Insecure password form focused warning is broken
Steps to reproduce:
- Have an HTTPS-protected site
- on this site, have a HTML
<form>
in it - In the HTML form, have an
action="[url]"
with the URL starting withhttp://
- Open the website
- activate the form
What happens:
Form is sent to HTTP URL.
What should happen:
Epiphany (or webkit2-gtk3?) should tell me that what I am doing is unsafe. It should give me a big fat warning. This is the behavior of Firefox 76.0.
Maybe it should even completely deny what I am doing without asking and just telling me that the site cannot be loaded.
Version info:
epiphany-3.36.1-1.fc32.x86_64 webkit2gtk3-2.28.2-1.fc32.x86_64 glib2-2.64.2-2.fc32.x86_64 gtk3-3.24.20-1.fc32.x86_64
Security flag:
I'm not 100% sure whether you consider this a confidential issue. Feel free to make it public as you are better in assessing whether it should be.
Additional info:
I don't have an example page because the site I ran into this issue is private and has been fixed in the meantime.
Edited by Michael Catanzaro