Make the https:// green in the https ev case

RESOLVED WONTFIX

Status

()

defect
RESOLVED WONTFIX
7 years ago
4 years ago

People

(Reporter: curtisk, Assigned: jaws)

Tracking

Trunk
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [SecReview Action Item], URL)

Attachments

(2 attachments, 1 obsolete attachment)

Comment hidden (empty)
Blocks: 742419
No longer blocks: 744304
Component: Security Assurance → Location Bar
Product: mozilla.org → Firefox
QA Contact: security-assurance → location.bar
Version: other → Trunk
Summary: Make the https: green in the https ev case → Make the https:// green in the https ev case
Posted patch Patch for bug (obsolete) — Splinter Review
This patch makes https:// green when visiting a site using SSL-EV. The color that is used here is the same color that is used in the patch for bug 747608.

I don't know of a system color for green text, so I'm not sure how we can handle different OS themes/accessibility modes. Should we just disable the special coloring in these cases?
Attachment #621240 - Flags: review?(roc)
Attachment #621240 - Flags: review?(dao)
Attachment #621241 - Flags: review?(dao)
Comment on attachment 621240 [details] [diff] [review]
Patch for bug

Review of attachment 621240 [details] [diff] [review]:
-----------------------------------------------------------------

Why would we need to disable this? URLSECONDARY is already hardcoded to black so assumptions about the color of the URL bar are already baked in.
Attachment #621240 - Flags: review?(roc) → review+
(In reply to Robert O'Callahan (:roc) (Mozilla Corporation) from comment #3)
> URLSECONDARY is already hardcoded to black

No, it's based on the text color.
Comment on attachment 621240 [details] [diff] [review]
Patch for bug

some points:

- this makes the protocol green based on the current site's identity even if the location bar value is modified

- a11y and dark OS themes are a concern; not sure what we'd do about this

- I think we probably shouldn't make this change at all. We should have one clear indicator that the user can click to get more information. If what we have isn't clear enough, we should fix that rather than adding other vague hints without contextual information.
Attachment #621240 - Flags: review?(dao) → review-
Attachment #621241 - Flags: review?(dao)
(In reply to Dão Gottwald [:dao] from comment #5)
> - this makes the protocol green based on the current site's identity even if
> the location bar value is modified

This has been fixed in this version of the patch.

> - a11y and dark OS themes are a concern; not sure what we'd do about this

I changed the patch to no longer use the green color if there is a lightweight theme or non-default Windows theme enabled.
Attachment #621240 - Attachment is obsolete: true
Attachment #622127 - Flags: review?(dao)
Comment on attachment 622127 [details] [diff] [review]
Patch for bug v2

I still think we shouldn't do this.
Attachment #622127 - Flags: review?(dao) → review-
Comment on attachment 622127 [details] [diff] [review]
Patch for bug v2

What is the next step for this? Do we still want to do this, or should we mark this bug as WONTFIX?
Attachment #622127 - Flags: feedback?(shorlander)
Marking this as WONTFIX due to lack of feedback/replies on this bug.

If our current security indicator isn't doing a good enough job at letting users know that they are on HTTPS then we should fix the security indicator.

Making HTTPS green in the location bar can confuse users as to where to click to activate the identity doorhanger.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → WONTFIX
Attachment #622127 - Flags: feedback?(shorlander)
You need to log in before you can comment on or make changes to this bug.