Bug 926102 - Firefox for Android offers cert error overrides for HSTS sites, even though the override will never be honored r=margaret

2024-11-28 23:31:56 +00:00 · 2013-10-24 05:50:59 -04:00 · 2013-10-24 05:50:59 -04:00 · 5b5a314d0e
commit 5b5a314d0e
parent 31d713c2c8
2 changed files with 8 additions and 1 deletions
--- a/mobile/android/chrome/content/aboutCertError.xhtml
+++ b/mobile/android/chrome/content/aboutCertError.xhtml
@ -85,6 +85,12 @@
          toggle('expertContent');
        }

+        // Disallow overrides if this is a Strict-Transport-Security
+        // host and the cert is bad (STS Spec section 7.3) or if the
+        // certerror is in a frame (bug 633691).
+        if (getCSSClass() == "badStsCert" || window != top)
+          document.getElementById("expertContent").setAttribute("hidden", "true");
+
        var tech = document.getElementById("technicalContentText");
        if (tech)
          tech.textContent = getDescription();
--- a/mobile/android/themes/core/netError.css
+++ b/mobile/android/themes/core/netError.css
@ -130,7 +130,8 @@ div[collapsed="true"] > .expander {
  background-position: 5.5px 4px;
 }

-/* Hide the first element after the expander */
+div[hidden] > .expander,
+div[hidden] > .expander + *,
 div[collapsed="true"] > .expander + * {
  display: none;
 }