Closed
Bug 388219
Opened 17 years ago
Closed 9 years ago
Rephrase "SuperfluousAuth" to ask the right question.
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: bugzilla, Assigned: bugzilla)
Details
Attachments
(1 file, 1 obsolete file)
2.47 KB,
patch
|
beltzner
:
review-
Biesinger
:
superreview+
|
Details | Diff | Splinter Review |
At the moment, the SuperfluousAuth dialogue asks for something different than it should, making the consequences of the decision not too clear. The difference is subtle, but should be fixed IMHO. Additionally, making this change makes it easier to localise at least in german.
Actual String:
SuperfluousAuth=You are about to log in to the site "%1$S" with the username
"%2$S", but the website does not require authentication. This may be an attempt
to trick you.\n\nIs "%1$S" the site you want to visit?
Proposed new string:
SuperfluousAuth=You are about to log in to the site "%1$S" with the username
"%2$S", but the website does not require authentication. This may be an attempt
to trick you.\n\nShould the credentials from "%2$S" be sent to "%1$S"?
Assignee | ||
Comment 1•17 years ago
|
||
Assignee: nobody → bugzilla
Status: NEW → ASSIGNED
Attachment #272395 -
Flags: superreview?
Attachment #272395 -
Flags: review?
Assignee | ||
Updated•17 years ago
|
Attachment #272395 -
Flags: superreview?(cbiesinger)
Attachment #272395 -
Flags: superreview?
Attachment #272395 -
Flags: review?(cbiesinger)
Attachment #272395 -
Flags: review?
Comment 2•17 years ago
|
||
I just fear you need to rename the ID of the string to something like SuperfluousAuth2 so that localizers are forced to retranslate it, as this is a semantic change.
Of course, this has to be done in the .properties as well as in http://mxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpChannel.cpp#3114
Assignee | ||
Comment 3•17 years ago
|
||
After further discussion via IRC it became clear that I misunderstood the original wording. However, it doesn't really reflect the intention of this dialogue: warning about a potential phish (see bug 232567) - so this bug is still valid.
This dialogue is only triggered by a URL containing a username pointing to a site not requiring authentication, so I think we should completely drop mentioning the username, as displaying a username like "www.ebay.com" may lead to premature clicks on [YES] by inattentive users.
Supplying new patch with revised, discussed text:
String ID changed to trigger new l10n.
Last sentence changed to facilitate german translation.
Attachment #272395 -
Attachment is obsolete: true
Attachment #272398 -
Flags: superreview?(cbiesinger)
Attachment #272398 -
Flags: review?(cbiesinger)
Attachment #272395 -
Flags: superreview?(cbiesinger)
Attachment #272395 -
Flags: review?(cbiesinger)
Comment 4•17 years ago
|
||
Comment on attachment 272398 [details] [diff] [review]
revised string and new string ID
I'll let beltzner review the new string
Attachment #272398 -
Flags: superreview?(cbiesinger)
Attachment #272398 -
Flags: superreview+
Attachment #272398 -
Flags: review?(cbiesinger)
Attachment #272398 -
Flags: review?(beltzner)
Comment 5•17 years ago
|
||
Comment on attachment 272398 [details] [diff] [review]
revised string and new string ID
I don't think we need to include detail about how it's trying to use a username, since that's really irrelevant to the attack we're trying to prevent.
How about:
SuperfluousAuth2=This link may be an attempt to trick you. Is %1$S the site you want to visit?
Attachment #272398 -
Flags: review?(beltzner) → review-
Updated•9 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•