Open Bug 1615588 Opened 2 months ago Updated 15 days ago

Extend nsIPromptService to support tab modal system prompts


(Firefox :: Security, enhancement, P1)






(Reporter: pbz, Assigned: pbz)


(Blocks 6 open bugs)



(8 files)

We currently have tabprompts for prompts triggered by websites (window.alert, window.confirm, window.prompt). These I call "content" prompts.
We can't use content prompts for system prompting, because they are easily spoof-able and look like the belong to the web content.

The proposal is to add a "tab" prompt type which can be opened through the prompt service. It would still belong to a tab, thus not steal focus, improve usability and help with a lot of DoS issues we have with window level prompts. To prevent spoofing it should slightly overlap with the parent chrome, like we currently do it for the web payment dialog.

Where possible, our current system window prompts should be switched over to tab prompts.

I've attached a screenshot of my prototype implementation.

Blocks: 1594214
Priority: -- → P1
Blocks: 616849

Depends on D66449

Blocks: 1621737
Blocks: 1622817
Blocks: 1622836
Attachment #9132639 - Attachment description: Bug 1615588 - Extended nsIPromptService to support tab modal prompts. r=johannh! → Bug 1615588 - Extended nsIPromptService to support tab modal prompts. r=johannh!,MattN!

This patch updates the prompt code in browser.js and the tabprompts.jsm module
to support the two new prompt types: tab and content

  • Updated TabModalPromptBox to support both prompt types
  • Updated TabModalPrompt styles for tab prompt type

Depends on D66446

You need to log in before you can comment on or make changes to this bug.