[Webkit-unassigned] [Bug 118871] New: Pages should not be able to abuse users inside beforeunload handlers
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jul 18 16:40:21 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=118871
Summary: Pages should not be able to abuse users inside
beforeunload handlers
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Keywords: InRadar
Severity: Normal
Priority: P2
Component: Page Loading
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: beidson at apple.com
CC: mjs at apple.com, ap at webkit.org, sam at webkit.org,
ggaren at apple.com
Pages should not be able to abuse users inside beforeunload handlers.
Abusive techniques include showing various forms of modal dialogs inside beforeunload and using iframes.
Some other browsers don't allow modal dialogs inside beforeunload (like alert, confirm, prompt, showModalDialog), and I think WebKit shouldn't by default.
Also, if multiple iframes all try to display a beforeunload confirmation dialog, that seems like spam - Only one should be allowed to be shown.
Finally, iframes from different origins probably shouldn't be allowed to show even one beforeunload confirmation.
This is in radar as <rdar://problem/14475779>
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list