Many JavaScript newcomers start with this simple line:
alert("Hello, World");
However, Chrome's recent removal of alert() functionality within cross-origin iframes caused widespread issues, as evidenced by a surge in CodePen support tickets. This change, along with the deprecation of other native JavaScript dialogs like confirm(), prompt(), and onbeforeunload, significantly impacts websites like CodePen which rely heavily on cross-origin iframes for security. The lack of prior warning added to the frustration.
While security concerns are understandable (JavaScript dialogs appear identical regardless of origin, potentially confusing users), the abrupt change overlooks existing solutions like sandboxing. <iframe sandbox=""></iframe> provides robust security, allowing specific features to be enabled selectively (<iframe sandbox="allow-scripts allow-downloads ...etc"></iframe>). The existing allow-modals attribute seems insufficient, suggesting a broader goal: complete removal of JavaScript dialogs from the web platform.
This drastic measure would break countless tutorials and applications. Although the cross-origin restriction is delayed until January 2022, the planned complete removal, supported by Chrome, Firefox, and Safari, is deeply concerning. The lack of sufficient developer and user consultation is a major criticism.
The suggested alternative, postMessage, presents several drawbacks:
-
Non-blocking behavior: Unlike JavaScript dialogs,
postMessagedoesn't halt execution, altering application flow. - Code injection: Requiring developers to inject code into user code introduces technical debt and unexpected side effects (e.g., altering CSS selector behavior).
- Security risks: Passing user-generated data to the parent frame introduces potential XSS vulnerabilities.
Even simpler workarounds, like window.alert = console.log, share similar problems.
Many developers have voiced concerns:
- Jaden Baptista: Suggests containing the alert within the iframe itself, improving both security and UX.
- Matthew Phillips: Critiques the decision as prioritizing certain websites over others.
- Dan Abramov: Expresses concern over the lack of respect for existing use cases and implementation complexity.
-
Ben Lesh: Points out that some applications use the blocking nature of
alert()as a feature (e.g., pausing games).
The cited metric of 0.006% of page views using these functions in cross-origin iframes is misleading, as Dan Abramov highlights: critical functionalities, such as account deletion flows, might not be accessed frequently but are nonetheless essential.
Chris Ferdinandi and Jeremy Keith further emphasize the lack of communication and the significant impact on web development. The condescending responses from some within Google only exacerbate the issue.
While acknowledging Google's contributions to web advancement, the criticism focuses on the lack of developer and user outreach, insufficient discussion of implications and transition strategies, and a lack of openness to adjusting the course of action. More collaborative and transparent processes are crucial for future web platform changes.
The above is the detailed content of Choice Words about the Upcoming Deprecation of JavaScript Dialogs. For more information, please follow other related articles on the PHP Chinese website!
Where should 'Subscribe to Podcast' link to?Apr 16, 2025 pm 12:04 PMFor a while, iTunes was the big dog in podcasting, so if you linked "Subscribe to Podcast" to like:
Browser Engine DiversityApr 16, 2025 pm 12:02 PMWe lost Opera when they went Chrome in 2013. Same deal with Edge when it also went Chrome earlier this year. Mike Taylor called these changes a "Decreasingly
UX Considerations for Web SharingApr 16, 2025 am 11:59 AMFrom trashy clickbait sites to the most august of publications, share buttons have long been ubiquitous across the web. And yet it is arguable that these
Weekly Platform News: Apple Deploys Web Components, Progressive HTML Rendering, Self-Hosting Critical ResourcesApr 16, 2025 am 11:55 AMIn this week's roundup, Apple gets into web components, how Instagram is insta-loading scripts, and some food for thought for self-hosting critical resources.
Git Pathspecs and How to Use ThemApr 16, 2025 am 11:53 AMWhen I was looking through the documentation of git commands, I noticed that many of them had an option for . I initially thought that this was just a
A Color Picker for Product ImagesApr 16, 2025 am 11:49 AMSounds kind of like a hard problem doesn't it? We often don't have product shots in thousands of colors, such that we can flip out the with . Nor do we
A Dark Mode Toggle with React and ThemeProviderApr 16, 2025 am 11:46 AMI like when websites have a dark mode option. Dark mode makes web pages easier for me to read and helps my eyes feel more relaxed. Many websites, including
Some Hands-On with the HTML Dialog ElementApr 16, 2025 am 11:33 AMThis is me looking at the HTML element for the first time. I've been aware of it for a while, but haven't taken it for a spin yet. It has some pretty cool and
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Atom editor mac version download
The most popular open source editor
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
Zend Studio 13.0.1
Powerful PHP integrated development environment
WebStorm Mac version
Useful JavaScript development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
