mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 10:44:56 +00:00
Bug 401575 - "Support cert overriding from SSL error pages" [p=johnath r=kaie r=gavin r+sr=bzbarsky ui-r=beltzner a=blocking1.9+ for M9]
This commit is contained in:
parent
aa9141ce9a
commit
f5f27fd7da
@ -1204,6 +1204,12 @@ function delayedStartup()
|
||||
|
||||
// bookmark-all-tabs command
|
||||
gBookmarkAllTabsHandler = new BookmarkAllTabsHandler();
|
||||
|
||||
// Attach a listener to watch for "command" events bubbling up from error
|
||||
// pages. This lets us fix bugs like 401575 which require error page UI to
|
||||
// do privileged things, without letting error pages have any privilege
|
||||
// themselves.
|
||||
gBrowser.addEventListener("command", BrowserOnCommand, false);
|
||||
}
|
||||
|
||||
function BrowserShutdown()
|
||||
@ -2305,6 +2311,50 @@ function BrowserImport()
|
||||
#endif
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle command events bubbling up from error page content
|
||||
*/
|
||||
function BrowserOnCommand(event) {
|
||||
|
||||
// Don't trust synthetic events
|
||||
if (!event.isTrusted)
|
||||
return;
|
||||
|
||||
// If the event came from an ssl error page, it is probably either the "Add
|
||||
// Exception" or "Get Me Out Of Here" button
|
||||
if (/^about:neterror\?e=nssBadCert/.test(event.originalTarget.ownerDocument.documentURI)) {
|
||||
var ot = event.originalTarget;
|
||||
var errorDoc = ot.ownerDocument;
|
||||
|
||||
if (ot == errorDoc.getElementById('exceptionDialogButton')) {
|
||||
var params = { location : content.location.href,
|
||||
exceptionAdded : false };
|
||||
window.openDialog('chrome://pippki/content/exceptionDialog.xul',
|
||||
'','chrome,centerscreen,modal', params);
|
||||
|
||||
// If the user added the exception cert, attempt to reload the page
|
||||
if (params.exceptionAdded)
|
||||
content.location.reload();
|
||||
}
|
||||
else if (ot == errorDoc.getElementById('getMeOutOfHereButton')) {
|
||||
// Redirect them to a known-functioning page, default start page
|
||||
var prefs = Cc["@mozilla.org/preferences-service;1"]
|
||||
.getService(Ci.nsIPrefService).getDefaultBranch(null);
|
||||
var url = "about:blank";
|
||||
try {
|
||||
url = prefs.getComplexValue("browser.startup.homepage",
|
||||
Ci.nsIPrefLocalizedString).data;
|
||||
// If url is a pipe-delimited set of pages, just take the first one.
|
||||
if (url.indexOf("|") != -1)
|
||||
url = url.split("|")[0];
|
||||
} catch(e) {
|
||||
Components.utils.reportError("Couldn't get homepage pref: " + e);
|
||||
}
|
||||
content.location = url;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function BrowserFullScreen()
|
||||
{
|
||||
window.fullScreen = !window.fullScreen;
|
||||
|
@ -124,14 +124,12 @@
|
||||
">
|
||||
|
||||
<!ENTITY nssBadCert.title "Secure Connection Failed">
|
||||
<!ENTITY nssBadCert.longDesc "
|
||||
<!ENTITY nssBadCert.longDesc2 "
|
||||
<ul>
|
||||
<li>This could be a problem with the server's configuration, or it could be
|
||||
someone trying to impersonate the server.</li>
|
||||
<li>If you have connected to this server successfully in the past, the error may
|
||||
be temporary, and you can try again later.</li>
|
||||
<li>You can see and change your current list of servers with known security problems
|
||||
in your advanced encryption settings.</li>
|
||||
</ul>
|
||||
">
|
||||
|
||||
@ -157,3 +155,19 @@ be temporary, and you can try again later.</li>
|
||||
<p>Entering any personal information on this page may result in identity theft or other fraud.</p>
|
||||
<p>These types of web forgeries are used in scams known as phishing attacks, in which fraudulent web pages and emails are used to imitate sources you may trust.</p>
|
||||
">
|
||||
|
||||
<!ENTITY securityOverride.linkText "Or you can add an exception...">
|
||||
<!ENTITY securityOverride.getMeOutOfHereButton "Get Me Out of Here">
|
||||
<!ENTITY securityOverride.exceptionButtonLabel "Add Exception">
|
||||
|
||||
<!-- LOCALIZATION NOTE (securityOverride.warningText) - Do not translate the
|
||||
contents of the <xul:button> tags. The only language content is the label= field,
|
||||
which uses strings already defined above. The button is included here (instead of
|
||||
netError.xhtml) because it exposes functionality specific to firefox. -->
|
||||
|
||||
<!ENTITY securityOverride.warningText "
|
||||
<p>You should not add an exception if you are using an internet connection that you do not trust completely, or if you are not used to seeing a warning for this server.</p>
|
||||
|
||||
<xul:button xmlns:xul='http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul' id='getMeOutOfHereButton' label='&securityOverride.getMeOutOfHereButton;'/>
|
||||
<xul:button xmlns:xul='http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul' id='exceptionDialogButton' label='&securityOverride.exceptionButtonLabel;'/>
|
||||
">
|
||||
|
@ -126,6 +126,18 @@
|
||||
function initPage()
|
||||
{
|
||||
var err = getErrorCode();
|
||||
|
||||
if (err == "nssBadCert") {
|
||||
// Remove the "Try again" button for security exceptions, since it's
|
||||
// almost certainly useless.
|
||||
document.getElementById("errorTryAgain").style.display = "none";
|
||||
}
|
||||
else {
|
||||
// Remove the override block for non-certificate errors. CSS-hiding
|
||||
// isn't good enough here, because of bug 39098
|
||||
var secOverride = document.getElementById("securityOverrideDiv");
|
||||
secOverride.parentNode.removeChild(secOverride);
|
||||
}
|
||||
|
||||
// if it's an unknown error or there's no title or description
|
||||
// defined, get the generic message
|
||||
@ -177,6 +189,12 @@
|
||||
faviconParent.appendChild(favicon);
|
||||
}
|
||||
}
|
||||
|
||||
function showSecuritySection() {
|
||||
// Swap link out, content in
|
||||
document.getElementById('securityOverrideContent').style.display = '';
|
||||
document.getElementById('securityOverrideLink').style.display = 'none';
|
||||
}
|
||||
]]></script>
|
||||
</head>
|
||||
|
||||
@ -223,7 +241,7 @@
|
||||
<div id="ed_proxyConnectFailure">&proxyConnectFailure.longDesc;</div>
|
||||
<div id="ed_contentEncodingError">&contentEncodingError.longDesc;</div>
|
||||
<div id="ed_nssFailure2">&nssFailure2.longDesc;</div>
|
||||
<div id="ed_nssBadCert">&nssBadCert.longDesc;</div>
|
||||
<div id="ed_nssBadCert">&nssBadCert.longDesc2;</div>
|
||||
<div id="ed_malwareBlocked">&malwareBlocked.longDesc;</div>
|
||||
</div>
|
||||
</div>
|
||||
@ -247,6 +265,12 @@
|
||||
<!-- Long Description (Note: See netError.dtd for used XHTML tags) -->
|
||||
<div id="errorLongDesc" />
|
||||
|
||||
<!-- Override section - For ssl errors only. Removed on init for other
|
||||
error types. -->
|
||||
<div id="securityOverrideDiv">
|
||||
<a id="securityOverrideLink" href="javascript:showSecuritySection();" >&securityOverride.linkText;</a>
|
||||
<div id="securityOverrideContent" style="display: none;">&securityOverride.warningText;</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Retry Button -->
|
||||
|
@ -55,10 +55,9 @@
|
||||
<!ENTITY nssFailure2.longDesc "<p>The page you are trying to view can not be shown because the authenticity of the received data could not be verified.</p><ul><li>Please contact the web site owners to inform them of this problem.</li></ul>">
|
||||
|
||||
<!ENTITY nssBadCert.title "Secure Connection Failed">
|
||||
<!ENTITY nssBadCert.longDesc "<ul>
|
||||
<!ENTITY nssBadCert.longDesc2 "<ul>
|
||||
<li>This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.</li>
|
||||
<li>If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.</li>
|
||||
<li>You can see and change your current list of servers with known security problems in your advanced encryption settings.</li>
|
||||
</ul>
|
||||
">
|
||||
|
||||
@ -73,3 +72,9 @@
|
||||
<p>Entering any personal information on this page may result in identity theft or other fraud.</p>
|
||||
<p>These types of web forgeries are used in scams known as phishing attacks, in which fraudulent web pages and emails are used to imitate sources you may trust.</p>
|
||||
">
|
||||
|
||||
<!ENTITY securityOverride.linkText "Or you can add an exception...">
|
||||
<!ENTITY securityOverride.warningText "
|
||||
<p>You should not add an exception if you are using an internet connection that you do not trust completely, or if you are not used to seeing a warning for this server.</p>
|
||||
<p>If you still wish to add an exception for this site, you can do so in your advanced encryption settings.</p>
|
||||
">
|
||||
|
@ -347,7 +347,7 @@ certErrorTrust_ExpiredIssuer=The certificate is not trusted because the issuer c
|
||||
certErrorTrust_Untrusted=The certificate does not come from a trusted source.
|
||||
|
||||
certErrorMismatch=The certificate is not valid for the name %S.
|
||||
certErrorMismatchSingle=The certificate is only valid for name %S.
|
||||
certErrorMismatchSingle2=The certificate is only valid for %S.
|
||||
certErrorMismatchMultiple=The certificate is only valid for the following names:
|
||||
|
||||
certErrorExpired=The certificate expired on %S.
|
||||
|
@ -81,6 +81,17 @@ function initExceptionDialog() {
|
||||
setText("warningText", gPKIBundle.formatStringFromName("addExceptionBrandedWarning",
|
||||
[brandName], 1));
|
||||
gDialog.getButton("extra1").disabled = true;
|
||||
|
||||
if (window.arguments[0]
|
||||
&& window.arguments[0].location) {
|
||||
// We were pre-seeded with a location. Populate the location bar, and check
|
||||
// the cert
|
||||
document.getElementById("locationTextBox").value = window.arguments[0].location;
|
||||
checkCert();
|
||||
}
|
||||
|
||||
// Set out parameter to false by default
|
||||
window.arguments[0].exceptionAdded = false;
|
||||
}
|
||||
|
||||
// returns true if found and global status could be set
|
||||
@ -321,5 +332,7 @@ function addException() {
|
||||
getURI().hostPort,
|
||||
gCert,
|
||||
flags);
|
||||
|
||||
window.arguments[0].exceptionAdded = true;
|
||||
gDialog.acceptDialog();
|
||||
}
|
||||
|
@ -851,7 +851,7 @@ getInvalidCertErrorMessage(PRUint32 multipleCollectedErrors,
|
||||
params[0] = allNames.get();
|
||||
|
||||
nsString formattedString;
|
||||
rv = component->PIPBundleFormatStringFromName("certErrorMismatchSingle",
|
||||
rv = component->PIPBundleFormatStringFromName("certErrorMismatchSingle2",
|
||||
params, 1,
|
||||
formattedString);
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
|
@ -105,6 +105,16 @@ body[dir="rtl"] #brand {
|
||||
display: none;
|
||||
}
|
||||
|
||||
#securityOverrideDiv {
|
||||
padding-top: 10px;
|
||||
}
|
||||
|
||||
#securityOverrideContent {
|
||||
background-color: #FFF090; /* Pale yellow */
|
||||
padding: 10px;
|
||||
-moz-border-radius: 10px;
|
||||
}
|
||||
|
||||
/* Custom styling for 'blacklist' error class */
|
||||
:root.blacklist #errorTitle, :root.blacklist #errorLongContent,
|
||||
:root.blacklist #errorShortDesc, :root.blacklist #errorLongDesc,
|
||||
@ -125,4 +135,3 @@ body[dir="rtl"] #brand {
|
||||
:root.blacklist #errorTryAgain {
|
||||
display: none;
|
||||
}
|
||||
|
||||
|
@ -105,6 +105,16 @@ body[dir="rtl"] #brand {
|
||||
display: none;
|
||||
}
|
||||
|
||||
#securityOverrideDiv {
|
||||
padding-top: 10px;
|
||||
}
|
||||
|
||||
#securityOverrideContent {
|
||||
background-color: #FFF090; /* Pale yellow */
|
||||
padding: 10px;
|
||||
-moz-border-radius: 10px;
|
||||
}
|
||||
|
||||
/* Custom styling for 'blacklist' error class */
|
||||
:root.blacklist #errorTitle, :root.blacklist #errorLongContent,
|
||||
:root.blacklist #errorShortDesc, :root.blacklist #errorLongDesc,
|
||||
|
Loading…
Reference in New Issue
Block a user