Measuring cross-origin modal dialog usage and block them if feasible |
||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.63 Safari/537.36 Steps to reproduce the problem: It's listed at bit.ly/proposed-interventions, and discussed internally at https://groups.google.com/a/google.com/forum/#!topic/safebrowsing-ads/CXL4W-qrrns. What is the expected behavior? What went wrong? Modal dialogs ('alert()', 'confirm()', 'prompt()', 'print()'), are being abused by unsafe third-party content (eg., ads), and we'd like to measure their usage in cross-origin context and see the possibility of blocking them. If blocking all cross-domain modal dialogs breaks too many pages, we could just block those w/o user gestures. Did this work before? No Chrome version: 51.0.2704.63 Channel: n/a OS Version: OS X 10.11.5 Flash Version: Shockwave Flash 22.0 r0
,
Jun 20 2016
As the issue is of type feature marking it as Untriaged to get it addressed. Thanks,
,
Jun 20 2016
,
Jun 21 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/825a75cd8469c4dc1ce291e51d96c3dec57e9ecf commit 825a75cd8469c4dc1ce291e51d96c3dec57e9ecf Author: binlu <binlu@google.com> Date: Tue Jun 21 18:08:19 2016 Measure the usage of cross-origin modal dialogs. BUG=621336 R=ojan@chromium.org,japhet@chromium.org Review-Url: https://codereview.chromium.org/2079183002 Cr-Commit-Position: refs/heads/master@{#401046} [modify] https://crrev.com/825a75cd8469c4dc1ce291e51d96c3dec57e9ecf/third_party/WebKit/Source/core/frame/LocalDOMWindow.cpp [modify] https://crrev.com/825a75cd8469c4dc1ce291e51d96c3dec57e9ecf/third_party/WebKit/Source/core/frame/UseCounter.h [modify] https://crrev.com/825a75cd8469c4dc1ce291e51d96c3dec57e9ecf/tools/metrics/histograms/histograms.xml
,
Jun 24 2016
,
Sep 12 2016
The metrics here just hit stable, so we should have pretty reasonable data to work with in a few days. Bin, will you be following up on this bug? Or do we need to find someone to poke at things?
,
Sep 12 2016
@Mike, Could you cc avi@chromium.org and emilyschechter@chromium.org on this bug? They are investigating other potential avenues of solving alert, and maybe this could be part of their plan. If they can take care of this, I will focus on vibrate. Thanks.
,
Sep 13 2016
,
Sep 13 2016
,
Sep 13 2016
,
Sep 13 2017
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue. Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 15 2017
,
Nov 10 2017
,
Feb 18 2018
,
May 8 2018
,
Aug 9
|
||||||||||||||
►
Sign in to add a comment |
||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Jun 19 2016