For the CodePen use case, it would be easy enough to shim a message channel that directs to the top iframe for prompt/alert calls. This is used FAR more often for malicious code delivered via ad networks... tbh, I would love an option to simply disable JS entirely for content 3+ iframes deep so I get the PoV of the browser developers on this.
There are work arounds that can be done... I'd rather see them done and let that be the end of it. With appropriate notice... but so few actually pay attention, that it will still bite most in the ass in the end anyway.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
For the CodePen use case, it would be easy enough to shim a message channel that directs to the top iframe for prompt/alert calls. This is used FAR more often for malicious code delivered via ad networks... tbh, I would love an option to simply disable JS entirely for content 3+ iframes deep so I get the PoV of the browser developers on this.
There are work arounds that can be done... I'd rather see them done and let that be the end of it. With appropriate notice... but so few actually pay attention, that it will still bite most in the ass in the end anyway.