Issue metadata
Sign in to add a comment
|
USB notification bubble: RTL text gets intermingled with URL. |
||||||||||||||||||||||||
Issue descriptionChrome 63.0.3218.0 macOS 10.12.6 What steps will reproduce the problem? (1) Start Chrome in Hebrew (2) Plug in a WebLight, or add a device at chrome://usb-internals/ with the URL https://sowbug.github.io/weblight. What is the expected result? A notification bubble that shows a URL correctly. What happens instead? "/sowbug.github.io [Hebrew text] weblight." (Only tested on Mac so far.) Most security surfaces show origins instead of URLs (thanks for you work on that, palmer@!), which means that they don't face this issue. Conservatively filing as a security bug due to possible spoofing avenues.
,
Oct 10 2017
This is not normal security UX. This is a suggestion to navigate to a URL. I think it's an open question whether, if we are suggesting the user navigate to a URL, we display the whole URL or just the origin. For brevity we already elide the scheme since it will always be https. I'm not completely familiar with RTL conventions and the design for notifications in RTL languages but it seems odd to me that the text remains left-justified.
,
Oct 10 2017
,
Oct 10 2017
,
Oct 11 2017
,
Oct 13 2017
> I think it's an open question whether, if we are suggesting the user navigate to a URL, we display the whole URL or just the origin. For brevity we already elide the scheme since it will always be https. Our standard advice for a surface like this is to use FormatUrlForSecurityDisplay: https://cs.chromium.org/chromium/src/components/url_formatter/elide_url.h?l=108&rcl=544d6a4291ce7f16b43051a7ed5d174413caf154
,
Oct 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/85797cdfc0d98309f920ae29f7f6f21321895ba8 commit 85797cdfc0d98309f920ae29f7f6f21321895ba8 Author: Reilly Grant <reillyg@chromium.org> Date: Mon Oct 16 18:10:12 2017 Use FormatUrlForSecurityDisplay in WebUSB notification This patch switches from using GURL::GetContext() to url_formatter::FormatUrlForSecurityDisplay(OMIT_CRYPTOGRAPHIC) when formatting the landing page URL for display in the WebUSB notification. This means the path will no longer be displayed. For the time being we believe this will be less confusing for users. Bug: 773161 Change-Id: Ic32f2483b7316af21d3ec2521dd2483d4b00fd11 Reviewed-on: https://chromium-review.googlesource.com/720248 Reviewed-by: Lucas Garron <lgarron@chromium.org> Commit-Queue: Reilly Grant <reillyg@chromium.org> Cr-Commit-Position: refs/heads/master@{#509108} [modify] https://crrev.com/85797cdfc0d98309f920ae29f7f6f21321895ba8/chrome/browser/usb/web_usb_detector.cc [modify] https://crrev.com/85797cdfc0d98309f920ae29f7f6f21321895ba8/chrome/browser/usb/web_usb_detector_unittest.cc
,
Oct 16 2017
Closing this issue as the displayed URL should no longer be wrapped in a way that could be confusing. The remaining question of whether the text in the notification should be right- or left-justified is tracked in issue 774746.
,
Oct 17 2017
,
Dec 4 2017
,
Jan 22 2018
,
Jan 23 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 27 2018
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by lgar...@chromium.org
, Oct 10 2017