But more importantly, Gatekeeper tracked origin history . If evil.com tried to open a pop-up, then that pop-up tried to open another pop-up, the token chain fractured. The second pop-up required a new user gesture.
Jenna rubbed her eyes. She was the sole keeper of “Hermes,” Safari’s content-blocking engine. For three years, it had been flawless. But tonight, the web had learned a new trick.
But for now, on this Mac, the pop-ups stayed dead. pop up blocker apple mac
Instead of a simple on/off flag for user interaction, Gatekeeper used a decaying token system . Every click, tap, or keypress granted a token. That token had a half-life of 500 milliseconds. To open a pop-up, a script needed a token freshness above 90%.
“Clever,” she muttered. “Evil, but clever.” The fix couldn’t be a patch. It had to be a fundamental rewrite of how Safari interpreted “transient user activation.” But more importantly, Gatekeeper tracked origin history
Silence. At 6:00 AM, the sun bled through her window. She pushed the code to the internal review branch.
Window after window spawned. Nested iframes. Redirect chains. Fake system dialogs. A casino ad that sang opera. A "Your Mac has 3 viruses" alert that pulsated like a heartbeat. Safari was drowning. Jenna rubbed her eyes
She smiled. Got up. Made coffee. And waited for the next Slack ping.