Chromium Code Reviews Chromium Code Reviews
Issue 2076873003:
[SafeBrowsing] Clarify `danger_level` in safe_browsing/README.md (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 # Behavior of Download File Types in Chrome | 1 # Behavior of Download File Types in Chrome |
| 2 | 2 |
| 3 This describes how to adjust file-type download behavior in | 3 This describes how to adjust file-type download behavior in |
| 4 Chrome including interactions with Safe Browsing. The metadata described | 4 Chrome including interactions with Safe Browsing. The metadata described |
| 5 here, and stored in `download_file_types.asciipb`, will be both baked into | 5 here, and stored in `download_file_types.asciipb`, will be both baked into |
| 6 Chrome released and pushable to Chrome between releases (via | 6 Chrome released and pushable to Chrome between releases (via |
| 7 `FileTypePolicies` class). http://crbug.com/596555 | 7 `FileTypePolicies` class). http://crbug.com/596555 |
| 8 | 8 |
| 9 Rendered version of this file: https://chromium.googlesource.com/chromium/src/+/ master/chrome/browser/resources/safe_browsing/README.md | 9 Rendered version of this file: https://chromium.googlesource.com/chromium/src/+/ master/chrome/browser/resources/safe_browsing/README.md |
| 10 | 10 |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 58 as follows before writing out the binary proto. | 58 as follows before writing out the binary proto. |
| 59 | 59 |
| 60 1. If there's an entry matching the built platform, | 60 1. If there's an entry matching the built platform, |
| 61 that will be preferred. Otherwise, | 61 that will be preferred. Otherwise, |
| 62 | 62 |
| 63 2. If there's a "PLATFORM_ANY" (i.e. `platform` is not set), | 63 2. If there's a "PLATFORM_ANY" (i.e. `platform` is not set), |
| 64 that will be used. Otherwise, | 64 that will be used. Otherwise, |
| 65 | 65 |
| 66 3. The `default_file_type`'s settings will be filled in. | 66 3. The `default_file_type`'s settings will be filled in. |
| 67 | 67 |
| 68 * `platform_settings.danger_level`: (required) | 68 * `platform_settings.danger_level`: (required) Controls how files should be |
| 69 handled by the UI in the absence of a better signal from the Safe Browsing | |
| 70 ping. This applies to all file types where `ping_setting` is either | |
| 71 `SAMPLED_PING` or `NO_PING`, and downloads where the Safe Browsing ping | |
| 72 either fails, is disabled, or returns an `UNKNOWN` verdict. Exceptions are | |
| 73 noted below. | |
| 74 | |
| 75 The warning controlled here is a generic "This file may harm your computer." | |
| 76 If the Safe Browsing verdict is `UNKNOWN` or `DANGEROUS`, Chrome will show | |
|
Nathan Parker
2016/06/21 16:55:00
s/UNKNOWN/UNCOMMON, POTENTIALLY_UNWANTED, DANGEROU
asanka
2016/06/21 16:58:48
D'oh. Done.
| |
| 77 that more severe warning regardless of this setting. | |
| 78 | |
| 69 * `NOT_DANGEROUS`: Safe to download and open, even if the download | 79 * `NOT_DANGEROUS`: Safe to download and open, even if the download |
| 70 was accidental. | 80 was accidental. No additional warnings are necessary. |
| 71 * `DANGEROUS`: Always warn the user that this file may harm their | 81 * `DANGEROUS`: Always warn the user that this file may harm their |
| 72 computer. We let them continue or discard the file. If Safe | 82 computer. We let them continue or discard the file. If Safe |
| 73 Browsing returns a SAFE verdict, we still warn the user. | 83 Browsing returns a `SAFE` verdict, we still warn the user. |
| 74 * `ALLOW_ON_USER_GESTURE`: Warn the user normally but skip the warning | 84 * `ALLOW_ON_USER_GESTURE`: Potentially dangerous, but is likely harmless if |
| 75 if there was a user gesture or the user visited this site before | 85 the user is familiar with host and if the download was intentional. Chrome |
| 76 midnight last night (i.e. is a repeat visit). If Safe Browsing | 86 doesn't warn the user if both of the following conditions are true: |
| 77 returns a SAFE verdict for this file, it won't show a warning. | 87 |
| 88 * There is a user gesture associated with the network request that | |
| 89 initiated the download. | |
| 90 * There is a recorded visit to the referring origin that's older than | |
| 91 the most recent midnight. This is taken to imply that the user has a | |
| 92 history of visiting the site. | |
| 93 | |
| 94 In addition, Chrome skips the warning if the download was explicit (i.e. | |
| 95 the user selected "Save link as ..." from the context menu), or if the | |
| 96 navigation that resulted in the download was initiated using the Omnibox. | |
| 78 | 97 |
| 79 * `platform_settings.auto_open_hint`: (required). | 98 * `platform_settings.auto_open_hint`: (required). |
| 80 * `ALLOW_AUTO_OPEN`: File type can be opened automatically if the user | 99 * `ALLOW_AUTO_OPEN`: File type can be opened automatically if the user |
| 81 selected that option from the download tray on a previous download | 100 selected that option from the download tray on a previous download |
| 82 of this type. | 101 of this type. |
| 83 * `DISALLOW_AUTO_OPEN`: Never let the file automatically open. | 102 * `DISALLOW_AUTO_OPEN`: Never let the file automatically open. |
| 84 Files that should be disallowed from auto-opening include those that | 103 Files that should be disallowed from auto-opening include those that |
| 85 execute arbitrary or harmful code with user privileges, or change | 104 execute arbitrary or harmful code with user privileges, or change |
| 86 configuration of the system to cause harmful behavior immediately | 105 configuration of the system to cause harmful behavior immediately |
| 87 or at some time in the future. We *do* allow auto-open for files | 106 or at some time in the future. We *do* allow auto-open for files |
| (...skipping 19 matching lines...) Expand all Loading... | |
| 107 users' downloads with unknown extensions (or | 126 users' downloads with unknown extensions (or |
| 108 ping_setting=SAMPLED_PING) should we send light-pings? [0.0 .. 1.0] | 127 ping_setting=SAMPLED_PING) should we send light-pings? [0.0 .. 1.0] |
| 109 | 128 |
| 110 * `file_types`: The big list of all known file types. Keep them | 129 * `file_types`: The big list of all known file types. Keep them |
| 111 sorted by extension. | 130 sorted by extension. |
| 112 | 131 |
| 113 * `default_file_type`: Settings used if a downloaded file is not in | 132 * `default_file_type`: Settings used if a downloaded file is not in |
| 114 the above list. `extension` is ignored, but other settings are used. | 133 the above list. `extension` is ignored, but other settings are used. |
| 115 The ping_setting should be SAMPLED_PING for all platforms. | 134 The ping_setting should be SAMPLED_PING for all platforms. |
| 116 | 135 |
| OLD | NEW |
