1315677 - Using opener.alert() to open an alert in a background tab blocks JS execution in the *current* tab and produces a confusing user experience

Status: NEW

(Core :: DOM: Core & HTML, defect, P2)

Description

[Jose María Acuña]

Attachment: ice_video_20161107-150943.webm

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36

Steps to reproduce:

1- creates a local html file:

<html>
<head><title>Page Locking</title></head>
<body>

<a href="https://www.mozilla.org/en-US/firefox/new" onclick="
	var x = top.open(this.href,window,'');
	setTimeout(function(){
		x.document.body.outerHTML += '\
		<iframe src=http://www.adslzone.net/app/uploads/2016/02/mozilla-firefox-evitar-rastreo.jpg onload=parent.top.opener.alert(\'blocking\')\
			style=position:fixed;top:0;left:0;width:100%;height:100%;border:0></iframe>';
	}, 0);
	return false;">
	Page Locking
</a>

2- run in mozilla firefox


Actual results:

the implementation of the new page is blocked


Expected results:

should block the first tab not allowing open a new tab until the modal dialog will not close (as in google chrome)

Comment 1

[Kanchan Kumari QA]

I can reproduce this issue on es-MX/ build 

Agente de usuario 	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0

This issue is not reproducible for me on en-US build. I see same behavior on Chrome and Firefox(en-US).

Comment 2

[Hsin-Yi Tsai (she/her) [:hsinyi]]

:marcosc tried to reproduce on MacOS using Nightly, but want not able to get it to lock. Getting "Error: Permission denied to access property "document""

Is that above expected?

Comment 3

[Jose María Acuña]

1- Tested on Firefox 50.1.0 and Firefox Developer Edition 52.0a2 (2016-12-19) (32-bit) for windows
2- To reproduce the case it is necessary to clear the browser cache

Demo: https://drive.google.com/file/d/0B5G3cbs08P16Nm14eUhzb2hCSDQ/view

Comment 4

[Hsin-Yi Tsai (she/her) [:hsinyi]]

I still cannot reproduce this issue with the example code on comment 0 due to "Error: Permission denied to access property "document""  However, I did see this issue if I modify the "iframe src", that is, let it meet same-origin-policy, for example "<iframe src=https://www.mozilla.org/en-US/privacy/firefox/"

Hi Catalin,
I am flagging on you since you are looking at bug 1316798 which looks somewhat related with you, and I am guessing you might find this interesting to look into as well. :)

Comment 5

[Hsin-Yi Tsai (she/her) [:hsinyi]]

(In reply to Hsin-Yi Tsai [:hsinyi] from comment #4)
> I still cannot reproduce this issue with the example code on comment 0 due
> to "Error: Permission denied to access property "document""  However, I did
> see this issue if I modify the "iframe src", that is, let it meet
> same-origin-policy, for example "<iframe
> src=https://www.mozilla.org/en-US/privacy/firefox/"
> 
> Hi Catalin,
> I am flagging on you since you are looking at bug 1316798 which looks
> somewhat related with you, 
                   ^^^^^^^^^  typo: I meant, somewhat related with this bug :)

> and I am guessing you might find this interesting
> to look into as well. :)

Comment 6

[Cătălin Badea (:catalinb)]

I managed to reproduce this on developer edition 52.0a2 (2016-12-19) 64-bit macOS. For nightly this happens only for same origin urls. However, I don't see JS main loop execution being blocked in the new tab.

One thing that's interesting, if the alert happens before the new tab fires the 'load' event, it will block it indefinitely.

I'll investigate this further.

Comment 7

[Hsin-Yi Tsai (she/her) [:hsinyi]]

Thanks Catalin!

Comment 8

[Laura Cordova]

Attachment: same problem

Thanks from supconglungba1976.