Replace the following three WebUIDelegate protocol methods with versions which use a listener to indicate the result of user interaction (like the related WebUIDelegate protocol method webView:runOpenPanelForFileButtonWithResultListener: does) instead of a return value: webView:runJavaScriptAlertPanelWithMessage: webView:runJavaScriptConfirmPanelWithMessage: webView:runJavaScriptTextInputPanelWithPrompt:defaultText: This would allow the JavaScript alert, confirmation, and text input panels to be implemented as sheets rather than modal dialogs. Firefox, for example, implements JavaScript alerts as sheets rather than modal dialogs, which I think is more sensible and has several advantages over Safari's implementation. With the current WebUIDelegate protocol, when a modal dialog is used for JavaScript alerts, malicious (or buggy) JavaScript can hijack your entire application by programmatically spewing forth an endlesss sequence of alert boxes, not even allowing you the opportunity to quit your application.
Sorry for posting again, but I found a little bit of information I missed before. It seems that there are already plans to deprecate the three methods I mentioned in favour of replacements, as noted here: http://www.opendarwin.org/pipermail/webkit-changes/2005-November/001409.html Perhaps their replacements can be changed to work more like webView:runOpenPanelForFileButtonWithResultListener: (by using a listener instead of a return value)? I find it highly undesirable that an application that uses a WebView can be completely taken over by that WebView, even if the WebView is only used as a very minor part of the application.
This is resolved in the Modern WebKit API, where the equivalent WKUIDelegate methods all pass the delegate a completion handler.