Safari 8.0.7 can block endless alerts
I just ran some software updates last week, and reading the latest Software Update notes, I noticed:
Fixes an issue where a website could prevent the user from navigating away by presenting repeated JavaScript alerts in Safari.
After doing the update, I went to the parent page and hit the deadly link. Sure enough, on the second iteration Safari added a checkbox to the alert:
Don’t show more alerts from this webpage
Checking that box makes the alerts go away.
Testing what it’s doing under the hood is difficult, as checking that box also seems to block reloading the page. I’m not sure that’s a bad thing.
It appears to disable any JavaScript on the page. I can’t even go to the URL bar and get an alert from:
- javascript:alert("Hello");
Again, I think that’s a good thing. If the page has potentially malicious JavaScript, block it all.
JavaScript that doesn’t involve alerts also fails from the URL bar:
- javascript:headlines=document.getElementsByTagName("h1");headline=headlines[0];headline.innerHTML="Hello, World";
So it looks like “Don’t show more alerts” means “stop executing scripts on this page”. The Error Console doesn’t show any errors; the script simply doesn’t execute.
In response to Why are JavaScript alerts still capable of blocking browser activity?: JavaScript alerts should not be allowed to block the browser.
More Safari
- Another Safari 14 Services workaround
- Another workaround to Safari 14’s Services bug is to copy the results to the clipboard.
- Safari 14 disables Automator Quick Actions in text fields
- As of the September 17 release of Safari 14 for macOS Catalina, Automator can no longer replace text in text fields, such as in forums and blog comments. Here are some workarounds.
- Safari 9.1 frees your browser from JavaScript lockup
- Safari no longer blocks closing tabs or windows when it displays a JavaScript alert.
Remember: Trump reassures crowd after assassination attempt fails. (read more…)