Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(5846)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/resources/safe_browsing/README.md

Issue 2076873003: [SafeBrowsing] Clarify `danger_level` in safe_browsing/README.md (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix list of dangerous download verdicts. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/resources/safe_browsing/README.md
diff --git a/chrome/browser/resources/safe_browsing/README.md b/chrome/browser/resources/safe_browsing/README.md
index d61aafff67c4d23b8dea5dddb84a0be33e5b5ccf..7b85908bbede9bb56d79c942568fa8db014332aa 100644
--- a/chrome/browser/resources/safe_browsing/README.md
+++ b/chrome/browser/resources/safe_browsing/README.md
@@ -65,16 +65,36 @@ See `download_file_types.proto` for all fields.
3. The `default_file_type`'s settings will be filled in.
- * `platform_settings.danger_level`: (required)
+ * `platform_settings.danger_level`: (required) Controls how files should be
+ handled by the UI in the absence of a better signal from the Safe Browsing
+ ping. This applies to all file types where `ping_setting` is either
+ `SAMPLED_PING` or `NO_PING`, and downloads where the Safe Browsing ping
+ either fails, is disabled, or returns an `UNKNOWN` verdict. Exceptions are
+ noted below.
+
+ The warning controlled here is a generic "This file may harm your computer."
+ If the Safe Browsing verdict is `UNCOMMON`, `POTENTIALLY_UNWANTED`,
+ `DANGEROUS_HOST`, or `DANGEROUS`, Chrome will show that more severe warning
+ regardless of this setting.
+
* `NOT_DANGEROUS`: Safe to download and open, even if the download
- was accidental.
+ was accidental. No additional warnings are necessary.
* `DANGEROUS`: Always warn the user that this file may harm their
computer. We let them continue or discard the file. If Safe
- Browsing returns a SAFE verdict, we still warn the user.
- * `ALLOW_ON_USER_GESTURE`: Warn the user normally but skip the warning
- if there was a user gesture or the user visited this site before
- midnight last night (i.e. is a repeat visit). If Safe Browsing
- returns a SAFE verdict for this file, it won't show a warning.
+ Browsing returns a `SAFE` verdict, we still warn the user.
+ * `ALLOW_ON_USER_GESTURE`: Potentially dangerous, but is likely harmless if
+ the user is familiar with host and if the download was intentional. Chrome
+ doesn't warn the user if both of the following conditions are true:
+
+ * There is a user gesture associated with the network request that
+ initiated the download.
+ * There is a recorded visit to the referring origin that's older than
+ the most recent midnight. This is taken to imply that the user has a
+ history of visiting the site.
+
+ In addition, Chrome skips the warning if the download was explicit (i.e.
+ the user selected "Save link as ..." from the context menu), or if the
+ navigation that resulted in the download was initiated using the Omnibox.
* `platform_settings.auto_open_hint`: (required).
* `ALLOW_AUTO_OPEN`: File type can be opened automatically if the user
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698