I remain baffled that alerts in modern browsers are still handled with an OS-level modal dialog that prevents interaction with the browser's interface elements.
Couldn't the alert instead be rendered as an overlay to the page itself, be modal to just that tab, and not disable the browser Chrome? This would make it much harder for pages to "trap" users with alert spam. The existing policies (don't allow this page to create more dialogs -> page instantly redirects to itself to reset the flag) aren't doing a good enough job.
> Couldn't the alert instead be rendered as an overlay to the page itself, be modal to just that tab, and not disable the browser Chrome?
Firefox and Safari do exactly that.
> The existing policies (don't allow this page to create more dialogs -> page instantly redirects to itself to reset the flag) aren't doing a good enough job.
Does that work? I've never seen any pages that circumvent alert blocking like that, and I'd have imagined that any sensible implementation would disable alerts for the entire session (or at least a few minutes).
I don't know what the exact exploit of the behavior is, but I've observed it on several "infected" computers while working in tech support. I've seen it on Internet Explorer, Microsoft Edge, Google Chrome, and some variation of it on Safari, all of which I was only able to remedy by forcefully closing the browser using the task manager or equivalent.
Truthfully, I have not actually observed this behavior on Firefox, and I'm quite thankfully no longer in the business of providing technical support to personal computer users, so hopefully I never will.
Couldn't the alert instead be rendered as an overlay to the page itself, be modal to just that tab, and not disable the browser Chrome? This would make it much harder for pages to "trap" users with alert spam. The existing policies (don't allow this page to create more dialogs -> page instantly redirects to itself to reset the flag) aren't doing a good enough job.