Even better.

No PDF alert needed, just the permission bubble.

Deleted: popunder.html 681 bytes

popunder.html 681 bytes View Download

cc-ing in permission bubble owners

Popunder code uses a notification permission bubble to pull the window forward. Apparently in M61 iframes are no longer allowed to call the Notification API, and the popunder code makes the request from an iframe so that it can dismiss it.

But they'll just switch to a different permission bubble.

Any UI surface that activates windows *must* go through AppModalDialogHelper, so that popunders can be prevented. Where do I tie the AppModalDialogHelper into permission bubbles? Where in the code do they activate windows?

The YouTube video is on a Mac, and I can repro on a Mac. For Views, in chrome/browser/ui/views/permission_bubble/permission_prompt_impl.cc , we have:

void PermissionPromptImpl::Show() {
  // ...

  // If a browser window (or popup) other than the bubble parent has focus,
  // don't take focus.
  if (browser_->window()->IsActive())
    widget->Show();
  else
    widget->ShowInactive();
  // ...
}

Mac-only?

Probably Mac-only.

-[PermissionBubbleController showWindow:] calls [super showWindow:sender] which is -[BaseBubbleController showWindow:] which does either [window makeKeyAndOrderFront:self] or [window orderFront:nil].

Cocoa only.

Actually, removing RVST; this isn't secret.

Apparently, MacViews for permission bubbles is coming in M62: bug 740827.

Not sure where this leaves us for this fix; can we merge it to M61?

Since we were already planning on using MacViews for permission bubbles in M62 I figured it'd be fine to wait for that, but I probably should've fixed it on Mac too. Sorry for the hassle caused, I'll make sure in the future to check all platforms.

Since you have a patch ready, I think we should probably get it merged to M61.

Issue 746196 has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/df5b245e9ec0bcad06c15e86dd38b362ca65bafb

commit df5b245e9ec0bcad06c15e86dd38b362ca65bafb
Author: Avi Drissman <avi@chromium.org>
Date: Mon Aug 07 16:36:09 2017

Permission bubbles should never take focus.

The Views implementation of permission bubbles took care
to never take focus. This fixes Cocoa permission bubbles
to do the same.

BUG= 752630 
TEST=as in bug

Change-Id: Iedd1455b1bf1f1c7307ded7aa2805256338bf7be
Reviewed-on: https://chromium-review.googlesource.com/602786
Reviewed-by: Sidney San Martín <sdy@chromium.org>
Commit-Queue: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#492337}
[modify] https://crrev.com/df5b245e9ec0bcad06c15e86dd38b362ca65bafb/chrome/browser/ui/cocoa/base_bubble_controller.h
[modify] https://crrev.com/df5b245e9ec0bcad06c15e86dd38b362ca65bafb/chrome/browser/ui/cocoa/base_bubble_controller.mm
[modify] https://crrev.com/df5b245e9ec0bcad06c15e86dd38b362ca65bafb/chrome/browser/ui/cocoa/permission_bubble/permission_bubble_controller.mm

This bug requires manual review: M61 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), ketakid@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Before we approve merge to M61, please answer followings:
* Is this M61 regression? Is it critical?
* Is the change well baked/verified in Canary, having enough automation tests coverage and safe to merge to M61?
* Any other important details to justify the merge.

Please note M61 is already in Beta, so merge bar is very high. Thank you.

I don't know how popunders rank on the criticality scale. Right now there are popunders in the wild that are taking advantage of this bug and of  bug 752824 . This bug is hand-tested in M62 with a flag, as this is fixing a problem with the old implementation of permission bubbles and in M62 it's being switched to a new implementation.

 Issue 729495 , which addressed this bug on Views, was committed in M61 but merged to M60. What were the requirements there for a merge?

Thank you avi@. I'm ok to take this merge in for M61 as it is hand-tested in M62 per comment #16.

+ abdulsyed@ as he approved M60 merge for https://bugs.chromium.org/p/chromium/issues/detail?id=729495#c11 to take his input for M61.

Thank you avi@ for the fix. If the fix is safe and tested across lower-channels, my recommendation is to approve this merge for M61. Excessive Pop-unders can create a negative user experience and based on it's overall impact, this should be marked as RB-Stable. 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ca665aa3ec597e3ceff512a4f2bef41e1d14968c

commit ca665aa3ec597e3ceff512a4f2bef41e1d14968c
Author: Avi Drissman <avi@chromium.org>
Date: Tue Aug 08 19:41:25 2017

Permission bubbles should never take focus.

The Views implementation of permission bubbles took care
to never take focus. This fixes Cocoa permission bubbles
to do the same.

BUG= 752630 
TEST=as in bug
TBR=avi@chromium.org

Change-Id: Iedd1455b1bf1f1c7307ded7aa2805256338bf7be
Reviewed-on: https://chromium-review.googlesource.com/602786
Reviewed-by: Sidney San Martín <sdy@chromium.org>
Commit-Queue: Avi Drissman <avi@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#492337}(cherry picked from commit df5b245e9ec0bcad06c15e86dd38b362ca65bafb)
Reviewed-on: https://chromium-review.googlesource.com/606930
Reviewed-by: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/branch-heads/3163@{#388}
Cr-Branched-From: ff259bab28b35d242e10186cd63af7ed404fae0d-refs/heads/master@{#488528}
[modify] https://crrev.com/ca665aa3ec597e3ceff512a4f2bef41e1d14968c/chrome/browser/ui/cocoa/base_bubble_controller.h
[modify] https://crrev.com/ca665aa3ec597e3ceff512a4f2bef41e1d14968c/chrome/browser/ui/cocoa/base_bubble_controller.mm
[modify] https://crrev.com/ca665aa3ec597e3ceff512a4f2bef41e1d14968c/chrome/browser/ui/cocoa/permission_bubble/permission_bubble_controller.mm

Rechecked this issue on chrome version 61.0.3163.39 on MAC 10.12.6 using the test case provided in comment#!. Observed that no permission bubble was displayed. Instead clicking on the link, directly opened the Pop up. Fix is working as intended. Adding TE-verified labels.

Thanks.!