Comment #3 on issue 7280 by hirsch.will: Security/feature: Show form action when hovering submit buttons http://code.google.com/p/chromium/issues/detail?id=7280
That's a pretty feeble argument. It's like saying that showing the URL of the current page in the address bar isn't important because phishing is an important problem. Today's security vulnerabilities, including clickjacking, are largely based on voluntary granting of privilege to malicious parties under false pretences. You can compile as comprehensive a blacklist as you like, but there will be some sites which slip the net. Yet for a phishing site, any reasonably informed user can recognise a malicious site straight away from its URL and withhold any sensitive information. It seems wholly logical, and also useful, to in the same way be able to see where a form is going to be submitted to when you click it. Yet for today's end user, this is impossible. Every other link, image and iframe can be inspected to see what URL they come from or go to, but a form can not. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
