Status: Assigned Owner: [email protected] Labels: Security OS-All Pri-3 Type-Feature Area-Misc
New issue 26032 by lcamtuf: Security feature: add "view in a sandbox" option for SSL errors http://code.google.com/p/chromium/issues/detail?id=26032 Copying discussion from issue 25728; Adam volunteered to investigate this a bit more: "I think the whole model of interstitials / blocking is flawed, because it (temporarily) stops people from doing what they wanted to based on a signal that most of the time is a false positive (and with fairly convoluted security consequences because of SOP and caching), but offers them no plausible alternative. The only nice solution I can think of is offering a third alternative to "go back to disney.com" and "visit and be immediately owned". One possibility is letting the user view a dangerous page in a separate renderer (no DOM access) with a separate cache / cookie jar, essentially a rebranded incognito mode - with a red browser frame and other window chrome prominently indicating that the page is not safe, and the user should not log in or enter sensitive information. [...] I'd love seeing it done one day, somewhere... since it could essentially reuse the incognito mode and existing separation models of Chrome, there is very little downside?" -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
