Remove the ability of webpages to specify strings for the onbeforeunload dialog.

components/app_modal/javascript_dialog_manager.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/app_modal/javascript_dialog_manager.h"
 
 #include <utility>
 
 #include "base/bind.h"
 #include "base/i18n/rtl.h"
@@ skipping 146 matching lines @@
       default_prompt_text,
       ShouldDisplaySuppressCheckbox(extra_data),
       false,  // is_before_unload_dialog
       false,  // is_reload
       base::Bind(&JavaScriptDialogManager::OnDialogClosed,
                  base::Unretained(this), web_contents, callback)));
 }
 
 void JavaScriptDialogManager::RunBeforeUnloadDialog(
     content::WebContents* web_contents,
-    const base::string16& message_text,
+    const base::string16& /* message_text */,
     bool is_reload,
     const DialogClosedCallback& callback) {
   ChromeJavaScriptDialogExtraData* extra_data =
       &javascript_dialog_extra_data_
           [JavaScriptAppModalDialog::GetSerializedOriginForWebContents(
               web_contents)];
 
   if (extra_data->suppress_javascript_messages_) {
     // If a site harassed the user enough for them to put it on mute, then it
     // lost its privilege to deny unloading.
     callback.Run(true, base::string16());
     return;
   }
 
+  // Build the dialog message. We explicitly do _not_ allow the webpage to
+  // specify the contents of this dialog, because most of the time nowadays it's
+  // used for scams.
+  //
+  // This does not violate the spec. Per
+  // https://html.spec.whatwg.org/#prompt-to-unload-a-document, step 7:
+  //
+  // "The prompt shown by the user agent may include the string of the
+  // returnValue attribute, or some leading subset thereof."
+  //
+  // The prompt MAY include the string. It doesn't any more. Scam web page
+  // authors have abused this, so we're taking away the toys from everyone. This
+  // is why we can't have nice things.
+
   const base::string16 title = l10n_util::GetStringUTF16(is_reload ?
       IDS_BEFORERELOAD_MESSAGEBOX_TITLE : IDS_BEFOREUNLOAD_MESSAGEBOX_TITLE);
-  const base::string16 footer = l10n_util::GetStringUTF16(is_reload ?
-      IDS_BEFORERELOAD_MESSAGEBOX_FOOTER : IDS_BEFOREUNLOAD_MESSAGEBOX_FOOTER);
-
-  base::string16 full_message =
-      message_text + base::ASCIIToUTF16("\n\n") + footer;
+  const base::string16 message = l10n_util::GetStringUTF16(
+      is_reload ? IDS_BEFORERELOAD_MESSAGEBOX_MESSAGE
+                : IDS_BEFOREUNLOAD_MESSAGEBOX_MESSAGE);
 
   extensions_client_->OnDialogOpened(web_contents);
 
   AppModalDialogQueue::GetInstance()->AddDialog(new JavaScriptAppModalDialog(
       web_contents,
       &javascript_dialog_extra_data_,
       title,
       content::JAVASCRIPT_MESSAGE_TYPE_CONFIRM,
-      full_message,
+      message,
       base::string16(),  // default_prompt_text
       ShouldDisplaySuppressCheckbox(extra_data),
       true,        // is_before_unload_dialog
       is_reload,
       base::Bind(&JavaScriptDialogManager::OnDialogClosed,
                  base::Unretained(this), web_contents, callback)));
 }
 
 bool JavaScriptDialogManager::HandleJavaScriptDialog(
     content::WebContents* web_contents,
@@ skipping 87 matching lines @@
   // lazy background page after the dialog closes. (Dialogs are closed before
   // their WebContents is destroyed so |web_contents| is still valid here.)
   extensions_client_->OnDialogClosed(web_contents);
 
   last_close_time_ = base::TimeTicks::Now();
 
   callback.Run(success, user_input);
 }
 
 }  // namespace app_modal