[Webkit-unassigned] [Bug 164853] [GTK] Handle infinite popup dialogs exploit

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Apr 27 07:35:54 PDT 2017


https://bugs.webkit.org/show_bug.cgi?id=164853

--- Comment #24 from Michael Catanzaro <mcatanzaro at igalia.com> ---
(In reply to Claudio Saavedra from comment #20)
> You are right in that it's most likely that modality refers uniquely to the
> page.
> 
> I have been checking today how this could be fixed and it seems to me that
> we need to go all the way down to WebCore. Fixing this in the GTK+ side only
> (to avoid showing the dialog) doesn't prevent the endless communication
> between ui and web processes coming from the endless amount of alerts that
> renders the browser unusable, so it's there where the alerts need to be
> ignored.
> 
> There's currently in WebCore::Page a forbidPrompts()/allowPrompts() that is
> used to disable them when the page is unloading. I think we probably need to
> do something similar (this is not useful as is because it blocks all kind of
> prompts, including window.print()).

How does Apple handle this? Surely they have a way to prevent Safari users from being hit by infinite popups?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170427/03b50676/attachment-0001.html>


More information about the webkit-unassigned mailing list