Do you really want to leave this malware-serving page? No/No
- The Notifications API, if you're just popping up an event notification;
<dialog>tag for collecting user input; and;
- For researchers running cross-site-scripting proofs, there's devtool's
On mobile platforms, “if you need to save state, you should use the Page Visibility API”, the post adds.
The team's future plans include changing the
Finally, “We are investigating the possibility of gating alert()/confirm()/prompt()/onbeforeunload dialogs on site engagement, so if the user isn’t engaging with the page, the page’s dialogs will not be shown. Details have yet to be ironed out.”
Don't say you weren't warned. ®