This is now an Intent, https://groups.google.com/a/chromium.org/d/msg/blink-dev/YIH8CoYVGSg/Di7TsljXDQAJ , which was approved by the API_OWNERS.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/141dbc132f8aa2588fad4cf50fbfd7a319234b61

commit 141dbc132f8aa2588fad4cf50fbfd7a319234b61
Author: avi <avi@chromium.org>
Date: Fri Mar 11 22:27:42 2016

Remove the ability of webpages to specify strings for the onbeforeunload dialog.

BUG= 587940 
TEST=as in bug
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation

Review URL: https://codereview.chromium.org/1714573002

Cr-Commit-Position: refs/heads/master@{#380755}

[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/android_webview/DEPS
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/android_webview/browser/aw_contents_client_bridge_base.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/android_webview/browser/aw_javascript_dialog_manager.cc
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/android_webview/browser/aw_javascript_dialog_manager.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/android_webview/native/BUILD.gn
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/android_webview/native/aw_contents_client_bridge.cc
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/android_webview/native/aw_contents_client_bridge.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/android_webview/native/webview_native.gyp
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/android_webview/ui/grit_components_whitelist.txt
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/chrome/browser/ui/cocoa/javascript_app_modal_dialog_cocoa.mm
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/components/app_modal/javascript_dialog_manager.cc
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/components/app_modal/javascript_dialog_manager.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/components/app_modal_strings.grdp
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/components/test_runner/web_frame_test_proxy.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/content/browser/frame_host/render_frame_host_delegate.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/content/browser/frame_host/render_frame_host_impl.cc
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/content/browser/frame_host/render_frame_host_impl.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/content/browser/frame_host/render_frame_host_manager_unittest.cc
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/content/browser/web_contents/web_contents_impl.cc
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/content/browser/web_contents/web_contents_impl.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/content/browser/web_contents/web_contents_impl_unittest.cc
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/content/common/frame_messages.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/content/public/browser/javascript_dialog_manager.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/content/renderer/render_frame_impl.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/content/shell/browser/layout_test/layout_test_javascript_dialog_manager.cc
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/content/shell/browser/layout_test/layout_test_javascript_dialog_manager.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/content/shell/browser/shell_javascript_dialog_manager.cc
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/content/shell/browser/shell_javascript_dialog_manager.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/extensions/browser/guest_view/web_view/javascript_dialog_helper.cc
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/extensions/browser/guest_view/web_view/javascript_dialog_helper.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/third_party/WebKit/LayoutTests/fast/events/before-unload-reloads-expected.txt
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/third_party/WebKit/LayoutTests/fast/events/before-unload-returnValue-expected.txt
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/third_party/WebKit/LayoutTests/fast/loader/form-submission-after-beforeunload-cancel-expected.txt
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/third_party/WebKit/LayoutTests/fast/loader/show-only-one-beforeunload-dialog-expected.txt
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/third_party/WebKit/LayoutTests/http/tests/misc/reentrant-beforeunload-expected.txt
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/third_party/WebKit/LayoutTests/inspector-protocol/page/javascriptDialogEvents-expected.txt
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/third_party/WebKit/Source/core/loader/EmptyClients.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/third_party/WebKit/Source/core/page/ChromeClient.cpp
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/third_party/WebKit/Source/core/page/ChromeClient.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/third_party/WebKit/Source/web/ChromeClientImpl.cpp
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/third_party/WebKit/Source/web/ChromeClientImpl.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/third_party/WebKit/public/web/WebFrameClient.h
[modify] https://crrev.com/141dbc132f8aa2588fad4cf50fbfd7a319234b61/tools/metrics/histograms/histograms.xml

Shall we call this done?

https://www.chromestatus.com/feature/5349061406228480

Issue 579113 has been merged into this issue.

Spec request: https://github.com/whatwg/html/issues/952

Tested the issue on windows 7 using chrome version 51.0.2704.4 on crbug.com Observed the String as like attached screen shot.

avi@ could you please check the screen shot and confirm is this the expected behavior? else please provide any specific website or test file to verify the issue from test team end.

Thank you!

	587940.png 279 KB View Download

kavvaru: Yep, that is what we want!

Verified the issue on Windows 7, Ubuntu 14.04 and Mac OS 10.11.4 using chrome latest Dev M52-52.0.2717.0 and observed the pop up is displayed as shown in the comment #0 as expected. Hence adding TE-Verified label.

  

Issue 616630 has been merged into this issue.

Issue 618611 has been merged into this issue.

Same issue with me, I was working on my site and was informed that popup alert message is not working, previously this thing happened in Firefox and now in Chrome too! Im using Windows 8.1 latest version of Goolge Chrome

The default message seems to be "Do you want to leave this site?"

This is very misleading and assuming. My users are being taken to the next page in the workflow they are in... not leaving the site!

At a minimum, it should be "Do you want to leave this page?"

The message in Firefox is: 

"This page is asking you to confirm that you want to leave - data you have entered may not be saved"

This is much better as it does not state that you are leaving this site. Also, the message may be shown for other reasons, not because changes were made, as is implied in the new Chrome message.

Issue 624729 has been merged into this issue.

Fixing an issue by removing a function works fast and easy. But that the problem behind hasn't been addressed here at all. A real fix would be to make the custom string harmless to the user. 

Do you really think that browsers are not able to render a custom string to the user without any security risk? Maybe when the string comes from a save cache created not before 2017^^

Issue 620834 has been merged into this issue.

I would like to propose that "onUnload" javascript functionality is malicious, and should be removed from the javascript standard altogether, and support for it should be dropped from browsers. When I click close button on a tab, take one wild guess at what I want to happen. Anything besides the tab closing is not what I want, and I consider it to be a malicious override of user control of my machine.