Issue metadata
Sign in to add a comment
|
No way to prevent PDF from opening
Reported by
shawnkh...@gmail.com,
Feb 20 2017
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Steps to reproduce the problem: 1. Enable "Open PDF files in the default PDF viewer application" to prevent Chrome from opening PDF files directly 2. Right-click any link to a PDF and select 'save link as' What is the expected behavior? The file should download but NOT open. What went wrong? The file opens in the system default PDF viewer. Did this work before? Yes 54 Chrome version: 56.0.2924.87 Channel: stable OS Version: 10.0 Flash Version: PDF files are perhaps the most risky file format. As such, there's absolutely no good reason to force them to either open it PDF files in Chrome (which has had its own major PDF security issues - see 53.0.2785.89 for examples), *or* force them to open it in third-party PDF viewers that each have had their own security issues. Users need to be able to safely download PDF files and later decide whether they want to scan them for security issues or open the files on their own.
,
Feb 21 2017
Yes this has been recently fixed https://codereview.chromium.org/2683543002/ see the discussion in https://bugs.chromium.org/p/chromium/issues/detail?id=680202 which basically confirms the observations made in the bug report. We wanted to make the logic so that when you check the box to sue the external viewer the ease of reading pdf to be the same as when you are using the internal viewer. However we figured out this robs the user of the choice to open the file or not (in some cases even too aggressively) so until we can come up with better logic when to auto-open we reverted to letting the user decide (by using the download bar menu). |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by raymes@chromium.org
, Feb 20 2017Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Owner: pastarmovj@chromium.org
Status: Assigned (was: Unconfirmed)