Issue metadata
Sign in to add a comment
|
https:// is crossed out on a page that is marked dangerous due to malware |
||||||||||||||||||||||
Issue descriptionRepro: * Visit http://parkerly.com/sb-tests/testing_links.html * Click "bad-subresources" * Click back-to-safety or back, and the dangerous indicator will then appear, with red cross-out https. The scheme should probably not be crossed out, because there's not actually anything wrong with the connection.
,
Oct 26 2016
,
Dec 13 2016
,
Jan 4 2017
,
Jan 17 2017
https://cs.chromium.org/chromium/src/chrome/browser/ui/views/omnibox/omnibox_view_views.cc?l=609 const bool strike = (security_level_ == security_state::DANGEROUS); We could test if security_info.malicious_content_status != security_state::MALICIOUS_CONTENT_STATUS_NONE, but what happens if a site has both malicious content AND bad HTTPS? Does content_with_cert_errors_status note certificate problems for the main page itself, or only its subdownloads?
,
Mar 8 2017
This is a plumbing project of questionable value (pedantically, our behavior is "wrong" but making dangerous pages look extra dangerous isn't necessarily bad). The way to check for a certificate issue is to look at IsCertStatusError(security_info.cert_status). But the problem is that the omnibox code doesn't have a SecurityInfo, it only has the SecurityLevel that it grabbed via GetToolbarModel()->GetSecurityLevel(false). That model gets the answer from the ToolbarModelDelegate, which computes it from the SecurityInfo retrieved by the SecurityStateTabHelper for the current WebContents. ChromeToolbarModelDelegate::GetSecurityLevel().
,
Nov 10 2017
,
Feb 18 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ibrahimd...@gmail.com
, Oct 26 2016