Comments (15)
Just for clarification; I'd like to make text red and provide a warning icon for broken HTTPS like in Chrome, but Firefox does not provide a selector for that specific case.
Insecure forms now make text red and have a warning icon.
Please let me know what you think of these changes :)
from materialfox.
When looking at a normal HTTP site, the lock changes to an info icon like Chrome (please recommend users to enable
security.insecure_connection_text.enabled
for the "Not Secure" text - see PR #27).
Merged pull request so this should be working now, though it won't work for the broken HTTPS case.
However, when looking at a HTTP site with a password field, the info icon persists but the normal lock icon persists too, which is a huge security issue.
Fixed in d763d69.
I would recommend swapping the broken lock with the warning icon and when the icon exists, make the whole text red, like Chrome in October (also available now on broken HTTPS, FWIW).
Not sure this is possible in Firefox for the broken HTTPS case because it doesn't provide selectors for it. The only selector for it is .unknownIdentity
but this is also added for virtually every "insecure" case, including the plain old HTTP case, so I have no way to distinguish it. I should be able to do something about the HTTP password case though. Will tackle that a bit later.
from materialfox.
Not sure this is possible in Firefox for the broken HTTPS case because it doesn't provide selectors for it.
Oops, I meant the broken HTTPS on Chromium, as in the red indicator can already be viewed without waiting for October.
The only selector for it is
.unknownIdentity
but this is also added for virtually every "insecure" case, including the plain old HTTP case, so I have no way to distinguish it.
.insecureLoginForms
, no?
I should be able to do something about the HTTP password case though. Will tackle that a bit later.
You could just replace the broken lock with the red triangle for now.
from materialfox.
I guess Firefox doesn't provide that as they don't want to make the indicator and full-page warning conflict (so people wouldn't think that the warning is not secure) . I recall that the broken lock should still appear when you ignore the full-page warning.
from materialfox.
https://wrong.host.badssl.com/ still won't feature any "Not secure" text purely because Firefox doesn't add it to the DOM but the correct icon and colour should be shown throughout.
from materialfox.
I've tested b33f56f under each scenario described here and many more:
unknownIdentity
verifiedIdentity
verifiedDomain
mixedActiveBlocked
mixedDisplayContent
mixedDisplayContentLoadedActiveBlocked
certUserOverriden
mixedActiveContent
insecureLoginForms
chromeUI
extensionPage
And it behaves as closely as possible to Chrome. I'll close this but feel free to open if there's something I've missed or it requires further discussion.
from materialfox.
On 63.0b9 as of 8ca2049, HTTP passwords are displayed the same as other HTTP sites . When forcing the broken padlock for all HTTP (security.insecure_connection_icon.enabled
), the info icon resets to the Firefox one.
I cannot reopen the issue, so I hope you see this regardless.
Edit: same Firefox info icons appear on extension-defined pages, such as settings.
from materialfox.
That commit fixed the Firefox-style info icons with the mentioned flag enabled but not extension pages (e.g. uBlock Origin settings), which display both the Fx info icon and extension icon.
Also there is still no more red triangle on HTTP passwords, is your goal to be consistent with current stable Chromium? (so I'd assume you'll add it when version 70 gets released)
from materialfox.
I'm on 70.0.3538.35 and I don't see a red triangle for HTTP passwords. Is there something I'm missing?
from materialfox.
Oh I see, it's hidden behind chrome://flags/#enable-mark-http-as
Enabled (mark as actively dangerous)
. Is this going to become the default at some point? Because currently, the default in 70 is to display the grey "Not secure" text with the info icon, not red warning icon and text.
from materialfox.
Not sure how development versions work, but stable will add a red triangle when writing text to any HTTP input. Since Firefox does not currently check for that, the best you can do (without an extension) is make it work the way it already does - marking HTTP pages with password fields insecure.
You can test it now by setting the flag to
(mark with a Not Secure warning and dangerous on form edits)
.
from materialfox.
Warning icon will now appear for HTTP passwords in Firefox.
from materialfox.
Can confirm it working now.
The setting security.insecure_connection_icon.enabled
doesn't change anything now, but it is a hidden, default-disabled setting anyway...
You can support it if you prefer, but I believe Chromium will change the "Not Secure" default to red triangle soon anyway (rumored early next year), so it could be the default as a part of this theme too.
from materialfox.
I should probably support that pref but not sure if I can be bothered. I'll have a think about it.
from materialfox.
I'll leave it as is and close this issue.
from materialfox.
Related Issues (20)
- Speaker icon is on top of the favicon HOT 1
- favicon not visible in pinned tabs that show the playing/muted audio icon. HOT 1
- FF89: Tabs are "bugging" if I pin one and open many HOT 2
- search bar icons much smaller than intended HOT 3
- e
- Some Context Menu Items on Video Elements Have Pointer-Events Disabled
- Loading animation HOT 6
- FF94.0.2 (x64): Tabs have unnecessary space above them when window is maximized HOT 2
- [Feature/element] broken when [doing something] HOT 1
- FF 97: Tab heights HOT 1
- Kodeak~ HOT 2
- Window close/minimize buttons got a margin HOT 1
- [Feature/element] URL bar completely white HOT 24
- How can I make my search bar rounded/circled same as Material Fox does? HOT 3
- Images on home page HOT 1
- [Feature/element] broken when [doing something]
- Address bar totally broken on any dark theme HOT 4
- URL Address Text has incorrect vertical padding while focused after opening new tab. HOT 1
- Is this project dead? HOT 16
- URLBar not centralized HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from materialfox.