Summary: A new system tab level prompt to replace (most) window prompts on Desktop.
Bug: Bug 1615588 - Extend nsIPromptService to support tab modal system prompts <https://bugzilla.mozilla.org/show_bug.cgi?id=1615588> Platform coverage: Desktop, (Android) (chrome code) Schedule: Firefox 77 There are currently two different types of prompts in Firefox: Content: Mostly shown by websites via window.alert/confirm/prompt Window: System level, called from chrome via nsIPrompt and nsIPromptService Window prompts - The Problem Many of our system (window) prompts can be directly or indirectly triggered by web content. This poses a DoS threat. If not properly rate limited, window prompts can easily be spammed and exhaust system resources. Since they take exclusive focus and usually lock the browser while open, the user is unable to switch tabs or close the main window. Websites can abuse this and lock the user in. We are seeing multiple instances where this is actively abused in the wild. Some examples: Bug 1571003 - Basic auth confirmation prompt spam / DOS <https://bugzilla.mozilla.org/show_bug.cgi?id=1571003>Bug 615761 - window.external.AddSearchProvider loop DoS <https://bugzilla.mozilla.org/show_bug.cgi?id=615761>Bug 1611517 - DOS via insecure form submission prompt <https://bugzilla.mozilla.org/show_bug.cgi?id=1611517> Tab level system prompts - A new prompt type We plan to fix this DoS attack vector and also improve usability of system prompts by introducing a new tab prompt type. This type behaves similar to content prompts. It is shown per tab and does not steal focus from the main window. If spammed by websites, prompts are simply queued and the user can still close the tab. This should fix any prompt related DoS issues. Tab prompts are positioned higher in the browser and overlap with the upper chrome toolbar to distinguish them from content prompts and prevent spoofing. We are looking to visually separate them even further in the future. Overview & examples of updated prompt modal types <https://drive.google.com/file/d/1wJ6ixvamRI1sP8qQrMyqSJTRy_tefIIr/view?usp=sharing> Migration In the coming weeks, we will migrate all window prompts which are not global and can be clearly associated with a tab to be tab modal. This work is tracked in bug 616843 <https://bugzilla.mozilla.org/show_bug.cgi?id=616843>. How to Prompt Please use the nsIPromptService wherever possible. I’ve extended it to support prompting by BrowsingContext and modal type (window, tab, content). I’m also working on support for promise-based async prompting (Bug 1271842 <https://bugzilla.mozilla.org/show_bug.cgi?id=1271842>). I’ve added extensive documentation for the updated prompt service in the firefox-source-docs, which should land soon (see Bug 1622836 <https://bugzilla.mozilla.org/show_bug.cgi?id=1622836>). You can find a preview of the prompt service code documentation here <https://drive.google.com/file/d/1TEF3sbA9VFV3YipTXQW3U-afnynYQnkn/view?usp=sharing> . Please let me know if you have any questions or concerns. Best Regards, Paul _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
