Comment #4 on issue 7280 by [email protected]: Security/feature: Show form action when hovering submit buttons http://code.google.com/p/chromium/issues/detail?id=7280
The difference is that the location bar is a security feature and therefore accurately displays the URL of the current page. The status bar, by contrast, is not a security feature and cannot be relied upon to solve a security problem like ClickJacking. For concreteness, suppose we made this change and you diligently vetted the status bar before every mouse click. What stops the page from positioning a benign hyperlink under your mouse (which you vet using the status bar) and then moving the link out of the way just as you click? There is an inherent time-to-check-time-to- use vulnerability in this approach. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
