Chrome 21 has changed their mixed script blocking UI:
http://blog.chromium.org/2012/08/ending-mixed-scripting-vulnerabilities.html
Now they use a shield in the URL Bar, which reminds me of IE's rendering
mode icon in their url bar. One of the ideas Asa proposed was to create
a similar broken/fix icon similar to IEs for Firefox's blocking mechanism.
Perhaps this means that the number of sites that have mixed script
content issues has reduced to a point where we don't need to interrupt
the user. But I don't have any concrete data to support that.
~Tanvi
On 7/30/12 2:00 PM, Tanvi Vyas wrote:
Moving this to dev-security.
Also looks like Safari (which isn't included in my linked table)
released Safari 6 last week. This is what EV and SSL certs look like
on Safari 6: http://cl.ly/image/1b1s0w1E2F2O. Not sure if they handle
the mixed content case.
On 7/23/12 5:53 PM, Tanvi Vyas wrote:
Hey,
I went through and observed the Mixed Content behavior or IE (since I
hadn't before) and have documented it here, along with Chrome's,
Firefox 14's, and Opera's behavior. Please see this link for a table
with the details:
https://www.evernote.com/shard/s200/sh/d057ce69-bf51-483a-9b13-8186a8f5fcef/f0bb8712965da0c8b21578146c6c0ff8
Looking through this, I am glad that we are uniform with Opera and
Chrome on the globe and the lock icons. I'd also like to unify the
Mixed Content Icons across browsers. Looks like IE and Opera haven't
figured out how to solve that problem yet either.
For our Mixed Content Blocker, we could include our "fix
this/insecure content" message at the bottom of the page (like IE
does). When clicked, we could make an animation that takes the users
eyes to the https and lock icon. We could cross out the https and
change the icon. Instead of the animation, we could always just draw
attention to the icon and the crossed out https by flashing it or
making it bigger for a couple seconds.
Has anyone come up with any other ideas of what the UI for Mixed
Content Blocking could look like? Brandon has finished his patch and
just needs to add some tests. If we can figure out the right UI, we
could land this in FF17.
Thanks!
~Tanvi
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
