Proposal: Deprecate alert(), confirm(), prompt()


Proposal: Deprecate alert(), confirm(), prompt()


The alert(), confirm() and prompt() APis are more and more being used in malicious ways [7][8], such as keeping a user on the page and not allowing them to leave, mainly by web scams, or abusive advertising (usually by looping the alert box).
On Chrome (iOS) the situation was so bad i would have to restart the phone, as re-opening the browser would just reload the page. I belive this has now been fixed[1]

These dialogs are synchronous in their nature which means the javascript engine needs to pause until a response is obtained, sometimes locking up the whole browser. There is work being done to seperate such tasks, however on some phones the whole browser still locks up.

Chromium’s latest policy no longer condones the usage of these Apis either[2]

Test Case

Here i haven’t included an infinite loop, but only 6 iterations to show what happens.

What is being done?

Chromium have blocked alerts() from being called in an unload handler[3] but this isn’t enough, pages have got around this by starting the loop once you enter the page.
Chrome iOS have now added a supress option in their browser[1]
Window.showModalDialog() has been deprecated and removed in hrome 43, and Firefox 55. [4]


The Notifications API[5] is very useful and should be used for notifiying the user of events, and has good basic support across all modern browsers. For those needing to gain user input [6] should be used instead. I understand dialog is not well supported across modern browsers yet, Google have provided a polyfill untill this is the case

Having dialogs native in the browser should reduce the concern of overhead (needing scripts, plugins just to show a confirmation/alert box).

With these alternatives in place, and a comprehensive set of tools in the web ecosystem i believe there is no need to ever use these APIs anymore and thus should be deprecated from the specification

Issue posted here:



Chromium also is investigating making dialogs not block things. This is Project Oldspice.

The Notifications API isn’t always a good replacement. It’s highly dependent on the cases where you should use native notifications compared to in-page ones.

The Dialog element is the best choice to encourage more. It has the ability to provide the same type of experience to users that the current experiences offer. So the existing training of users carries directly over.


I agree these should be deprecated, but absolutely not until dialog has widespread support (without a polyfill). Even Chrome’s native implementation could be improved in a few ways.

FWIW, I did have an idea recently that would override alert, confirm, and prompt by using dialog elements. I haven’t gotten around to it, but can certainly do so if people are interested.

Also, I’m not sure notifications are an appropriate replacement for alert. Notifications also require permission from the user in most (all?) browsers.


Deprecation could go forward just fine even without widespread dialog element support. Deprecation doesn’t mean it is immediately removed. It’s more of a nudge to get users to stop using it and take up alternatives. Later, in this case way later, when usage is low enough then browsers can remove things if they desire. I mean, <center> is still implemented and it has been deprecated for a good while.