Contact emails
Spec
The relevant link is https://html.spec.whatwg.org/#dom-alert .
Summary
alert dialogs are a remnant of JavaScript 1.0. They allow web pages to inform the user and get input from the user, but lock up the entire browser while doing so. Many web pages use them legitimately, so we don't want to break them, but there are many sketchy websites that use the app-modality of dialogs to scare the user into thinking their computer is infected and scam them. While services like SafeBrowsing help a little here, the turnover rate of domains used for the scamming is high, and SafeBrowsing lags. In addition, there is a security issue involving dialogs that is actively being abused in the wild.
This Intent is to ignore requests to show dialogs that are made from pages that have low Site Engagement. This helps in both the scam website case, and with the security issue.
What is Site Engagement? Site Engagement is a measure of how much the user interacts with a site. The more that a user visits/uses a site, the higher the engagement score is. If you want to see engagement scores on your Chrome, check out chrome://site-engagement.
For those concerned that this would interfere with legitimate use of JavaScript dialogs, even a moderate use of a website for 10 minutes at a sitting, just once a week would be enough to allow the use of dialogs.
Firefox already does something similar to this. As noted in their onbeforeunload documentation:
browsers may not display prompts created in beforeunload event handlers unless the page has been interacted with.
This does not violate the spec. Per https://html.spec.whatwg.org/#dom-alert, we already have the right to block dialogs at our discretion.
(There is an ongoing project (unrelated to this) that is working on breaking the app-modality. This Intent is a complement to that project, and can be done sooner.)
Motivation
Users are being harmed by bad actors. This mitigates much of the abuse of the API by bad actors while preserving the legitimate use of this API.
Interoperability and Compatibility Risk
Firefox already does this for onbeforeunload dialogs. We would be following them there, and going further.
Ongoing technical constraints
None.
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Yes.
OWP launch tracking bug
None yet.
Link to entry on the feature dashboard
This is a change to existing behavior that remains spec-compliant. I don't believe it requires a feature dashboard entry.
Requesting approval to ship?
Yes.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
Maybe two histograms, then? The length of dialog text when the engagement is below the proposed cut-off, and the length when the engagement is above the cutoff?
We need better analysis tools :(
I think the fundamental issue here is one of data volume. Every opted-in chrome user will be uploading this data. 100 words per day per user is probably OK, but 100*100 is not (especially once you multiply by the thousands of different things people want to measure).