dwx wrote: > > Jesse Ruderman wrote: > > > > We should consider getting rid of the "insecure form submission" > > dialog.
Are there any legal issues if we do? > > Is the dialog useful for getting users to check for the > > "lock" icon before typing sensitive data, The alert doesn't mention the lock icon at all. If Mozilla was a native app, the alert could visibly zoom into the lock icon when it was closed. >... > > (Text of dialog: "The information you have entered is to be sent > > over an unencrypted connection and could easily be read by a third > > party. \n\n Are you sure you want to continue sending this > > information?") Last year I suggested: `On an insecure site such as this one, any information you send could be read by a third party. You should avoid sending private information such as credit card numbers or important passwords.\nDo you want to continue sending this information?' This was longer, but intended to be a first-time-only alert as opposed to the current every-time alert. Then a professional tech writer got involved, which is why (for example) the checkbox text in many of those alerts ends in a `.' when it should not. >... > we do need some means to strongly differentiate different types of > alert dialogs, perhaps by icons. Currently we can't, because the nsIPrompt API is broken <http://bugzilla.mozilla.org/show_bug.cgi?id=95649>. That's why, for example, the PSM alert to tell you that your connection is safer than usual (i.e, that it's encrypted) has a `danger! danger!' icon. >... > > Could we replace this dialog with a one-time dialog like the > > password manager intro dialog, or change the checkbox to be > > unchecked the first time the user sees the dialog? But then who would ever check it? > There's already a checkbox for "don't bother me next time" or > something like that for most alert dialogs. It would appear that dwx did not read the comment to which he/she was replying. -- Matthew `mpt' Thomas, Mozilla UI Design component default assignee thing <http://mpt.phrasewise.com/>
