Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Plans To Alter JavaScript Popups After Abuse From Tech Support Scammers (bleepingcomputer.com)

Posted by msmash on from the tidying-things-up dept.

An anonymous reader writes: Chromium engineers are discussing plans to change how JavaScript popups work inside Chrome and other similar browsers. In a proposal published on the Google Developers portal, the Chromium team acknowledged that JavaScript popups are consistently used to harm users.

To combat this threat, Google engineers say they plan to make JavaScript modals, like the alert(), confirm(), and dialog() methods, only work on a per-tab basis, and not per-window. This change means that popups won't block users from switching and closing the tab, putting an end to any overly-aggresive tactics on the part of the website's owner(s).

There is no timeline on Google's decision to move JavaScript popups to a per-tab model, but Chromium engineers have been debating this issue since July 2016 as part of Project OldSpice. A similar change was made to Safari 9.1, released this week. Apple's decision came after crooks used a bug in Safari to block users on malicious pages using popups. Crooks then tried to extort payment, posing as ransomware.

118 comments

  1. Oh well by Anonymous Coward · · Score: 5, Informative

    Took you fucking long enough!

    1. Re:Oh well by GLMDesigns · · Score: 2

      Amen.

      --
      If you're scared of your govt then you need to further restrict its powers
      Vote 3rd Party in 2016 and beyond
    2. Re: Oh well by Anonymous Coward · · Score: 0

      And why not fucking remove popups altogether? And the remove javascript too, please.

    3. Re: Oh well by DickBreath · · Score: 1

      I would support removing popups altogether as you say. I would not support removing Javascript. Applications need Javascript. More and more applications are moving from platform-specific (eg, Windows) applications into the browser.

      Maybe there should be some highly visible difference between sites that use Javascript and those that do not? Like the tab changing color -- just to throw up a silly idea.

      If Javascript could only affect that one tab that it runs in, then what harm could Javascript do?

      Javascript is valuable because you run Linux within a PC emulator written in JavaScript..

      Thus, you can have MAME
      running on Linux
      running on an emulator written in Javascript
      running on IE
      running on Wine
      running on Windows Subsystem for Linux
      running on Windows 10
      running on VirtualBox
      running on Linux
      running on the bare metal.

      Now why would you want to kill Javascript?

      (And yes, Wine now runs on Windows Subsystem for Linux.)

      --

      I'll see your senator, and I'll raise you two judges.
    4. Re: Oh well by sims+2 · · Score: 1

      They did that already it's just not a very popular option
      chrome://settings/content tick "Do not allow any site to run JavaScript" click done.

      --
      Minimum threshold fixed. Thanks!
    5. Re: Oh well by sims+2 · · Score: 1

      I would like to have scroll bars that are consistent some websites hide the scroll bar or make it so small it's hard to hit reliably with a mouse.

      Sure it might make the site look a bit better but everyone doesn't have a touchscreen and it sure makes the site a pita to use without working scrollbars.

      --
      Minimum threshold fixed. Thanks!
    6. Re:Oh well by Anonymous Coward · · Score: 0

      Actually Mozilla devs started this discussion. But Mozilla, once again, moves slow af.

    7. Re: Oh well by Anonymous Coward · · Score: 0

      I would support removing popups altogether as you say. I would not support removing Javascript. Applications need Javascript. More and more applications are moving from platform-specific (eg, Windows) applications into the browser.

      And that's exactly why the Internet sucks so badly now. Javascript is replacing Flash as a cancer that is infecting the Internet and ruining things.

      Not that long ago, you could disable Javascript and most websites still more or less worked. Shoving Javascpt shit down our throats has not created anything of value.

    8. Re: Oh well by Anonymous Coward · · Score: 0

      I'm confused. Are you being cynical, or are you a web-designer?

    9. Re: Oh well by Anonymous Coward · · Score: 0

      So we just removed Java from browsers and everyone praised how good move it was but JavaScript is valuable because... you can run it everywhere? Wait, what?

    10. Re: Oh well by slazzy · · Score: 1

      It did make sense to have some method to confirm closing of a window while the user was in the middle filling in a form for example, however it's abused for more than it's used correctly. That and it's pretty easy these days to save state without an old submit button, so it's really no longer needed. On a per-tab basis sounds like a good inbetween.

      --
      Website Just Down For Me? Find out
    11. Re: Oh well by Gr8Apes · · Score: 2

      You're missing the entire solution there, although you've hit upon a whole bunch of the problems. The real answer is to put the user in control, by default, of the way the page renders. If some JS wants to override the right click, it can only do so within a context wrapped by a control context. That control context will allow the user to, say, force normal right click behavior, or standard scroll bars, or standard left click behavior, for that matter, via simple controls that could be enforced by default on the browser. It probably should be by default.

      --
      The cesspool just got a check and balance.
    12. Re: Oh well by Anonymous Coward · · Score: 0

      That is the only way to use the Internet anymore - by disabling lazyScript. I've also blocked all images by default. Sure I might not enjoy a "media rich" browsing experience, but what of this rich media is there to enjoy? It's all just ads, drive-by exploits, and personal information dragnet peripherals. Ooooh boy, I might miss out on DRM'd 360p Netflix content and 180p YouTube videos!!

      The Internet is full of information and great things new and old to learn. I just want to browse the directory without any hassle please!

    13. Re: Oh well by Anonymous Coward · · Score: 1

      Damn you've been using crippled net so long you didn't notice YouTube can do decent video. That happened years ago BTW.

      I leave everything on, Java, JS, Flash.
      I don't care. If I get infected all I have to do is clone my old unplugged drive again.

    14. Re: Oh well by rickb928 · · Score: 1

      How many of these obscure the scroll bar just to trick you into clicking the page and getting their lovely ads, subscription, and notification come-ons?

      --
      deleting the extra space after periods so i can stay relevant, yeah.
    15. Re: Oh well by rickb928 · · Score: 1

      "The real answer is to put the user in control, by default, of the way the page renders."

      And thereby destroying the core use case for CSS. What?

      --
      deleting the extra space after periods so i can stay relevant, yeah.
    16. Re: Oh well by sims+2 · · Score: 1

      IDK I think twitch just does it for looks with no option to override.

      --
      Minimum threshold fixed. Thanks!
    17. Re: Oh well by cfalcon · · Score: 0

      > Shoving Javascpt shit down our throats has not created anything of value

      Javascript has created a lot of value. For instance, Javascript can request huge amounts of information on your local machine, to solidly fingerprint you. They can then add this fingerprint to a database, and it is often good enough to track you all around the web.

      To combat problem users, they just started putting a bit of javascript to actually load the webpage too. That way users will enable javascript, and the fingerprinting tracker along with it.

      So it has created plenty of value. Out of you. For others.

    18. Re: Oh well by omnichad · · Score: 1

      Badly coded legacy sites.

      These are not popups as you traditionally know them - these are like the Javascript alert() and prompt()

    19. Re: Oh well by LocalH · · Score: 1

      HTML, with or without CSS, was never supposed to be pixel-exact. Half of the problems with browsers relates to ignorance and even downright hostility to that notion.

      It's fine if there is a "pixel-exact to designer intention" mode, but given the absolute GLUT of shit design, there must also be a "fuck the designer, display things THIS way" switch.

      --
      FC Closer
    20. Re: Oh well by hackwrench · · Score: 2

      Java's ability to run anywhere was not it's fatal flaw.

    21. Re: Oh well by Anonymous Coward · · Score: 0

      And thereby destroying the core use case for CSS. What?

      And restoring the core use case for HTML.

    22. Re: Oh well by DickBreath · · Score: 1

      > I'm confused. Are you being cynical, or are you a web-designer?

      Both.

      But not 'web designer'. An application developer.

      --

      I'll see your senator, and I'll raise you two judges.
    23. Re: Oh well by DickBreath · · Score: 1

      If you don't like sites that do all kinds of crazy insane things using Javascript, then don't visit them.

      The fact that they do this says something about the intentions of the site's owners.

      If the site's owners have bad intentions, a technical fix is not going to help for very long. They will find other ways to screw you over. You can't change their bad intentions with a technical fix to your web browser.

      --

      I'll see your senator, and I'll raise you two judges.
    24. Re: Oh well by Anonymous Coward · · Score: 0

      Except that they use redirect and fraud to trick people into visiting.

      You're a fucking moron. When someone gets shot, you're standing around saying, "well he shouldn't have been standing in front of the gun."

      Go fuck yourself.

    25. Re: Oh well by Gr8Apes · · Score: 1

      "The real answer is to put the user in control, by default, of the way the page renders."

      And thereby destroying the core use case for CSS. What?

      Apparently you're totally ignorant of the actual purposes of HTML, and CSS for that matter. It's only guidance to how things are to be displayed, it's not nor ever was meant for the developer/designer to actually "control" what comes out on the other end. The sooner you realize that, the happier and more productive you'll be, and the fewer bugs you'll have in your code.

      --
      The cesspool just got a check and balance.
    26. Re: Oh well by Anonymous Coward · · Score: 0

      The old Opera was exact like that.

  2. Why the hypocrisy? by Anonymous Coward · · Score: 0

    I've encountered abusive ads on Slashdot doing those things and other malicious actions. It's hypocritical to complain about jlJavascript and advertising while making extensive use of it on this site. Users would be happy to subscribe, but instead of offering that option, we're stuck with potentially malicious ads and trackers. If you're going to complain about abusive ads and Javascript (and I agree about that), don't be hypocrites and potentially expose users to malware. Many of us would subscribe if given the option again.

    1. Re:Why the hypocrisy? by Anonymous Coward · · Score: 0

      *Is* that the editorial stance? Do any of slashdot's editors and owners actually complain about JS?
      I know the users do.

    2. Re:Why the hypocrisy? by Paradise+Pete · · Score: 1

      It's hypocritical to complain about jlJavascript and advertising while making extensive use of it on this site.

      The posted article is not "slashdot complaining about javascript." If it were then your statement would make more sense.

    3. Re:Why the hypocrisy? by Anonymous Coward · · Score: 0

      Many of us would subscribe if given the option again.

      Unfortunately, you and the 7 other people who would be willing to subscribe to the shitty, low quality crap that is Slashdot aren't going to generate enough money to satisfy the corporate overlords. And so they must resort to every shady practice available to generate MORE MONEY MORE MONEY MORE MONEY.

    4. Re:Why the hypocrisy? by omnichad · · Score: 1

      On really short pages (3 or 4 comments), you can't even scroll to the bottom of the page - the ad js forces you back up. You can't read the last comment on the page without disabling JS.

    5. Re:Why the hypocrisy? by tepples · · Score: 1

      Users would be happy to subscribe, but instead of offering that option, we're stuck with potentially malicious ads and trackers.

      Slashdot used to offer subscriptions years ago. Nowadays it seems only SoylentNews offers that.

  3. Thank diety by Anonymous Coward · · Score: 0

    I can't count how many times I have had to reload my 4chan pron after some popup from swfchan forced me to kill all of my chrome processes

    1. Re:Thank diety by Anonymous Coward · · Score: 0

      4chan
      popups

      Nope. Not falling for those traps.

  4. It's taken... how many decades? by squiggleslash · · Score: 4, Informative

    Seriously, this has been a problem since Netscape first implemented alert(). Why has it taken this long for someone to fix it?

    --
    You are not alone. This is not normal. None of this is normal.
    1. Re:It's taken... how many decades? by Anonymous Coward · · Score: 5, Informative

      But Firefox fixed this years ago. All of the alerts are bound to the tab and not the window.

    2. Re:It's taken... how many decades? by Anonymous Coward · · Score: 3, Informative

      Firefox fixed this in early 2011. It's Chrome that's lagging behind in this case.

    3. Re:It's taken... how many decades? by DickBreath · · Score: 1

      Just get rid of alert() and make America great again. Or make the Internet great again.

      --

      I'll see your senator, and I'll raise you two judges.
    4. Re:It's taken... how many decades? by Anonymous Coward · · Score: 0

      Yeah, I was wondering wtf this was talking about, until I realized it's what, on Firefox, is a dialog centered on the greyed-out page that is clearly not an OS window and doesn't affect anything outside the tab. Not that I see those very often, with NoScript whitelisting on.

    5. Re:It's taken... how many decades? by slazzy · · Score: 1

      I'd say rather than getting rid of alert, change the way the browser displays the alert to a user. Maybe instead a small bar at the bottom of the page that doesn't interfere with anything would be a better standard way of displaying a message without blocking user interaction.

      --
      Website Just Down For Me? Find out
    6. Re:It's taken... how many decades? by AmiMoJo · · Score: 1

      A better fix would just be to disable the damn thing. I can't think of a single time I've found a javascript pop-up useful.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    7. Re:It's taken... how many decades? by Anonymous Coward · · Score: 0

      Chrome does have its own built-in task manager -- just hit Shift-Escape. This will let you kill open tabs without closing the program.

    8. Re:It's taken... how many decades? by Gr8Apes · · Score: 1

      A better fix would just be to disable the damn thing. I can't think of a single time I've found a javascript pop-up useful.

      Oh, all the time, especially when I'm in development.

      --
      The cesspool just got a check and balance.
    9. Re:It's taken... how many decades? by Anonymous Coward · · Score: 1

      Use console.log

    10. Re: It's taken... how many decades? by Anonymous Coward · · Score: 0

      No! I can't have anything on my screen!
      Can't you just use text to speech and play it thru the PC speaker?

    11. Re:It's taken... how many decades? by crashumbc · · Score: 1

      TIL'd and from a AC !

      wow the internet is truly doomed...

    12. Re:It's taken... how many decades? by omnichad · · Score: 1

      That's easy for them when their entire UI is XUL and basically just HTML/JS already.

    13. Re: It's taken... how many decades? by corychristison · · Score: 1

      They are useful for confirming actions, especially delete functions of things. It's not often I use them on a public facing site, though. When it comes to the Administration of the site, I use them frequently.

      With that said, I've moved most of my projects to an inline modal (constructed inside of the page using HTML/CSS/JS). Way more flexibility, and less user annoyance.

    14. Re:It's taken... how many decades? by Carnildo · · Score: 1

      Opera's had a "Disable scripts on this page" button in the alert boxes for as long as I can remember.

      --
      "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
    15. Re:It's taken... how many decades? by Anonymous Coward · · Score: 0

      What if you want to stop execution long enough to see what's actually been drawn on the DOM? I'm not aware of breakpoints in JS.

    16. Re:It's taken... how many decades? by dave420 · · Score: 1

      Dev tools can do all that. You can break when elements change, etc., or have JS breakpoints wherever you want. You can even get a frame-by-frame trace of the app's behaviour should you want.

    17. Re:It's taken... how many decades? by Gr8Apes · · Score: 1

      And the dev tools are? Oh yeah, those wonderful browser things appear to be the "best". Compared to other languages and tooling, JS at best has a poor haberdashery of developer tools when it comes to tracing down bugs in logic that may have started 20 closures ago.

      --
      The cesspool just got a check and balance.
  5. Technical solutions to behavioral problems by m0gely · · Score: 0

    The scammers seem to have little worry in the face of calling them out on their shaniannigans. I've had them point out the google search results to ME about phone scammers and using that to describe the REAL bad people out there. They're looking for low hangin fruit and efforts need to be made to stop this from happening, not sure this will make much of a dent in this particular case.

    1. Re:Technical solutions to behavioral problems by DaHat · · Score: 1

      Why not then employ stronger tactics against them... like a broadside?

      Just this week I had such a redirect & popup (thanks to a compromised WordPress site I was visiting), noted the # and set it along with a screenshot. A couple of hours later the phone # was no longer picking up as clearly they realized they weren't going to get any more legit calls in through it.

      --
      Help Brendan pay off his student loans
  6. Maybe it's different on Linux by oobayly · · Score: 1

    I've found that i can right click on a tab to close it when it's been hijacked by models.

    1. Re:Maybe it's different on Linux by Stavr0 · · Score: 1

      I've found that i can right click on a tab to close it when it's been hijacked by models.

      Is that the one where one goes down on you while the other steals your wallet? Because I already heard that one.

    2. Re:Maybe it's different on Linux by Tharkkun · · Score: 1

      I've found that i can right click on a tab to close it when it's been hijacked by models.

      Is that the one where one goes down on you while the other steals your wallet? Because I already heard that one.

      That happened this morning. It felt good until it was really bad.

    3. Re:Maybe it's different on Linux by Scoth · · Score: 1

      They got me three times last week, and twice so far this week. Has to stop.

    4. Re: Maybe it's different on Linux by Anonymous Coward · · Score: 0

      Send them my way. It'll be funny when they steal my empty wallet.
      Well, it'll be funny for them :(

  7. What the hell by Anonymous Coward · · Score: 1

    Why the fuck were pop-ups seizing control of the entire fucking browser in the first place?

    1. Re:What the hell by DaHat · · Score: 1

      Isn't that the point of modal dialogs/windows?

      --
      Help Brendan pay off his student loans
    2. Re:What the hell by Anonymous Coward · · Score: 1

      Yes. The question stands: why the fuck was this behavior ever supported in the first place?

    3. Re:What the hell by Scoth · · Score: 1

      Likely because it dates back to the pre-tab era when you just had one window in the first place. Once tabs became a thing, the paradigm was never updated. Hopefully they get this in there quick.

    4. Re:What the hell by omnichad · · Score: 1

      Even then, one repeating alert() box kept you from closing the browser window.

    5. Re:What the hell by cfalcon · · Score: 1

      > why the fuck was this behavior ever supported in the first place?

      You know exactly why this behavior was desired, and it was never in the interest of the user.

  8. It's about time... by Anonymous Coward · · Score: 0

    I have often wondered why javascript prompts weren't tab specific. It is ridiculous to have a single tab interrupt you when in another tab.

    All browsers should be doing this.

    1. Re: It's about time... by Anonymous Coward · · Score: 0

      Which browsers don't, besides Chrome? Firefox hasn't had this issue for half a decade.

  9. How about more info on the dialog? by swb · · Score: 4, Insightful

    Like the originating URL, submission URL or some general flag that says the pop up is generated by a site, and not the browser.

    1. Re:How about more info on the dialog? by wonkey_monkey · · Score: 1

      I think these modal dialog boxes are always generated by sites, not the browser. You shouldn't need more info, because they should only be shown while you're on the relevant tab (Firefox does this now; it used to force-switch to the tab whenever a modal was generated).

      --
      systemd is Roko's Basilisk.
  10. Fix it in android too by Anonymous Coward · · Score: 0

    Stupid pop-ups that take over the tab, that will not let you close it and make the phone's buzzer go off repeatedly.
    You finally have to kill chrome completely.

    1. Re: Fix it in android too by Anonymous Coward · · Score: 0

      Slashdot is going to lose a fortune. They're the worst offenders with that abuse.

      Remember when there used to be thousands of comments on an article instead of tens?

      Fucking morons.

  11. What about the mouse pointer? by Anonymous Coward · · Score: 0

    Trying to find out what happened to the author of Darkout as he pretty much disappeared and abandoned it, I checked his website...the domain for which has been bought by some scummy shitbags. The mouse pointer started moving around inside the window - bit of a giveaway, that - and I got a popup warning me of all sorts of dire issues the site had found on the PC. Couldn't even close the page with the mouse, ctrl+w didn't work, etc. Ended up restarting the machine using the keyboard and just killing the tab on reboot. Damned if I know why I didn't install uMatrix on that machine as I'd do normally, but it's on there now.
    The Darkout guy is now apparently working on Star Citizen. Read into that what you will.

  12. Safari also fixed this... by SuperKendall · · Score: 2

    Not sure when but in Safari Javascript popups come un in the tab, that you can switch away from.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Safari also fixed this... by Anonymous Coward · · Score: 0

      is that why it says this in the original post?

      nice reading you fat cunt

    2. Re: Safari also fixed this... by Anonymous Coward · · Score: 0

      The OP has it wrong. Apple did do this in Safari 9.1, which was released a *year* ago. They released 10.1 this week.

  13. Just in time for HTML5 Web Apps by mykepredko · · Score: 1

    Making the alert, confirm and dialog models tab based seems like a reasonable restriction while still allowing HTML5 apps which will probably use these models for not nefarious purposes. Anything more may be an inconvenience for HTML5 web app authors - but not a roadblock to scammers.

    I'm looking at it from the perspective of having done a Google extension which required these models; while being available in the browser using Javascript, they're not available to extensions. As extensions go away and move to web apps, it will be nice to have this functionality as APIs, rather than the Javascript code we had to put together to provide the same functionality in the extension.

    And therein lies the rub. If somebody wants to do something, especially if they are trying to steal from others, they will find a way - this is a speed bump at best. I'm sure that even as I write this, someone is coming up with a Javascript (now WebAssembly?) approach to locking up a browser and maybe the entire system until the user gives up their credit card number.

    --
    Mimetics Inc. Twitter
  14. Re:cool by Anonymous Coward · · Score: 0

    This is down my site
    http://bit.ly/2njxMRq

  15. It's a big problem by jshipp · · Score: 2

    It's the most common type of call I get now. I support over 1,000 users at various companies around my city and most are using application whitelisting and don't know their own admin passwords, so it's pretty much impossible for them to execute a real virus, the these javascript tricks are scaring them left and right. I get a call almost every day over it. They are so upset they can't settle down long enough for me to tell them "restart windows". When they finally listen to me and restart windows, they wont let me off the phone until after windows has restarted and they see facebook still works.

    1. Re:It's a big problem by nitehawk214 · · Score: 2

      It sounds more like a problem with your users being drooling idiots.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    2. Re:It's a big problem by AmericaRunsOnDunkin · · Score: 3, Funny

      It sounds more like a problem with your users being drooling idiots.

      It's like they say: you can pick your friends, but you can't pick your users. Can't live with them, can't kill them.

    3. Re: It's a big problem by Anonymous Coward · · Score: 0

      Yup. A few years ago I worked at a deli. Corporate had a way of stopping franchises from blowing up the help line over any little thing. It was very simple really. Calling the help line cost $15 per call.

    4. Re:It's a big problem by MightyMartian · · Score: 1

      For chrissakes, most users are drooling idiots. Pretty much every application, but in particular every application that connects to the Internet, has to take into account that the odds are fairly good that the person sitting in front of the keyboard is a drooling idiot.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    5. Re:It's a big problem by Kjella · · Score: 1

      It sounds more like a problem with your users being drooling idiots.

      Well I've run into some of these that manage to

      a) create a pop-up window that covers almost the whole screen without the usual navigation
      b) throw the modal dialog in an infinite loop, you must check that little "stop creating dialogs" box to escape
      c) use a reload/redirect trigger/timer so you get sent to a new page with a new dialog if you break the b) loop

      It's fucking annoying and I could very well understand a clueless user thinking he's been hacked. I've not managed to find any way out of the most annoying ones except to start killing chrome processes in the task manager until I find the right one. Or close the whole browser, but I don't have it set to continue with tabs from last time so that's real annoying.

      --
      Live today, because you never know what tomorrow brings
    6. Re:It's a big problem by Anonymous Coward · · Score: 0

      And only in tech are companies/workers so openly hostile to their users. Ripping users is such douchy behavior. Other industries don't denigrate their reason for existence. The 1000 users are "customers" and solving their drooling idiot problem is the job for which he/she is being paid.

      Let the trolling begin because I didnt espouse the "tech knowledge makes you a god" narrative. The self aggrandizing on Slashdot makes the comment boards painful.

  16. "JavaScript popups are consistently used to harm u by Anonymous Coward · · Score: 0

    JavaScript is consistently used to harm users. There FTFY.

  17. Why not block all that shit. by Anonymous Coward · · Score: 0

    Assholes.

  18. It's about damn time... by drew_92123 · · Score: 1

    As far as I'm concerned browser devs are a bunch of cunts for allowing this shit in the first place and they all should be kicked square in the ass with razor studded boots for not fixing it sooner.

  19. The actual problem is javascript on by default by Anonymous Coward · · Score: 0

    Javascript should have the same status as plugins with a "This site wants to enable javascript" dialog ... and it should be part of the standard. Sure you can run Noscript and manually white list sites, but that is kind of a kludge.
     
        I actually stopped using Chrome at all, because I'd occasionally get an ad (don't ever click the low quality ads at the bottom of slashdot by accident) that prevented all interaction except to install some extension... and by all interaction, I mean no tab-switching, no keyboard shortcuts, no closing the window except to kill it externally. If you ask me its too little too late. Chrome doesn't even fix simple little things that don't cause a "buzz"... like keyboard text selection in the address box (everywhere else Shift + up selects everything to the beginning of the line ) Its definitely due for a 1000 paper cuts bugfix session.

  20. Frustrating by Anonymous Coward · · Score: 0

    One time i get more than 20 popup

  21. Do it. by Anonymous Coward · · Score: 0

    Do it.

  22. Re: I alter Google's ad javascript (stalling it) by Anonymous Coward · · Score: 0

    I wasn't aware DNS had anything to do with misbehaving JavaScript

  23. THANK YOU JEBUS by Anonymous Coward · · Score: 0

    I've constantly been saying this should be done in the Google Groups, the development boards and everywhere in the Chromium Development since it began.
    Not to mention Firefox as well at the time

    Modal dialogs for tabbed interfaces never made a single bit of sense.
    There are ways to deal with it, like flashing a taskbar like literally every bit of software has done since modern OSes existed over a decade ago.
    Flash the damn tab if it needs attention.
    Window and tab management has sorely been lacking in modern tabbed software.
    Even shit from the 90s has better child window and tab management than most software today!
    Chromium pushed for tabs being the "center of attention", yet it was always lacking this idea fully because of the modality of dialog boxes.
    If you want to make web browsers as an OS in miniature, make a damn tab management system!
    It is bad enough on Chromium when you have that prick Ben who has probably never had more than 3 tabs open in his entire life so doesn't understand the usage of people that aren't Facebook babbies. Ben, killer of sidebars and life-giver to shitty pop-up balloons that die when you click off them. Fuck off.
    But then, Chromium IS designed for retards. I keep forgetting that. Luckily that's why extensions exist, for the non-retards.
    Modal dialogs should only ever be modal to the entire browser IF AND ONLY IF it involves the entire process. (memory errors, hardware faults, exit confirm, etc.)

  24. I hadn't noticed by Solandri · · Score: 1

    Since I just disabled all pop-ups entirely. Occasionally I have to turn it on for a banking site and the very rare shopping site. But defaulting it to disabled and enabling it only when needed seems a much more sensible approach than defaulting it to enabled and disabling it on a case-by-case basis.

    1. Re:I hadn't noticed by wonkey_monkey · · Score: 1

      It sounds like you're talking about pop-up windows, not pop-up dialogs, like alert() and confirm().

      --
      systemd is Roko's Basilisk.
  25. I alter Google's ad javascript (stalling it) by Anonymous Coward · · Score: 0

    Stop ads infecting/tracking/slowing you via hosts (most efficient way) & APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

    Ads/script & malware rob speed/security/privacy

    Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).

    Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!

    Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!

    * Via what u NATIVELY have in the IP stack in FASTER kernelmode!

    APK

    P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

  26. Three Letters by Anonymous Coward · · Score: 0

    Picture those letters in your mind for a moment. Now say out loud what they stand for. You're halfway there, you know what you need to do.

  27. Like Firefox? by thisisauniqueid · · Score: 1

    Oh, you mean like Firefox has been doing for YEARS? You mean as detailed in bug number FOUR HUNDRED AND FIFTY SIX out of 707,000 bugs filed so far in the Chromium bug tracker?

  28. JavaScript is more free than Java by tepples · · Score: 0

    The Java spec is encumbered by Oracle copyright with licensing terms that prohibit distributing a work in progress implementation to the public. This means all new JVMs must be developed under NDA, not in the open. ECMAScript and the HTML DOM have no such encumbrance.

  29. vagrant up by tepples · · Score: 1

    More and more applications are moving from platform-specific (eg, Windows) applications into the browser.

    If an application runs in a Vagrant box, it can run on any platform that runs Vagrant. This includes Windows, macOS, and GNU/Linux. So if the sticking point is being platform-specific, why can't an app be distributed as a Vagrant box, and then the user uses an X11 server or RDP or VNC client to interact with it?

    1. Re:vagrant up by dave420 · · Score: 1

      Because the two are not even remotely comparable. Are you seriously asking why we don't download hundreds of megabytes or a gigabyte or two VM image as opposed to 500KB of JS in a browser?

  30. Finally! by rkagerer · · Score: 1

    It's about time they made alert() dialogs tab-modal instead of window-modal. This is not so much news, as poor UX that should have been corrected long ago.

  31. In ten years... by Parker+Lewis · · Score: 1

    ... Google will realize scammers are abusing float boxes.

  32. thank god by Anonymous Coward · · Score: 0

    I'm tired of clicking on the wrong link and having my whole browser window lock up from infinite popups, despite having ublock origin. No web page should be able to do that!

  33. About time! by sgunhouse · · Score: 1

    Opera Presto (that is, versions 12.x and earlier) had this years ago.

  34. Please let me control what i download by Anonymous Coward · · Score: 0

    Put some control right on tab header and object-properties(image) to control download. So if i want to see a advt, i will right-click and show..

  35. Drop modals altogether by Anonymous Coward · · Score: 0

    Just drop modals. They're a relic of the monotask OS'es of the past, and just awful for everything else. They were just annoying on windows 3.1, figure it today.

  36. This bug has been about for a long time by Anonymous Coward · · Score: 0

    I reported this bug maybe with chrome 5 or 6.
    It was marked duplicate will not fix.
    Filed it again a bit later.

    FINALLY

    Oh note, there is also an HTTP Auth bug where it takes over the whole window... Hope they fix that too.

  37. Name resolution of adscript sources by Anonymous Coward · · Score: 0

    See subject & how ads work https://news.ycombinator.com/item?id=10221859/ downloading script to display ads from advertiser's servers which I block in hosts (thus no ads & more efficiently vs. NoScript by far which has to parse tags galore on pages - hosts block the sources LONG BEFORE that). Hosts also protect vs. DNS tracking (dns requestlogs) & it's many security issues seen below.

    APK

    P.S.=> DNS also has TONS of security & inefficiency issues galore by the 100's (partial list only) https://news.slashdot.org/comments.pl?sid=9007355&threshold=-1&commentsort=0&mode=thread&pid=51969075/ & hosts yield faster local system RAM resolution is FASTER vs. DNS (local or especially remote) + avoids ALL those issues via hardcoded favorite sites where you spend most of your time online & lightens DNS loads too (bonus, as DNS goes down a lot)... apk

  38. No response yet? by Anonymous Coward · · Score: 0

    It's not like you to allow a post to go unanswered. Did the advice finally land?! Let me know, maybe this whole episode is behind you at last.

  39. Annoying JavaScript behaviors by thejynxed · · Score: 1

    Popups, boxes that follow you around the page as you scroll, sound that over-rides or ignores any browser mute functionality, allowing the close, ok, and cancel buttons to be remapped to anything else than the stated functionality (usually these get remapped to load malware or redirect to another site that loads more unwanted scripts/tabs), forced reload timers, right-click disabling, cascading tab loads, tab locks, automated non-default application launch, automated and silent extension/plugin installation.

    The list could go on, but these are the prevalent ones that I've come across.I have no idea if any of these behaviors have a legitimate use at all, but I've yet to come across a legitimate use of any of them.

    --
    @Mindless Drivel: 100% of Twitter posts ever Tweeted.
  40. Ess Pee Aitch by Anonymous Coward · · Score: 0

    You missed a reply

  41. 19. 16. 8. by Anonymous Coward · · Score: 0

    You can figure out what the numbers represent. Why can't you act on what your own brain is telling you?