New issue
Advanced search Search tips

Issue 875833 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Aug 20
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Security



Sign in to add a comment

Google chrome https secure

Reported by yigitcny...@gmail.com, Aug 20 
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36

Steps to reproduce the problem:
1. Go https://mixed-script.badssl.com/
2. Please look at the web page (secure or not secure ?)

What is the expected behavior?
Google Chrome should mark this page as "not secure". There is "http" content in the site. 

What went wrong?
Google chrome has marked the page as secure

Did this work before? Yes 68.0.3440.106

Chrome version: 68.0.3440.106  Channel: stable
OS Version: 10.0
Flash Version: 

Demo 2:
https://jsfiddle.net/5hzmkcg8/
aa.png
74.8 KB View Download
Adsız.png
184 KB View Download

Comment 1 by kenrb@chromium.org, Aug 20 

Thanks for the report.

Did the script actually run for you? I think the page is marked secure because the script was blocked from loading over HTTP.

Comment 2 by yigitcny...@gmail.com, Aug 20 

Hello,
Thank you for contact. I did not reproduce this issue. if I reproduce this problem again I will communicate

Best regards,

Comment 3 by carlosil@chromium.org, Aug 20

Status: WontFix (was: Unconfirmed)
From the screenshot it looks like the script did not run, since the mixed content shield is present, and that particular badssl site changes the background to red once the script runs.
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 27

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment