Comment 16 for bug 68040

Netscape has never allowed untrusted content to pose modal dialogs. (Though it
does allow alerts. Huh.) It's an ancient decision. Once, early on in Mozilla
development, modal windows were accidentally allowed and there was a big
scramble by everyone to get them turned the heck back off. To think otherwise
was to have your sanity questioned.

Personally there are three things I don't want my browser doing: installing
trojan horses, stabbing me in the eyes with a fork, and putting modal windows in
my face. Mozilla is pretty well behaved on all three accounts, and I like that.
That said, the main objection is unrequested modal windows. It's possible we
could subject them to the same controls as popup windows: simply disallow them
as best we can unless they're initiated by an explicit user action, like clicking.

Mozilla's popup control is imperfect. It would still be possible for an
unscrupulous site to hammer a browser with a string of modal dialogs. (Why? I
can't figure that out, either. But I'm living in 1997, there.) If we decide it's
a good idea, allowing untrusted content to pose modal windows, it should
probably wait for a fix for bug 237317. Even then I'd probably want a pref in
the same vein as dom.disable_window_open_feature allowing an advanced user to
turn them completely off.

I think it's a possibility. I've added a few more Mozilla gawds to the cc: list.

PS: most Portuguese banks (apparently) have bad UIs. Tell them I said so.