commit d8fc089b62cd4f8d907acff6fb3f5ff58f168697
author Eric Lawrence <elawrence@chromium.org> Wed Jan 10 18:55:30 2018
committer Commit Bot <commit-bot@chromium.org> Wed Jan 10 18:55:30 2018
tree 3014919a9e6c0885411896e9607fad01c8ff0bc5
parent 776de246b0c79e64d367e09f5d7e9314a4679d70

Rotate the interstitial bypass keyword

The security interstitial bypass keyword hasn't changed in two years and
awareness of the bypass has been increased in blogs and social media.
Rotate the keyword to help prevent misuse.

Bug: 797344
Change-Id: I76213b05cc0fe8f23882123d0aeef668652dd89d
Reviewed-on: https://chromium-review.googlesource.com/860418
Reviewed-by: Adrienne Porter Felt <felt@chromium.org>
Commit-Queue: Eric Lawrence <elawrence@chromium.org>
Cr-Commit-Position: refs/heads/master@{#528371}

components/security_interstitials/core/browser/resources/interstitial_large.js

diff --git a/components/security_interstitials/core/browser/resources/interstitial_large.js b/components/security_interstitials/core/browser/resources/interstitial_large.js
index 066e8b6..0fa7dbf 100644
--- a/components/security_interstitials/core/browser/resources/interstitial_large.js
+++ b/components/security_interstitials/core/browser/resources/interstitial_large.js
@@ -13,7 +13,10 @@
  * @param {string} e The key that was just pressed.
  */
 function handleKeypress(e) {
-  var BYPASS_SEQUENCE = 'thisisnotsafe';
+  // HTTPS errors are serious and should not be ignored. For testing purposes,
+  // other approaches are both safer and have fewer side-effects.
+  // See https://goo.gl/ZcZixP for more details.
+  var BYPASS_SEQUENCE = window.atob('dGhpc2lzdW5zYWZl');
   if (BYPASS_SEQUENCE.charCodeAt(keyPressState) == e.keyCode) {
     keyPressState++;
     if (keyPressState == BYPASS_SEQUENCE.length) {