“Okay, you bastards,” she whispered, cracking her knuckles. “Let’s dance.” Jenna dove into WebKit’s source code. The old blocker used a simple heuristic: Is this action triggered by a user click? If yes, let the window open. If no, kill it.
She spent the next two hours building an exception—a trusted origin list for authentication providers. It felt like a treaty. A necessary compromise. By 9:00 AM, the build was green. She wrote the commit message: Gatekeeper v2: Implements time-decaying user activation tokens. Blocks synthetic gesture chains. Preserves OAuth flow via trusted origin allowlist. Closes #9074 (the pop-under casino apocalypse). She closed her laptop. pop up blocker apple mac
She tested it. The casino ad tried its cascade. Pop 1: blocked. Pop 2: blocked. The fake virus alert tried to spawn a system dialog. Gatekeeper recognized the missing certificate chain and buried it. If yes, let the window open
The opera-singing casino ad froze mid-aria. It felt like a treaty
But more importantly, Gatekeeper tracked origin history . If evil.com tried to open a pop-up, then that pop-up tried to open another pop-up, the token chain fractured. The second pop-up required a new user gesture.
The Slack notification pinged at 11:47 PM.