Closed Bug 514111 Opened 15 years ago Closed 15 years ago

Many consecutive alert()s block browser UI, cause DoS

Categories

(Core :: DOM: Events, defect)

Product:
Core
Component:
DOM: Events
Platform:
All
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 61098

People

(Reporter: BenB, Unassigned)

Details

(Whiteboard: sg:dos)

Reproduction: 1. Webpage with the following JavaScript in onload (or similar): while(1) alert("You can't escape me!"); Actual result: The user gets a (webpage-JS-initiated) modal popup dialog with the text and an OK button. Given that the dialog is modal, the user can't close the browser window or tab or click 'Back' until the dialog box is closed. The dialog can be closed by clicking OK, but immediately afterwards, a new dialog box opens, before the user has a chance to close the window/tab/page. Essentially, the user needs to endlessly click "OK". Workarounds: There are only 3 ways (that I know of) for the user to get out of the situation: - At the same time hit RETURN (to trigger the OK button) on the keyboard, and click the window close button (window manager, usually X on top right) with the mouse, and do that very often and very quickly. This worked for me after a maybe a dozen attempts. Disadvantage: bad discoverability, bad accessibility (esp. for older people), takes a while to succeed, and all tabs of the window will be closed. - Kill browser, using OS means Disadvantage: new computer users don't know how to do it, kills the whole browser session incl. all other open pages. - Turn off computer Advantage: Good discoverabilty, Disadvantage: destructive Expected result: - Dialog is modal only towards the webpage, not the browser window. While the alert() is up, I can still use the browser menu, switch (and close) tabs and close the window. - (In addition, possibly:) Add delay hardcoded between two alerts, e.g. 2s, during which the browser UI is accessible and page JS is halted (immediately before the second alert).
Whiteboard: sg:dos
Summary: Many alert()s in a row block browser UI, cause DoS → Many consecutive alert()s block browser UI, cause DoS
Not even closing the window using the KDE task bar (right click on Firefox window button in the window list, selecting Close) works while the alert() is up.
Duplicate of bug 61098
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.