Bug 401575 - "Support cert overriding from SSL error pages" [p=johnath r=kaie r=gavin r+sr=bzbarsky ui-r=beltzner a=blocking1.9+ for M9]

2024-10-08 10:44:56 +00:00 · 2007-11-03 11:49:47 -07:00 · 2007-11-03 11:49:47 -07:00 · f5f27fd7da
commit f5f27fd7da
parent aa9141ce9a
9 changed files with 134 additions and 9 deletions
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@ -1204,6 +1204,12 @@ function delayedStartup()

  // bookmark-all-tabs command
  gBookmarkAllTabsHandler = new BookmarkAllTabsHandler();
+
+  // Attach a listener to watch for "command" events bubbling up from error
+  // pages.  This lets us fix bugs like 401575 which require error page UI to
+  // do privileged things, without letting error pages have any privilege
+  // themselves.
+  gBrowser.addEventListener("command", BrowserOnCommand, false);
 }

 function BrowserShutdown()
@ -2305,6 +2311,50 @@ function BrowserImport()
 #endif
 }

+/**
+ * Handle command events bubbling up from error page content
+ */
+function BrowserOnCommand(event) {
+    
+    // Don't trust synthetic events
+    if (!event.isTrusted)
+      return;
+    
+    // If the event came from an ssl error page, it is probably either the "Add
+    // Exception" or "Get Me Out Of Here" button
+    if (/^about:neterror\?e=nssBadCert/.test(event.originalTarget.ownerDocument.documentURI)) {
+      var ot = event.originalTarget;
+      var errorDoc = ot.ownerDocument;
+      
+      if (ot == errorDoc.getElementById('exceptionDialogButton')) {
+        var params = { location : content.location.href,
+                       exceptionAdded : false };
+        window.openDialog('chrome://pippki/content/exceptionDialog.xul',
+                          '','chrome,centerscreen,modal', params);
+        
+        // If the user added the exception cert, attempt to reload the page
+        if (params.exceptionAdded)
+          content.location.reload();
+      }
+      else if (ot == errorDoc.getElementById('getMeOutOfHereButton')) {
+        // Redirect them to a known-functioning page, default start page
+        var prefs = Cc["@mozilla.org/preferences-service;1"]
+                    .getService(Ci.nsIPrefService).getDefaultBranch(null);
+        var url = "about:blank";
+        try {
+          url = prefs.getComplexValue("browser.startup.homepage",
+                                      Ci.nsIPrefLocalizedString).data;
+          // If url is a pipe-delimited set of pages, just take the first one.
+          if (url.indexOf("|") != -1)
+            url = url.split("|")[0];
+        } catch(e) {
+          Components.utils.reportError("Couldn't get homepage pref: " + e);
+        }
+        content.location = url;
+      }
+    }
+  }
+
 function BrowserFullScreen()
 {
  window.fullScreen = !window.fullScreen;
--- a/browser/locales/en-US/chrome/overrides/netError.dtd
+++ b/browser/locales/en-US/chrome/overrides/netError.dtd
@ -124,14 +124,12 @@
 ">

 <!ENTITY nssBadCert.title "Secure Connection Failed">
-<!ENTITY nssBadCert.longDesc "
+<!ENTITY nssBadCert.longDesc2 "
 <ul>
  <li>This could be a problem with the server's configuration, or it could be
 someone trying to impersonate the server.</li>
  <li>If you have connected to this server successfully in the past, the error may
 be temporary, and you can try again later.</li>
-  <li>You can see and change your current list of servers with known security problems
-  in your advanced encryption settings.</li>
 </ul>
 ">

@ -157,3 +155,19 @@ be temporary, and you can try again later.</li>
 <p>Entering any personal information on this page may result in identity theft or other fraud.</p>
 <p>These types of web forgeries are used in scams known as phishing attacks, in which fraudulent web pages and emails are used to imitate sources you may trust.</p>
 ">
+
+<!ENTITY securityOverride.linkText "Or you can add an exception...">
+<!ENTITY securityOverride.getMeOutOfHereButton "Get Me Out of Here">
+<!ENTITY securityOverride.exceptionButtonLabel "Add Exception">
+
+<!-- LOCALIZATION NOTE (securityOverride.warningText) - Do not translate the
+contents of the <xul:button> tags.  The only language content is the label= field,
+which uses strings already defined above. The button is included here (instead of
+netError.xhtml) because it exposes functionality specific to firefox. -->
+
+<!ENTITY securityOverride.warningText "
+<p>You should not add an exception if you are using an internet connection that you do not trust completely, or if you are not used to seeing a warning for this server.</p>
+
+<xul:button xmlns:xul='http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul' id='getMeOutOfHereButton' label='&securityOverride.getMeOutOfHereButton;'/>
+<xul:button xmlns:xul='http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul' id='exceptionDialogButton' label='&securityOverride.exceptionButtonLabel;'/>
+">
--- a/docshell/resources/content/netError.xhtml
+++ b/docshell/resources/content/netError.xhtml
@ -126,6 +126,18 @@
      function initPage()
      {
        var err = getErrorCode();
+        
+        if (err == "nssBadCert") {
+          // Remove the "Try again" button for security exceptions, since it's
+          // almost certainly useless.
+          document.getElementById("errorTryAgain").style.display = "none";
+        }
+        else {
+          // Remove the override block for non-certificate errors.  CSS-hiding
+          // isn't good enough here, because of bug 39098
+          var secOverride = document.getElementById("securityOverrideDiv");
+          secOverride.parentNode.removeChild(secOverride);
+        }

        // if it's an unknown error or there's no title or description
        // defined, get the generic message
@ -177,6 +189,12 @@
          faviconParent.appendChild(favicon);
        }
      }
+      
+      function showSecuritySection() {
+        // Swap link out, content in
+        document.getElementById('securityOverrideContent').style.display = '';
+        document.getElementById('securityOverrideLink').style.display = 'none';
+      }
    ]]></script>
  </head>

@ -223,7 +241,7 @@
        <div id="ed_proxyConnectFailure">&proxyConnectFailure.longDesc;</div>
        <div id="ed_contentEncodingError">&contentEncodingError.longDesc;</div>
        <div id="ed_nssFailure2">&nssFailure2.longDesc;</div>
-        <div id="ed_nssBadCert">&nssBadCert.longDesc;</div>
+        <div id="ed_nssBadCert">&nssBadCert.longDesc2;</div>
        <div id="ed_malwareBlocked">&malwareBlocked.longDesc;</div>
      </div>
    </div>
@ -247,6 +265,12 @@
        <!-- Long Description (Note: See netError.dtd for used XHTML tags) -->
        <div id="errorLongDesc" />

+        <!-- Override section - For ssl errors only.  Removed on init for other
+             error types.  -->
+        <div id="securityOverrideDiv">
+          <a id="securityOverrideLink" href="javascript:showSecuritySection();" >&securityOverride.linkText;</a>
+          <div id="securityOverrideContent" style="display: none;">&securityOverride.warningText;</div>
+        </div>
      </div>

      <!-- Retry Button -->
--- a/dom/locales/en-US/chrome/netError.dtd
+++ b/dom/locales/en-US/chrome/netError.dtd
@ -55,10 +55,9 @@
 <!ENTITY nssFailure2.longDesc "<p>The page you are trying to view can not be shown because the authenticity of the received data could not be verified.</p><ul><li>Please contact the web site owners to inform them of this problem.</li></ul>">

 <!ENTITY nssBadCert.title "Secure Connection Failed">
-<!ENTITY nssBadCert.longDesc "<ul>
+<!ENTITY nssBadCert.longDesc2 "<ul>
 <li>This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.</li>
 <li>If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.</li>
-<li>You can see and change your current list of servers with known security problems in your advanced encryption settings.</li>
 </ul>
 ">

@ -73,3 +72,9 @@
 <p>Entering any personal information on this page may result in identity theft or other fraud.</p>
 <p>These types of web forgeries are used in scams known as phishing attacks, in which fraudulent web pages and emails are used to imitate sources you may trust.</p>
 ">
+
+<!ENTITY securityOverride.linkText "Or you can add an exception...">
+<!ENTITY securityOverride.warningText "
+<p>You should not add an exception if you are using an internet connection that you do not trust completely, or if you are not used to seeing a warning for this server.</p>
+<p>If you still wish to add an exception for this site, you can do so in your advanced encryption settings.</p>
+">
--- a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
+++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
@ -347,7 +347,7 @@ certErrorTrust_ExpiredIssuer=The certificate is not trusted because the issuer c
 certErrorTrust_Untrusted=The certificate does not come from a trusted source.

 certErrorMismatch=The certificate is not valid for the name %S.
-certErrorMismatchSingle=The certificate is only valid for name %S.
+certErrorMismatchSingle2=The certificate is only valid for %S.
 certErrorMismatchMultiple=The certificate is only valid for the following names:

 certErrorExpired=The certificate expired on %S.
--- a/security/manager/pki/resources/content/exceptionDialog.js
+++ b/security/manager/pki/resources/content/exceptionDialog.js
@ -81,6 +81,17 @@ function initExceptionDialog() {
  setText("warningText", gPKIBundle.formatStringFromName("addExceptionBrandedWarning",
                                                         [brandName], 1));
  gDialog.getButton("extra1").disabled = true;
+  
+  if (window.arguments[0]
+      && window.arguments[0].location) {
+    // We were pre-seeded with a location.  Populate the location bar, and check
+    // the cert
+    document.getElementById("locationTextBox").value = window.arguments[0].location;
+    checkCert();
+  }
+  
+  // Set out parameter to false by default
+  window.arguments[0].exceptionAdded = false;
 }

 // returns true if found and global status could be set
@ -321,5 +332,7 @@ function addException() {
    getURI().hostPort,
    gCert,
    flags);
+  
+  window.arguments[0].exceptionAdded = true;
  gDialog.acceptDialog();
 }
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@ -851,7 +851,7 @@ getInvalidCertErrorMessage(PRUint32 multipleCollectedErrors,
      params[0] = allNames.get();

      nsString formattedString;
-      rv = component->PIPBundleFormatStringFromName("certErrorMismatchSingle", 
+      rv = component->PIPBundleFormatStringFromName("certErrorMismatchSingle2", 
                                                    params, 1, 
                                                    formattedString);
      if (NS_SUCCEEDED(rv)) {
--- a/toolkit/themes/pinstripe/global/netError.css
+++ b/toolkit/themes/pinstripe/global/netError.css
@ -105,6 +105,16 @@ body[dir="rtl"] #brand {
  display: none;
 }

+#securityOverrideDiv {
+  padding-top: 10px;
+}
+
+#securityOverrideContent {
+  background-color: #FFF090; /* Pale yellow */
+  padding: 10px;
+  -moz-border-radius: 10px;
+}
+
 /* Custom styling for 'blacklist' error class */
 :root.blacklist #errorTitle, :root.blacklist #errorLongContent,
 :root.blacklist #errorShortDesc, :root.blacklist #errorLongDesc,
@ -125,4 +135,3 @@ body[dir="rtl"] #brand {
 :root.blacklist #errorTryAgain {
  display: none;
 }
-
--- a/toolkit/themes/winstripe/global/netError.css
+++ b/toolkit/themes/winstripe/global/netError.css
@ -105,6 +105,16 @@ body[dir="rtl"] #brand {
  display: none;
 }

+#securityOverrideDiv {
+  padding-top: 10px;
+}
+
+#securityOverrideContent {
+  background-color: #FFF090; /* Pale yellow */
+  padding: 10px;
+  -moz-border-radius: 10px;
+}
+
 /* Custom styling for 'blacklist' error class */
 :root.blacklist #errorTitle, :root.blacklist #errorLongContent,
 :root.blacklist #errorShortDesc, :root.blacklist #errorLongDesc,