Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-08 19:04:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1500020 - Update cert error page copy based on UX suggestions. r=nhnt11

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D9080

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Johann Hofmann 2018-10-19 14:50:59 +00:00
parent 8c40aa8fd0
commit d7b28163d3
6 changed files with 60 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
browser/actors/NetErrorChild.jsm
View File

@ -39,8 +39,6 @@ const SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13;
const SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20;
const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = SEC_ERROR_BASE + 30;
const SEC_ERROR_CA_CERT_INVALID = SEC_ERROR_BASE + 36;
const SEC_ERROR_OCSP_FUTURE_RESPONSE = SEC_ERROR_BASE + 131;
const SEC_ERROR_OCSP_OLD_RESPONSE = SEC_ERROR_BASE + 132;
const SEC_ERROR_REUSED_ISSUER_AND_SERIAL = SEC_ERROR_BASE + 138;
const SEC_ERROR_OCSP_INVALID_SIGNING_CERT = SEC_ERROR_BASE + 144;
const SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = SEC_ERROR_BASE + 176;
@ -160,7 +158,7 @@ class NetErrorChild extends ActorChild {
// This error code currently only exists for the Symantec distrust, we may need to adjust
// it to fit other distrusts later.
case MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED:
msg1 += gPipNSSBundle.formatStringFromName("certErrorTrust_Symantec", [hostString], 1) + "\n";
msg1 += gPipNSSBundle.GetStringFromName("certErrorTrust_Symantec1") + "\n";
break;
default:
msg1 += gPipNSSBundle.GetStringFromName("certErrorTrust_Untrusted") + "\n";
@ -178,7 +176,7 @@ class NetErrorChild extends ActorChild {
if (newErrorPagesEnabled) {
technicalInfo.textContent = "";
let brandName = gBrandBundle.GetStringFromName("brandShortName");
msgPrefix = gPipNSSBundle.formatStringFromName("certErrorMismatchSinglePrefix2", [brandName, hostString], 2) + " ";
msgPrefix = gPipNSSBundle.formatStringFromName("certErrorMismatchSinglePrefix3", [brandName, hostString], 2) + " ";
msgPrefix += gPipNSSBundle.GetStringFromName("certErrorMismatchSinglePrefix");
} else {
msgPrefix = gPipNSSBundle.GetStringFromName("certErrorMismatchSinglePrefix");
@ -252,7 +250,7 @@ class NetErrorChild extends ActorChild {
if (newErrorPagesEnabled) {
technicalInfo.textContent = "";
let brandName = gBrandBundle.GetStringFromName("brandShortName");
msg = gPipNSSBundle.formatStringFromName("certErrorMismatchMultiple2", [brandName, hostString], 2) + " ";
msg = gPipNSSBundle.formatStringFromName("certErrorMismatchMultiple3", [brandName, hostString], 2) + " ";
} else {
msg = gPipNSSBundle.GetStringFromName("certErrorMismatchMultiple") + "\n";
}
@ -269,7 +267,7 @@ class NetErrorChild extends ActorChild {
if (newErrorPagesEnabled) {
technicalInfo.textContent = "";
let brandName = gBrandBundle.GetStringFromName("brandShortName");
msg = gPipNSSBundle.formatStringFromName("certErrorMismatch2", [brandName, hostString], 2) + " ";
msg = gPipNSSBundle.formatStringFromName("certErrorMismatch3", [brandName, hostString], 2) + " ";
} else {
msg = gPipNSSBundle.formatStringFromName("certErrorMismatch",
[hostString], 1);
@ -398,7 +396,7 @@ class NetErrorChild extends ActorChild {
// without replicating the complex logic from certverifier code.
case MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED:
let description = gPipNSSBundle.formatStringFromName(
"certErrorSymantecDistrustDescription", [doc.location.hostname], 1);
"certErrorSymantecDistrustDescription1", [doc.location.hostname], 1);
let descriptionContainer = doc.getElementById("errorShortDescText2");
descriptionContainer.textContent = description;
@ -421,8 +419,6 @@ class NetErrorChild extends ActorChild {
// and is not before the build date.
case SEC_ERROR_EXPIRED_CERTIFICATE:
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
case SEC_ERROR_OCSP_FUTURE_RESPONSE:
case SEC_ERROR_OCSP_OLD_RESPONSE:
case MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE:
case MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE:
@ -507,23 +503,39 @@ class NetErrorChild extends ActorChild {
let textContainer = doc.getElementById("text-container");
errorPageContainer.style.backgroundPosition = `left top calc(50vh - ${textContainer.clientHeight / 2}px)`;
} else {
doc.getElementById("wrongSystemTime_systemDate2").textContent = systemDate;
let errDesc = doc.getElementById("ed2_nssBadCert_SEC_ERROR_EXPIRED_CERTIFICATE");
let sd = doc.getElementById("errorShortDescText2");
if (sd) {
// eslint-disable-next-line no-unsanitized/property
sd.innerHTML = errDesc.innerHTML;
}
if (es) {
// eslint-disable-next-line no-unsanitized/property
es.innerHTML = errWhatToDo.innerHTML;
}
if (est) {
// eslint-disable-next-line no-unsanitized/property
est.textContent = errWhatToDoTitle.textContent;
est.style.fontWeight = "bold";
}
updateContainerPosition();
doc.getElementById("wrongSystemTime_systemDate2").textContent = systemDate;
let errDesc = doc.getElementById("ed_nssBadCert_SEC_ERROR_EXPIRED_CERTIFICATE");
let sd = doc.getElementById("errorShortDescText");
// eslint-disable-next-line no-unsanitized/property
sd.innerHTML = errDesc.innerHTML;
let span = sd.querySelector(".hostname");
span.textContent = doc.location.hostname;
// The secondary description mentions expired certificates explicitly
// and should only be shown if the certificate has actually expired
// instead of being not yet valid.
if (msg.data.code == SEC_ERROR_EXPIRED_CERTIFICATE) {
let {cssClass} = this.getParams(doc);
let stsSuffix = cssClass == "badStsCert" ? "_sts" : "";
let errDesc2 = doc.getElementById(
`ed2_nssBadCert_SEC_ERROR_EXPIRED_CERTIFICATE${stsSuffix}`);
let sd2 = doc.getElementById("errorShortDescText2");
// eslint-disable-next-line no-unsanitized/property
sd2.innerHTML = errDesc2.innerHTML;
}
if (es) {
// eslint-disable-next-line no-unsanitized/property
es.innerHTML = errWhatToDo.innerHTML;
}
if (est) {
// eslint-disable-next-line no-unsanitized/property
est.textContent = errWhatToDoTitle.textContent;
est.style.fontWeight = "bold";
}
updateContainerPosition();
}
break;
}

7
browser/base/content/aboutNetError-new.xhtml
View File

@ -94,6 +94,7 @@
<div id="ed_nssFailure2">&nssFailure2.longDesc2;</div>
<div id="ed_nssBadCert">&certerror.introPara2;</div>
<div id="ed_nssBadCert_sts">&certerror.sts.introPara;</div>
<div id="ed_nssBadCert_SEC_ERROR_EXPIRED_CERTIFICATE">&certerror.expiredCert.introPara;</div>
<div id="ed_cspBlocked">&cspBlocked.longDesc;</div>
<div id="ed_remoteXUL">&remoteXUL.longDesc;</div>
<div id="ed_corruptedContentErrorv2">&corruptedContentErrorv2.longDesc;</div>
@ -103,7 +104,8 @@
<div id="ed_clockSkewError">&clockSkewError.longDesc;</div>
</div>
<div id="errorDescriptions2Container">
<div id="ed2_nssBadCert_SEC_ERROR_EXPIRED_CERTIFICATE">&certerror.expiredCert.secondPara;</div>
<div id="ed2_nssBadCert_SEC_ERROR_EXPIRED_CERTIFICATE">&certerror.expiredCert.secondPara2;</div>
<div id="ed2_nssBadCert_SEC_ERROR_EXPIRED_CERTIFICATE_sts">&certerror.expiredCert.sts.secondPara;</div>
</div>
<div id="whatCanYouDoAboutItTitleContainer">
<div id="edd_nssBadCert"><strong>&certerror.whatCanYouDoAboutItTitle;</strong></div>
@ -112,12 +114,9 @@
<div id="es_nssBadCert_SEC_ERROR_UNKNOWN_ISSUER">&certerror.unknownIssuer.whatCanYouDoAboutIt;</div>
<div id="es_nssBadCert_SEC_ERROR_EXPIRED_CERTIFICATE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
<div id="es_nssBadCert_SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
<div id="es_nssBadCert_SEC_ERROR_OCSP_FUTURE_RESPONSE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
<div id="es_nssBadCert_SEC_ERROR_OCSP_OLD_RESPONSE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
<div id="es_nssBadCert_MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
<div id="es_nssBadCert_MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
<div id="es_nssBadCert_SSL_ERROR_BAD_CERT_DOMAIN">&certerror.badCertDomain.whatCanYouDoAboutIt;</div>
<div id="es_nssBadCert_SEC_ERROR_OCSP_INVALID_SIGNING_CERT">&certerror.badCertDomain.whatCanYouDoAboutIt;</div>
</div>
<!-- Stores an alternative text for when we don't want to add "Recommended" to the
return button. This is one of many l10n atrocities in this file and should be

4
browser/base/content/test/static/browser_misused_characters_in_strings.js
View File

@ -20,6 +20,10 @@ let gWhitelist = [{
file: "netError.dtd",
key: "certerror.sts.introPara",
type: "single-quote",
}, {
file: "netError.dtd",
key: "certerror.expiredCert.introPara",
type: "single-quote",
}, {
file: "netError.dtd",
key: "certerror.expiredCert.whatCanYouDoAboutIt2",

6
browser/locales/en-US/chrome/overrides/netError.dtd
View File

@ -159,7 +159,9 @@ was trying to connect. -->
<!ENTITY certerror.introPara2 "&brandShortName; detected a potential security threat and did not continue to <span class='hostname'/>. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.">
<!ENTITY certerror.sts.introPara "&brandShortName; detected a potential security threat and did not continue to <span class='hostname'/> because this website requires a secure connection.">
<!ENTITY certerror.expiredCert.secondPara "This issue is most likely because your computer clock is set to the wrong time, which would prevent &brandShortName; from connecting securely.">
<!ENTITY certerror.expiredCert.introPara "&brandShortName; detected an issue and did not continue to <span class='hostname'/>. The website is either misconfigured or your computer clock is set to the wrong time.">
<!ENTITY certerror.expiredCert.secondPara2 "Its likely the websites certificate is expired, which prevents &brandShortName; from connecting securely. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.">
<!ENTITY certerror.expiredCert.sts.secondPara "Its likely the websites certificate is expired, which prevents &brandShortName; from connecting securely.">
<!ENTITY certerror.whatCanYouDoAboutItTitle "What can you do about it?">
@ -232,7 +234,7 @@ certificate.">
<!ENTITY blockedByPolicy.title "Blocked Page">
<!ENTITY clockSkewError.title "Your computer clock is wrong">
<!ENTITY clockSkewError.title "Your Computer Clock is Wrong">
<!ENTITY clockSkewError.longDesc "Your computer thinks it is <span id='wrongSystemTime_systemDate1'/>, which prevents &brandShortName; from connecting securely. To visit <span class='hostname'></span>, update your computer clock in your system settings to the current date, time, and time zone, and then refresh <span class='hostname'></span>.">
<!ENTITY prefReset.longDesc "It looks like your network security settings might be causing this. Do you want the default settings to be restored?">

4
browser/themes/shared/aboutNetError-new.css
View File

@ -47,6 +47,10 @@ button:disabled {
cursor: pointer;
}
#errorWhatToDoTitle {
margin-top: 2em;
}
#prefChangeContainer {
display: none;
}

16
security/manager/locales/en-US/chrome/pipnss/pipnss.properties
View File

@ -287,18 +287,16 @@ certErrorTrust_SignatureAlgorithmDisabled=The certificate is not trusted because
certErrorTrust_ExpiredIssuer=The certificate is not trusted because the issuer certificate has expired.
certErrorTrust_Untrusted=The certificate does not come from a trusted source.
certErrorTrust_MitM=Your connection is being intercepted by a TLS proxy. Uninstall it if possible or configure your device to trust its root certificate.
# LOCALIZATION NOTE (certErrorTrust_Symantec): %S is replaced by the domain for which the certificate is valid
certErrorTrust_Symantec=The security certificate for %S is not trustworthy because the issuing organization failed to follow security practices. Certificates issued by Symantec, including the Thawte, GeoTrust, and RapidSSL brands, are not considered safe.
certErrorTrust_Symantec1=Certificates issued by GeoTrust, RapidSSL, Symantec, Thawte, and VeriSign are no longer considered safe because these certificate authorities failed to follow security practices in the past.
certErrorMismatch=The certificate is not valid for the name %S.
# LOCALIZATION NOTE (certErrorMismatch2, certErrorMismatchSinglePrefix2, certErrorMismatchMultiple2): %1$S is replaced by the brand name, %2$S is replaced by host name.
certErrorMismatch2=Websites prove their identity via certificates. %1$S does not trust %2$S because it uses a certificate that is not valid for %2$S.
# LOCALIZATION NOTE (certErrorMismatch3, certErrorMismatchSinglePrefix3, certErrorMismatchMultiple3): %1$S is replaced by the brand name, %2$S is replaced by host name.
certErrorMismatch3=Websites prove their identity via certificates. %1$S does not trust this site because it uses a certificate that is not valid for %2$S.
# LOCALIZATION NOTE (certErrorMismatchSinglePrefix): %S is replaced by the domain for which the certificate is valid
certErrorMismatchSinglePrefix=The certificate is only valid for %S.
# LOCALIZATION NOTE (certErrorMismatchSinglePrefix2): %3$S is replaced by the domain for which the certificate is valid
certErrorMismatchSinglePrefix2=Websites prove their identity via certificates. %1$S does not trust %2$S because it uses a certificate that is not valid for %2$S.
certErrorMismatchSinglePrefix3=Websites prove their identity via certificates. %1$S does not trust this site because it uses a certificate that is not valid for %2$S.
certErrorMismatchMultiple=The certificate is only valid for the following names:
certErrorMismatchMultiple2=Websites prove their identity via certificates. %1$S does not trust %2$S because it uses a certificate that is not valid for %2$S. The certificate is only valid for the following names:
certErrorMismatchMultiple3=Websites prove their identity via certificates. %1$S does not trust this site because it uses a certificate that is not valid for %2$S. The certificate is only valid for the following names:
# LOCALIZATION NOTE (certErrorExpiredNow): Do not translate %1$S (date+time of expired certificate) or %2$S (current date+time)
certErrorExpiredNow=The certificate expired on %1$S. The current time is %2$S.
@ -308,8 +306,8 @@ certErrorExpiredNow2=Websites prove their identity via certificates, which are v
certErrorNotYetValidNow=The certificate will not be valid until %1$S. The current time is %2$S.
certErrorNotYetValidNow2=Websites prove their identity via certificates, which are valid for a set time period. The certificate for %S appears to be not yet valid.
# LOCALIZATION NOTE (certErrorSymantecDistrustDescription): %S will be replaced by the domain for which the certificate is valid.
certErrorSymantecDistrustDescription=Websites prove their identity via certificates, which are issued by certificate authorities. Most browsers will no longer trust Symantec, the certificate authority for %S.
# LOCALIZATION NOTE (certErrorSymantecDistrustDescription1): %S will be replaced by the domain for which the certificate is valid.
certErrorSymantecDistrustDescription1=Websites prove their identity via certificates, which are issued by certificate authorities. Most browsers no longer trust certificates issued by GeoTrust, RapidSSL, Symantec, Thawte, and VeriSign. %S uses a certificate from one of these authorities and so the websites identity cannot be proven.
certErrorSymantecDistrustAdministrator=You may notify the websites administrator about this problem.
# LOCALIZATION NOTE (certErrorCodePrefix3): %S is replaced by the error code.