# Spec

Just mailing list conversation at https://lists.w3.org/Archives/Public/public-whatwg-archive/2015May/0035.html; I'm hopeful we can get it into HTML if folks think it's a reasonable addition.

# Summary

`alert()`, `confirm()`, `prompt()`, and `print()` will no longer have any affect inside sandboxed documents; they will instead synchronously return a reasonable default value (`false` for `confirm()`, and `null` for `prompt()`) without prompting the user.

# Motivation

Folks in Google's anti-malvertising team would like to be able to prevent sandboxed frames from popping up confusing, modal messages to users. Ideally, we could simply block those entirely inside sandboxed frames (as Hixie vaguely suggested in https://lists.w3.org/Archives/Public/public-whatwg-archive/2014May/0002.html). I suspect that the numbers will be low enough to make that change without much risk (sandboxing itself is hovering around 0.6% of page loads: https://www.chromestatus.com/metrics/feature/timeline/popularity/672).

# Link to entry on the Chromium Dashboard

https://www.chromestatus.com/features/4747009953103872

(I've implemented this behind a flag in Blink with an `allow-modals` keyword)