Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(124)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/app_modal/javascript_dialog_manager.cc

Issue 1714573002: Remove the ability of webpages to specify strings for the onbeforeunload dialog. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | components/app_modal_strings.grdp » ('j') | components/app_modal_strings.grdp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/app_modal/javascript_dialog_manager.cc
diff --git a/components/app_modal/javascript_dialog_manager.cc b/components/app_modal/javascript_dialog_manager.cc
index 7c4db07af63ab2e967dcdb9e2dbb2dd659e6a4d5..73f89afdf025c5b505002e18597b9e110df26527 100644
--- a/components/app_modal/javascript_dialog_manager.cc
+++ b/components/app_modal/javascript_dialog_manager.cc
@@ -164,7 +164,7 @@ void JavaScriptDialogManager::RunJavaScriptDialog(
void JavaScriptDialogManager::RunBeforeUnloadDialog(
content::WebContents* web_contents,
- const base::string16& message_text,
+ const base::string16& /* message_text */,
bool is_reload,
const DialogClosedCallback& callback) {
ChromeJavaScriptDialogExtraData* extra_data =
@@ -179,13 +179,25 @@ void JavaScriptDialogManager::RunBeforeUnloadDialog(
return;
}
+ // Build the dialog message. We explicitly do _not_ allow the webpage to
+ // specify the contents of this dialog, because most of the time nowadays it's
+ // used for scams.
+ //
+ // This does not violate the spec. Per
+ // https://html.spec.whatwg.org/#prompt-to-unload-a-document, step 7:
+ //
+ // "The prompt shown by the user agent may include the string of the
+ // returnValue attribute, or some leading subset thereof."
+ //
+ // The prompt MAY include the string. It doesn't any more. Scam web page
+ // authors have abused this, so we're taking away the toys from everyone. This
+ // is why we can't have nice things.
+
const base::string16 title = l10n_util::GetStringUTF16(is_reload ?
IDS_BEFORERELOAD_MESSAGEBOX_TITLE : IDS_BEFOREUNLOAD_MESSAGEBOX_TITLE);
- const base::string16 footer = l10n_util::GetStringUTF16(is_reload ?
- IDS_BEFORERELOAD_MESSAGEBOX_FOOTER : IDS_BEFOREUNLOAD_MESSAGEBOX_FOOTER);
-
- base::string16 full_message =
- message_text + base::ASCIIToUTF16("\n\n") + footer;
+ const base::string16 message = l10n_util::GetStringUTF16(
+ is_reload ? IDS_BEFORERELOAD_MESSAGEBOX_MESSAGE
+ : IDS_BEFOREUNLOAD_MESSAGEBOX_MESSAGE);
extensions_client_->OnDialogOpened(web_contents);
@@ -194,7 +206,7 @@ void JavaScriptDialogManager::RunBeforeUnloadDialog(
&javascript_dialog_extra_data_,
title,
content::JAVASCRIPT_MESSAGE_TYPE_CONFIRM,
- full_message,
+ message,
base::string16(), // default_prompt_text
ShouldDisplaySuppressCheckbox(extra_data),
true, // is_before_unload_dialog
« no previous file with comments | « no previous file | components/app_modal_strings.grdp » ('j') | components/app_modal_strings.grdp » ('J')

Powered by Google App Engine
This is Rietveld 408576698