Closed
Bug 252389
Opened 20 years ago
Closed 20 years ago
Content border and scrollbar inconsistent with Windows
Categories
(Firefox :: Shell Integration, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: nrlz, Assigned: bugs)
References
Details
Attachments
(2 files)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616 The default Firefox theme on Windows does not conform to the Windows scrollable component guidelines. The Firefox theme has the scrollable area at the same depth of the surrounding window and the scrollbars are raised above the window. Windows scrollable components, on the other hand, have a double inset border around the scrollable area. The scrollbar is then placed at the same depth of the content and inside the double inset border. This makes the scrollbar lower than the depth of the window. Ref: http://msdn.microsoft.com/library/en-us/dnwue/html/ch07d.asp Reproducible: Always Steps to Reproduce: Expected Results: The default Firefox theme on Windows should conform to the Windows look and feel with respect to scrollable components. A current workaround is to include this in the "userChrome.css" file: ==== vbox#appcontent { border-right: 1px solid ThreeDHighlight; border-bottom: 1px solid ThreeDHighlight; border-left: 1px solid ThreeDShadow; } tabbrowser#content { border-top: 1px solid ThreeDDarkShadow; border-right: 1px solid ThreeDFace; border-bottom: 1px solid ThreeDFace; border-left: 1px solid ThreeDDarkShadow; } ====
Comment 2•20 years ago
|
||
having a border in that situation is a usability loss, and not having the border is a deliberate design decision (since you can move the mouse to the edge of a maximized window and take action, instead of having to move slightly back). The Windows UI guidelines you linked don't say anything about styling, just functionality, which we match.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WONTFIX
How about removing the right edge border when the window is maximized and restoring it when not maximized? And only the right edge is affected by the scrolling; the top left and bottom can have borders like normal with no usability loss. Here's how to draw Windows component: "Field Border Style:... You can also use the style to define the work area within a window." http://msdn.microsoft.com/library/en-us/dnwue/html/ch14c.asp
I'm gathering that this won't be changed. What about the implications of a website faking the address bar or status bar? A sort of phishing attack. They could open a new window with no status bar and address bar with "window.open(,,'status=no,location=no')" and since the content area has no borders separating the webpage with the browser chrome, the user would not be able to tell the difference. The attacker could even fake the 'secure' icon in the taskbar and add a secure icon next to the address bar (FF 1.0 feature).
A demo. Works with the default Windows skin. Could be extended to sniff out other OSes and their default skins.
Comment 7•20 years ago
|
||
you could easily hack up a scrollbar to look the same anyway (using images+javascript), so the point is largely moot. If a 1px border is our best defense against phishing, we're in trouble. There are much better solutions coming through. (e.g. we are probably going to follow suit with IE's lead and not support status="no" (and make it a fixed part of the interface). oh, and ben doesn't read bugmail.
> oh, and ben doesn't read bugmail. I didn't know if anyone would be notified if I updated this post because I saw that the CC field was blank so I added the email from the "assigned to" box to the CC box. (I'm still not quite sure how the bugzilla thing works.) I couldn't see your email anywhere in the text boxes above so I don't know what happens. > you could easily hack up a scrollbar to look the same anyway (using > images+javascript), so the point is largely moot. My point wasn't that people could easily mimic the browser components, but that they could be made indistinguishable from the real thing; even to an expert. Normally an expert could identify something fake because it doesn't "flow" with the browser chrome. But since the chome in this case is undifferentiated, the expert could easily be fooled (unless if they were very sceptical and looked at the source.) > If a 1px border is our best defense against phishing, we're in trouble. This was an example of how phishing could be aided. Of course altering it wouldn't fix phishing totally. That's an unrealistic expectation since phishing is mainly caused by untrained users. I don't expect a 1px border to defend against phishing but it would allow the user to differentiate between web content and browser components when the line is deliberately blurred. Even if you don't think there are security repercussions (and I think there are), there are at least inconvenience repercussions. Banner ads could be made to look more like a browser dialog box. > There are much better solutions > coming through. (e.g. we are probably going to follow suit with IE's lead and > not support status="no" (and make it a fixed part of the interface). If the status bar is going to remain on screen, which I think is a good idea but too bad it isn't on by default, then so be it. Is the address bar also going to be visible by default?
*** Bug 296584 has been marked as a duplicate of this bug. ***
You need to log in
before you can comment on or make changes to this bug.
Description
•