New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 819647 link

Starred by 3 users
Status: WontFix
Owner: ----
Closed: Mar 2018
Cc:
sindhu.chelamcherla@chromium.org
viswa.karala@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug
Team-Security-UX



Sign in to add a comment

This is not safe - is still really safe!

Reported by nickmhut...@gmail.com, Mar 7 2018 
Chrome Version       : Google Chrome	65.0.3325.106 (Official Build) beta (64-bit)
                       Revision	342c4a432d6ccd473ef0c1282e6adff217a4f61a-refs/branch-heads/3325@{#616}

URLs (if applicable) : *.*.dev (local development environment)
Other browsers tested:
     Safari: n/a
    Firefox: n/a
       Edge: n/a

What steps will reproduce the problem?
(1) Have self signed cert for dev environment.
(2) Visit dev site (corporate environment)
(3) Get stuck on interstitial page with main error (NET::ERR_CERT_AUTHORITY_INVALID)
(4) Type 'badidea' or as the code now is : 'thisisnotsafe'

What is the expected result?
The warning to be bypassed.

What happens instead?
Absolutely nothing. (neither work)

I found in the source that the text has been replaced so that 'badidea' is no longer usable, but the new warning 'thisisnotsafe' doesn't seem to work either?!
This is my first bug report so apologies if something is off here.
Screenshot from 2018-03-07 15-48-55.png
191 KB View Download

Comment 1 by csharrison@chromium.org, Mar 7 2018

Components: UI>Browser>Interstitials

Comment 2 by susan.boorgula@chromium.org, Mar 7 2018

Labels: Needs-Triage-M65

Comment 3 by nov...@gmail.com, Mar 8 2018 

This has actually been sneakily changed to thisisunsafe rather than thisisnotsafe.

Check the commit here:
https://chromium.googlesource.com/chromium/src/+/d8fc089b62cd4f8d907acff6fb3f5ff58f168697%5E%21/

window.atob('dGhpc2lzdW5zYWZl') results in "thisisunsafe"

Comment 4 by nickmhut...@gmail.com, Mar 8 2018 

Those cheeky sausages!!

Still means the code is 'wrong' though IMO

Comment 5 by viswa.karala@chromium.org, Mar 9 2018

Labels: Needs-Feedback Triaged-ET
Thanks for filing the issue.

@Reporter: Could you please share a sample test file/URL which helps us in triaging the issue and also let us know on which OS you are facing this issue.

Comment 6 by nickmhut...@gmail.com, Mar 10 2018 

@Viswa.karala - Please refer to comment 3-

The commit in question sets it to a string 'thisisnotsafe' and then immidiately afterwards sets the string to window.atob('dGhpc2lzdW5zYWZl') - which resolves to thisisunsafe.

This is misleading, and I'm inclined to believe deliberately so, (maybe to stop crawlers from finding it and putting it into the public eye.
When I tried to type 'thisisunsafe' it then started working as 'expected'.

Would be nice to know if elawrence@chromium.org did this deliberately or not though.

Comment 7 by nickmhut...@gmail.com, Mar 10 2018 

actually - the reason I had issues is because.

The diff view was not clear to me as I am colour blind!! (the red and green wasnt easy to discern!)

The other reason I was confused is I thought the value was still 'badidea'!

Comment 8 by nickmhut...@gmail.com, Mar 10 2018 

Please  close >.<
Project Member

Comment 9 by sheriffbot@chromium.org, Mar 10 2018

Cc: viswa.karala@chromium.org
Labels: -Needs-Feedback
Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 10 by sindhu.chelamcherla@chromium.org, Mar 12 2018

Cc: sindhu.chelamcherla@chromium.org
Status: WontFix (was: Unconfirmed)
As per comment#8 closing this issue as wont-fix. Please feel free to open a new issue if you feel so.

Thanks!

Sign in to add a comment