelForFileButtonWithResultListener: does) instead of a return
value:

webView:runJavaScriptAlertPanelWithMessage:
webView:runJavaScriptConfirmPanelWithMessage:
webView:runJavaScriptTextInputPanelWithPrompt:defaultText:

This would allow the JavaScript alert, confirmation, and text input panels to
be implemented as sheets rather than modal dialogs.

Firefox, for example, implements JavaScript alerts as sheets rather than modal
dialogs, which I think is more sensible and has several advantages over
Safari's implementation.

With the current WebUIDelegate protocol, when a modal dialog is used for
JavaScript alerts, malicious (or buggy) JavaScript can hijack your entire
application by programmatically spewing forth an endlesss sequence of alert
boxes, not even allowing you the opportunity to quit your application.

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.