I don't understand why this is a security bug if the only problem here is that we present a button? The error cannot be actually bypassed, is that correct? Sebastian, yeah I don't think you can (but I need to double check). The solution for all these problems is a chrome-only API that can let you know when an error is overridable or not (see Bug 1696841 Comment 15 and later)
Bug 1721220 Comment 4 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
~~I don't understand why this is a security bug if the only problem here is that we present a button? The error cannot be actually bypassed, is that correct?~~ I see the `includeSubDomains` can be actually bypassed. Sebastian, yeah I don't think you can (but I need to double check). The solution for all these problems is a chrome-only API that can let you know when an error is overridable or not (see Bug 1696841 Comment 15 and later)
~~I don't understand why this is a security bug if the only problem here is that we present a button? The error cannot be actually bypassed, is that correct?~~ I see the `includeSubDomains` can actually be bypassed. Sebastian, yeah I don't think you can (but I need to double check). The solution for all these problems is a chrome-only API that can let you know when an error is overridable or not (see Bug 1696841 Comment 15 and later)