This repository has been archived by the owner on Dec 11, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 973
[hackerone] #374969 - permission prompt with window.open #14681
Labels
Milestone
Comments
need to check if this is fixed by #14887 |
Removing sec-high because the prompt doesn't say anything about Google.com asking for permission; I think the only confusing part is that the prompt is visually placed in the area of a tab which contains Google.com whereas the permission being requested is not specific to Google.com. The simple solution is just to move the notification from the tab area to the global notification area so it cannot be associated with any specific origin. |
diracdeltas
added a commit
that referenced
this issue
Aug 2, 2018
Since these permissions are not scoped to any tab, it doesn't make sense to show them in the tab area. Fix #14681 1. Go to https://jsfiddle.net/yudr4cxe/ and click the link. 2. It should show a notification above the tab bar.
diracdeltas
changed the title
[hackerone] #374969
[hackerone] #374969 - permission prompt with window.open
Aug 2, 2018
This was referenced Aug 14, 2018
@tomlowenthal @diracdeltas Could you check/resolve this report on H1? |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
Test Case
Case # 1:
Original issue
https://hackerone.com/reports/374969
The text was updated successfully, but these errors were encountered: