もっと詳しく

Google Chrome will disable JavaScript functions like alert() and confirm() inside cross origin-frames,” reports Inside.com’s developer newsletter.

“As this is a breaking change, developers are encouraged to update their apps and debugging tools before the update.”

A Chrome engineering team member said the team is disabling alert() to protect users from being tricked by scammers. Some are complaining this has already affected programming tutorials and Javascript learning sites that sandbox user-provided code in cross-origin frames. For those affected by the changes, Chrome advises the following:

– Get a few months’ extension by signing up for the “reverse origin trial” so you can temporarily opt out of the change.
– Check out the enterprise policy.

The move has sparked controversy:

– One Discord engineer criticized the fact such a major breaking change is happening without extensive discussion on the matter.

– Another Twitter user echoed the sentiment of many when he argued the move will just hurt those who can’t easily update sites while encouraging attackers to use pseudo alert functionality.

One of Google’s Chrome engineers explained on Twitter that “Major browser vendors are generally aligned about wanting to move the platform away from alert() and friends, even though it will unfortunately involve some breakage…

“On breakage in general — breaking changes happen often on the web, and as a developer it’s good practice to test against early release channels of major browsers to learn about any compatibility issues upfront.”

Read more of this story at Slashdot.