Status Update
No update yet.
Comments
[Deleted User] <[Deleted User]>
Does it reproduce on other OS?
Is it a dialog box from Linux or from Chrome?
Is it a dialog box from Linux or from Chrome?
va...@chromium.org
I have not tried to reproduce on other OS.
This is Chrome's dialogue, the string used can be found under IDS_EXTERNAL_PROTOCOL_INFORMATION in Chromium code.
This is Chrome's dialogue, the string used can be found under IDS_EXTERNAL_PROTOCOL_INFORMATION in Chromium code.
va...@chromium.org
Flagging for Security UX, because the information in the dialogue is security related, and to me it looks like a UX issue.
me...@chromium.org
Yes, this is a wall of text. For comparison, Firefox asks what application you want to use to open this type of link. See the attached the screenshot. Can we mimic that?
fe...@chromium.org
Oof, that is a mess. Hannah, can you get a designer to come up with a mock for an improved version of this dialog? I like the Firefox one that meacer posted, for reference, although it might be nice to have the domain of the target link in the dialog (which the Firefox one doesn't have).
Anyone know who "owns" these protocol handler dialogs?
Anyone know who "owns" these protocol handler dialogs?
va...@chromium.org
avi@ seems to have introduced this 4 years ago. Citing from his CL https://codereview.chromium.org/256065 :
"There's a lot we can do to improve the UI here (three paragraphs of info text is
waaaay too much)." :)
"There's a lot we can do to improve the UI here (three paragraphs of info text is
waaaay too much)." :)
fe...@chromium.org
vabr@ - Ha, what a find! I'm confused, though, that CL isn't marked as having landed... has the codereview site changed in the last 4 years?
va...@chromium.org
Yeah, some time ago the commit was not marked as a part of the CL summary, I believe.
The corresponding revision is r28145, the CL is linked from there.
The corresponding revision is r28145, the CL is linked from there.
ha...@chromium.org
[Empty comment from Monorail migration]
pa...@chromium.org
Pretty sure this is OS-All. From chrome/browser/ui/external_protocol_dialog_delegate.cc:
31 base::string16 ExternalProtocolDialogDelegate::GetMessageText() const {
32 const int kMaxUrlWithoutSchemeSize = 256;
33 const int kMaxCommandSize = 256;
34 base::string16 elided_url_without_scheme;
35 base::string16 elided_command;
36 gfx::ElideString(base::ASCIIToUTF16(url().possibly_invalid_spec()),
37 kMaxUrlWithoutSchemeSize, &elided_url_without_scheme);
38 gfx::ElideString(command_, kMaxCommandSize, &elided_command);
39
40 base::string16 message_text = l10n_util::GetStringFUTF16(
41 IDS_EXTERNAL_PROTOCOL_INFORMATION,
42 base::ASCIIToUTF16(url().scheme() + ":"),
43 elided_url_without_scheme) + base::ASCIIToUTF16("\n\n");
44
45 message_text += l10n_util::GetStringFUTF16(
46 IDS_EXTERNAL_PROTOCOL_APPLICATION_TO_LAUNCH,
47 elided_command) + base::ASCIIToUTF16("\n\n");
48
49 message_text += l10n_util::GetStringUTF16(IDS_EXTERNAL_PROTOCOL_WARNING);
50 return message_text;
51 }
I.e. the long strings are applied in an OS-generic way.
31 base::string16 ExternalProtocolDialogDelegate::GetMessageText() const {
32 const int kMaxUrlWithoutSchemeSize = 256;
33 const int kMaxCommandSize = 256;
34 base::string16 elided_url_without_scheme;
35 base::string16 elided_command;
36 gfx::ElideString(base::ASCIIToUTF16(url().possibly_invalid_spec()),
37 kMaxUrlWithoutSchemeSize, &elided_url_without_scheme);
38 gfx::ElideString(command_, kMaxCommandSize, &elided_command);
39
40 base::string16 message_text = l10n_util::GetStringFUTF16(
41 IDS_EXTERNAL_PROTOCOL_INFORMATION,
42 base::ASCIIToUTF16(url().scheme() + ":"),
43 elided_url_without_scheme) + base::ASCIIToUTF16("\n\n");
44
45 message_text += l10n_util::GetStringFUTF16(
46 IDS_EXTERNAL_PROTOCOL_APPLICATION_TO_LAUNCH,
47 elided_command) + base::ASCIIToUTF16("\n\n");
48
49 message_text += l10n_util::GetStringUTF16(IDS_EXTERNAL_PROTOCOL_WARNING);
50 return message_text;
51 }
I.e. the long strings are applied in an OS-generic way.
me...@chromium.org
[Empty comment from Monorail migration]
me...@chromium.org
The new dialog should also have a link to the protocol handler settings dialog: chrome://settings/handlers#manage%20handlers
Seehttps://crbug.com/chromium/119438 for the discussion about that dialog.
See
me...@chromium.org
There is another request in https://crbug.com/chromium/161492 to make the external URL copyable. It would be good if the new dialog added this too.
me...@chromium.org
[Empty comment from Monorail migration]
[Deleted User] <[Deleted User]>
[Empty comment from Monorail migration]
[Deleted User] <[Deleted User]>
I am seeing this problem too. I do not see this dialog on Chrome OS.
I am changing the Save to Google Drive extension to use OAuth 2 with the chrome.identity API.
I don't think I should be seeing this dialog at all. It pops up right after the authorizes the OAuth2 permissions dialog.
I am changing the Save to Google Drive extension to use OAuth 2 with the chrome.identity API.
I don't think I should be seeing this dialog at all. It pops up right after the authorizes the OAuth2 permissions dialog.
fe...@chromium.org
Re #16: If you think the dialog is appearing at the wrong time, that is a separate bug. This bug is just meant to improve the appearance of the dialog (when it is shown as intended).
fe...@chromium.org
Alex, let's discuss this dialog next Friday. It apparently is going to be coming up a lot on Win 8.1, since it's used to open Metro Mode apps.
BTW I've attached a screenshot of what this looks like on Windows.
BTW I've attached a screenshot of what this looks like on Windows.
fe...@chromium.org
From security / UX meeting:
We're going to reuse the similar dialog that's used on Bling when opening an app.
Alex, can you attach the appropriate mock / screenshot?
We're going to reuse the similar dialog that's used on Bling when opening an app.
Alex, can you attach the appropriate mock / screenshot?
me...@chromium.org
Any updates? Have the mocks / screenshots ever been created?
ha...@chromium.org
[Empty comment from Monorail migration]
la...@chromium.org
This issue likely requires triage. The current issue owner maybe inactive (i.e. hasn't fixed an issue in the last 30 days). Thanks for helping out!
-Anthony
-Anthony
ji...@gmail.com
Also be sure the message mentions how to reset it later.
Here we see that once the user makes the fatal click, he loses access to changing it later, at least from the browser.
http://askubuntu.com/questions/465586/how-to-reset-external-protocol-handler-in-chrome
Here we see that once the user makes the fatal click, he loses access to changing it later, at least from the browser.
la...@chromium.org
Security>UX component is deprecated in favor of the Team-Security-UX label
[Monorail components: -Security>UX]
[Monorail components: -Security>UX]
ye...@gmail.com
[Comment Deleted]
is...@google.com
This issue was migrated from crbug.com/chromium/333813?no_tracker_redirect=1
[Multiple monorail components: Design, Platform>Extensions]
[Monorail blocking:crbug.com/chromium/161492 ]
[Monorail mergedwith:crbug.com/chromium/114899 ]
[Monorail mergedinto:crbug.com/chromium/601725 ]
[Monorail components added to Component Tags custom field.]
[Multiple monorail components: Design, Platform>Extensions]
[Monorail blocking:
[Monorail mergedwith:
[Monorail mergedinto:
[Monorail components added to Component Tags custom field.]
Description
As the very least, we should not force the user to extract the extension ID from the warning and manually check that against the CWS entry, to realise which extension / app is actually asking for the permission.
What message are we trying to deliver to the user? If it's meant to be helpful, it should have a clear action for the user to do, by which the user can check if all is OK or if it really is an attack. The phrasing should not assume that the user has any expert knowledge of computers.
(Note: I'm not asking for help with the particular message poping up at me, that's been solved by the CWS look-up. This is about improving this pop-up for future.)