But I also see the argument that the path part is still allowing the potentially malicious site control a security-sensitive bit of UI. Maybe my proposal is the “advanced” view?
June 22nd, 2020
The key thing is highlighting the important part, rather than hiding anything (which is why I much prefer your proposal over Apple’s implementation).
It should be possible to do some highlighting of the important part (bold? larger font? a chip?) while defensively showing the rest of the URL. Something that CSS flex could do…
I strongly disagree. Hiding any part of the URL with the assumption that “it’s for their own good” is an ampuation. It disempowers the user. And, as your proposal shows, it’s not necessary. adactio.com/notes/17046
I struggle with this argument, because the URL isn’t showing the whole picture of the request/response, but folks don’t seem to be arguing for things to move the other way (eg, show full cert info always-visible, show the HTTP method, show the request body etc etc)
imagine all browser vendors using a different approach to “hiding” the URL (path). How would you deal with the simple “please provide the page’s URL” question in a standard way? (I ask my “customers” that question a lot)
Don’t need to imagine that 😀
Here’s a stab at what I meant. codepen.io/nemzes/pen/Rwr…