Thanks for Bug 61098 fix... Now we can stop the run away script with alert/confirm/prompt But for evil websites there is a technique to circumvent bug 61098 fix. See attachment alert_trap.html

i checked the nightly build and this bypassed the checkbox style dialog suppression (as well as all the addons i've tried). i've also tested with chromium and it suppresses dialogs across automatic reloads (not across manual reloads). it seems like a good idea to look into how chromium does this and implement it's method. forwarding via meta tags (to itself) may also bypass the fix.

1.9.1 and 1.9.2 are unaffected since bug 61098 hasn't been fixed on those releases. I wonder how fast this can work, iow how fast the reload is for a page in the cache with a picture and some text...

alert/confirm/prompt all can circumvent bug 61098 fix using this technique. I have not created test for alert() just because once somebody accidentally goes in, it will be difficult to come out.

Not blocking on this. If someone provides a safe patch it will be considered though.

(In reply to comment #1) > i checked the nightly build and this bypassed the checkbox style dialog > suppression (as well as all the addons i've tried). The RightToClick extension: https://addons.mozilla.org/en-US/firefox/addon/12572/ deals with it correctly.