Issue metadata
Sign in to add a comment
|
Chrome Home displays Page Info entirely in a spoofable viewport region. |
||||||||||||||||||||||||
Issue descriptionChrome Version: 59.0.3055.0 OS: Android 7.1.1 Device: Nexus 5X What steps will reproduce the problem? (1) Visit google.com with chrome://flags/#enable-chrome-home (2) Click on the lock icon. What is the expected result? Page Info appears over the URL bar. In particular, the URL in Page Info appears directly over where the omnibox URL used to be. What happens instead? Page Info appears in the viewport. This is trivial to spoof. Spoofing Page Info can allow a site/URL to pretend to be another, or to pretend it's using fewer permissions than it actually is. (We darken the rest of the screen, but no one would notice if only a page darkens itself.) Now, a page can't intercept a tap on the lock icon, and probably can't easily guess when you're about to. However, the old UI anchored at the top made the location of trusted UI unmistakable.
,
Mar 30 2017
I'm struggling to think of alternatives other than: - Cover the whole page - Put it at the bottom (with variable height) Neither puts the popup's URL over the original URL bar without significant rethinking, and I don't think there's time to spec and implement a flipped Page Info. felt@, emilyschechter@: Any thoughts? Or maybe just WontFix, because graying everything behind the Page Info popup is good enough?
,
Mar 31 2017
,
Mar 31 2017
,
Apr 3 2017
,
Apr 6 2017
Idea: if we anchor/epxand Page Info to to the top of the omnibox, we can point at it, similar to Issue 709224 (Add a triangle pointing to the security indicator for Android permissions prompts in Chrome Home)
,
Nov 10 2017
,
Feb 14 2018
Similar to crbug.com/707056 , is this interface still being experimented with? Otherwise this also seems like a Won'tFix.
,
Feb 14 2018
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by lgar...@chromium.org
, Mar 30 2017