[Webkit-unassigned] [Bug 164853] [GTK] Handle infinite popup dialogs exploit

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Apr 27 08:30:30 PDT 2017


https://bugs.webkit.org/show_bug.cgi?id=164853

Adrian Perez <aperez at igalia.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |aperez at igalia.com

--- Comment #27 from Adrian Perez <aperez at igalia.com> ---
(In reply to Claudio Saavedra from comment #26)
> I have checked Safari, and the main difference is that the dialogs are only
> modal to the webpage so they don't block the whole browser. You can just
> close the tab and move on. Even if we disallow popups, the user will still
> have to do this, as we're talking of a while(true).
> 
> Also there is no checkbox to prevent web pages from showing popups though in
> Safari.

We could make the alert dialogs webview-modal in the same way that
the prompt dialogs for HTTP authentication are made. That would allow
to close the tab/browser even in the face of alert()-spamming, and
wouldn't need changes deep down into WebCore. WDYT?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170427/bb89a37f/attachment.html>


More information about the webkit-unassigned mailing list