[elktea]

What's a legit use for this?

[jdmichal]

Examples from TFA:

* Web-based REPL or IDE environments, where the iframe is typically the primary user interaction space.

* Paid third-party website embedded into an internal website.

* Hosted JS content such as Kongregate games.

* Frames wrapping older webapps as part of an evolutionary uplift plan.

[masswerk]

So everybody has to write or to add some kind of UI-kit and use async-await or callbacks. The loss of a blocking state for that particular thread is in practice the only result of this (besides breaking a lot of backward compatibility).

However, the loss of system dialogs in favor for custom UI-kits implemented in the DOM is a major attack on accessibility.

Edit, regarding backward compatibility: A sustainable web-stack is really of major concern. For some decades now, most of human creativity and content production has been published on the Web, much of this exclusively so. Backward compatibility is important, if we don't want to leave a singular black hole as our legacy and as the heritage of future generations. For us as a society, as a culture, this is of much more importance than adding yet another fancy capability to the standard. – As it turns out, the singularity is not artificial superintelligence (ASI), but the evergreen browser and rolling web standards (EGB-RWS).

[stefan_]

Those are not "use cases". What is being blocked here is alert. It's like I need to put "that also calls alert" at the end of every example you put forward.

[donatj]

It's not just alert, it's also confirm which I think it's a perfectly legit popup, and you see it a lot for navigation with unsaved changes.

[kkirsche]

Penetration testing proof of concept XSS code. We commonly use alert to demo that it is executing code. Certainly there are other options, it’s just a common tool for many testers.

[IncludeSecurity]

https://portswigger.net/research/alert-is-dead-long-live-pri...

[bawolff]

True, however when people pop an alert from a cross origin iframe for a bug bounty, 80% of the time they're pretending to be on the parent origin when they aren't and get sad when their report is rejected.

[bawolff]

Occasionally people use it for print debugging... but realistically its 99% malvertising.

[oauea]

To show an alert to the user

[merb]

repl.it which uses an iframe and it might be good to showcase prompt

[protoduction]

I'm building https://starboard.gg, it has the same issue. The iframe is important for sandboxing user code, and alert is often used in tutorials (despite being bad practice, it's intuitive for beginners).

[TheRealPomax]

It'd hardly be even minor effort for the repl.it folks to just include a file in their sandbox loader that gives folks a normal, modern modal when some JS contains prompt() or confirm().

Remember: it's not about whether it's useful, it's about whether there isn't a better way to do it, because it's useful. In this case: yeah, absolute. There are way better ways.

[shakna]

prompt & confirm are native, and so automatically and correctly work with all your accessibility software.

Most "modern" modals struggle to correctly inform a screenreader, let alone all the other accessibility tools.

So yes, I would say that 'confirm' is a far better way of doing it.

[ponny]

In our app we use this as a simple way to notifiy the user of rare, exceptional errors. E.g. Network errors, being out of sync with the backend.

[protomyth]

I think some Moodle plugins use it.