[whatwg] Can we deprecate alert(), confirm(), prompt() ?
Biju
bijumaillist at gmail.com
Mon Mar 5 19:34:15 PST 2012
Today I again landed on a malicious site which trap users using
alert/confirm to download some application.
URL :
http://usaaccount2.com/?q=MzI1ODA0MTZEkBZYYoU0AEZuUVlSQUVaV0lWc05hc0NnenljeURJTABhOTNkNTY2M2YwNmI1OWIxZWI1NTEwYjE0ZDg1NjE0M2VkZGUzOTZkMjUwN2Q5M2NlYWI2Yzk5NzA5NjkxY2NlNjM0NTMzZmU4M2Q5ZDA5NgBEQWVCd1psR0pqRklrTFJIb1MxMzMwOTk3MzQzbVdPWU53SlBLbjc=
(or go it by http://snipurl.com/22hv8zh )
I landed there when I got redirected from.
http://ndia-tvc.org/jiamd_luncheon_18nov08/pages/letter-formation-worksheets
I think that page is hacked as its links and contents is not same as
other regular page at http://ndia-tvc.org/
Also I feel if download is not triggered by CLICK event browsers
should not prompt user to download content that not HTML/JPG/PNG.
Cheers
Biju
On 6 February 2012 19:03, Ian Hickson <ian at hixie.ch> wrote:
> On Tue, 10 Jan 2012, Ojan Vafai wrote:
>>
>> The only complaint I'm aware of is in http://crbug.com/97206. The bug
>> comments are confusing. The primary issue there is WebKit not firing
>> beforeunload/unload from frames in some cases, but there is one comment
>> about code that calls "confirm" from unload handlers followed by a sync
>> XHR to save data that now breaks.
>
> I've specced this (it's optional for now). I didn't check how closely what
> I specced matches Chrome.
>
> --
> Ian Hickson U+1047E )\._.,--....,'``. fL
> http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
> Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list