This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
# Spec Just mailing list conversation at https://lists.w3.org/Archives/Public/public-whatwg-archive/2015May/0035.html; I'm hopeful we can get it into HTML if folks think it's a reasonable addition. # Summary `alert()`, `confirm()`, `prompt()`, and `print()` will no longer have any affect inside sandboxed documents; they will instead synchronously return a reasonable default value (`false` for `confirm()`, and `null` for `prompt()`) without prompting the user. # Motivation Folks in Google's anti-malvertising team would like to be able to prevent sandboxed frames from popping up confusing, modal messages to users. Ideally, we could simply block those entirely inside sandboxed frames (as Hixie vaguely suggested in https://lists.w3.org/Archives/Public/public-whatwg-archive/2014May/0002.html). I suspect that the numbers will be low enough to make that change without much risk (sandboxing itself is hovering around 0.6% of page loads: https://www.chromestatus.com/metrics/feature/timeline/popularity/672). # Link to entry on the Chromium Dashboard https://www.chromestatus.com/features/4747009953103872 (I've implemented this behind a flag in Blink with an `allow-modals` keyword)
CCing Dan and Boris here as well.
https://github.com/whatwg/html/pull/48