To Alert or Not To Alert
Like “Please confirm that you have read the terms and conditions before proceeding”
Or “Warning: this combination of medication is not advised for pregnant women”
So, the Web-based service keeps popping up these alerts and suddenly there’s a “helpful” checkbox on the alert that says “prevent this page from creating additional dialogs”. Tempting, isn’t it? You click it, and bye-bye alerts.
And possibly bye-bye your safety, your security, your failsafe, backup or whatever it was that the alert was trying to, er, alert you to.
During some testing tonight I encountered this “feature” and decided to see how much of my code would be affected. Quite a lot. The whole workflow suddenly lost all its safeguards and let the user blindly enter all kinds of erroneous data, which only got trapped at the very end by the final server-side checking. (Remember, we have a lot of pre-processing moved to client-side these days, and only retain the final server-side double-check for security reasons.) It still means that a smooth interactive workflow can become an unguided nightmare.
Daft, and I am not the only one who thinks it. A quick search found this: http://code.google.com/p/chromium/issues/detail?id=46140
Unfortunately, the document.location modification trick doesn’t work in FF4 (at least). Other workarounds such as the simulated mouse clicks will appear, but I suspect the anti-pop-up lobby will trample on such ideas pretty quickly.
Meanwhile, mainstream Web solution developers better get used to the idea that their trusty Alert() boxes are about to bite the dust. We may be forced to return to ye olde fashioned server-side mid-stream validation, or perhaps we could use some pseudo-alert boxes in the shape of absolute positioned regions. CSS to the rescue!
Categorised as: Security