Bug 1078740 Add tracking controls to security notification bar r=IanN
authorNeil Rashbrook <neil@parkwaycc.co.uk>
Mon, 24 Nov 2014 00:07:01 +0000
changeset 17129 adae3689794ee53ad4f8e6ea9c69e8ac5ba6efd9
parent 17128 2a6c7fda0caf3ed9b97c3e130cadc78ea92fc81e
child 17130 5985a79b817eb36c8ea7bde3de7971f3d92340c4
push id10604
push userneil@parkwaycc.co.uk
push dateMon, 24 Nov 2014 00:07:06 +0000
treeherdercomm-central@adae3689794e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersIanN
bugs1078740
Bug 1078740 Add tracking controls to security notification bar r=IanN CLOSED TREE
suite/browser/browser-prefs.js
suite/common/bindings/notification.xml
suite/common/dataman/dataman.js
suite/common/pref/pref-security.js
suite/common/pref/pref-security.xul
suite/locales/en-US/chrome/common/dataman/dataman.properties
suite/locales/en-US/chrome/common/notification.properties
suite/locales/en-US/chrome/common/pref/pref-security.dtd
--- a/suite/browser/browser-prefs.js
+++ b/suite/browser/browser-prefs.js
@@ -713,16 +713,18 @@ pref("privacy.item.downloads",   true);
 pref("privacy.item.cookies",     false);
 pref("privacy.item.cache",       true);
 pref("privacy.item.sessions",    true);
 pref("privacy.item.offlineApps", false);
 
 pref("privacy.sanitize.sanitizeOnShutdown", false);
 pref("privacy.sanitize.promptOnSanitize", true);
 
+pref("privacy.warn_tracking_content", true);
+
 // Show XUL error pages instead of alerts for errors
 pref("browser.xul.error_pages.enabled", true);
 pref("browser.xul.error_pages.expert_bad_cert", false);
 
 // Setting this pref to |true| forces BiDi UI menu items and keyboard shortcuts
 // to be exposed. By default, only expose it for bidi-associated system locales.
 pref("bidi.browser.ui", false);
 
@@ -943,16 +945,17 @@ pref("services.sync.prefs.sync.privacy.i
 pref("services.sync.prefs.sync.privacy.item.history", true);
 pref("services.sync.prefs.sync.privacy.item.offlineApps", true);
 pref("services.sync.prefs.sync.privacy.item.passwords", true);
 pref("services.sync.prefs.sync.privacy.item.sessions", true);
 pref("services.sync.prefs.sync.privacy.item.urlbar", true);
 pref("services.sync.prefs.sync.privacy.sanitize.promptOnSanitize", true);
 pref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", true);
 pref("services.sync.prefs.sync.privacy.trackingprotection.enabled", true);
+pref("services.sync.prefs.sync.privacy.warn_tracking_content", true);
 pref("services.sync.prefs.sync.security.OCSP.enabled", true);
 pref("services.sync.prefs.sync.security.OCSP.require", true);
 pref("services.sync.prefs.sync.security.default_personal_cert", true);
 pref("services.sync.prefs.sync.security.mixed_content.block_active_content", true);
 pref("services.sync.prefs.sync.security.mixed_content.block_display_content", true);
 pref("services.sync.prefs.sync.security.tls.version.min", true);
 pref("services.sync.prefs.sync.security.tls.version.max", true);
 pref("services.sync.prefs.sync.security.warn_entering_secure", true);
--- a/suite/common/bindings/notification.xml
+++ b/suite/common/bindings/notification.xml
@@ -121,21 +121,22 @@
 
       <method name="onSecurityChange">
         <parameter name="aWebProgress"/>
         <parameter name="aRequest"/>
         <parameter name="aState"/>
         <body>
           <![CDATA[
             if (aState < 0)
-              aState = lastState;
+              aState = this.lastState;
             const nsIWebProgressListener = Components.interfaces.nsIWebProgressListener;
             var pref = "security.warn_leaving_secure";
             var message = "EnterInsecureMessage";
             var priority = this.PRIORITY_WARNING_LOW;
+            var pane = "ssl_pane";
             var buttons = [];
             if (aState & nsIWebProgressListener.STATE_IS_SECURE) {
               pref = "security.warn_entering_secure";
               message = "EnterSecureMessage";
               priority = this.PRIORITY_INFO_LOW;
             } else if (aState & nsIWebProgressListener.STATE_IS_BROKEN) {
               pref = "security.warn_viewing_mixed";
               message = "MixedContentMessage";
@@ -147,29 +148,61 @@
               pref = "security.warn_mixed_active_content";
               message = "MixedActiveContentMessage";
               priority = this.PRIORITY_CRITICAL_LOW;
             } else if (aState & nsIWebProgressListener.STATE_BLOCKED_MIXED_ACTIVE_CONTENT &&
                 this._prefs.getBoolPref("security.warn_mixed_active_content")) {
               pref = "security.warn_mixed_active_content";
               message = "BlockedActiveContentMessage";
               priority = this.PRIORITY_INFO_LOW;
-              lastState = aState & ~nsIWebProgressListener.STATE_BLOCKED_MIXED_ACTIVE_CONTENT;
+              this.lastState = aState & ~nsIWebProgressListener.STATE_BLOCKED_MIXED_ACTIVE_CONTENT;
               const nsIWebNavigation = Components.interfaces.nsIWebNavigation;
               buttons = [{
                 label: this._stringBundle.GetStringFromName("SecurityKeepBlocking.label"),
                 accessKey: this._stringBundle.GetStringFromName("SecurityKeepBlocking.accesskey"),
                 callback: this.onSecurityChange.bind(this, null, null, -1)
               }, {
                 label: this._stringBundle.GetStringFromName("SecurityUnblock.label"),
                 accessKey: this._stringBundle.GetStringFromName("SecurityUnblock.accesskey"),
                 callback: this.reloadPage.bind(this,
                               nsIWebNavigation.LOAD_FLAGS_ALLOW_MIXED_CONTENT |
                               nsIWebNavigation.LOAD_FLAGS_BYPASS_CACHE)
               }];
+            } else if (aState & nsIWebProgressListener.STATE_LOADED_TRACKING_CONTENT &&
+                this._prefs.getBoolPref("privacy.warn_tracking_content")) {
+              pref = "privacy.warn_tracking_content";
+              message = "TrackingContentMessage";
+              priority = this.PRIORITY_WARNING_LOW;
+              pane = "security_pane";
+            } else if (aState & nsIWebProgressListener.STATE_BLOCKED_TRACKING_CONTENT &&
+                this._prefs.getBoolPref("privacy.warn_tracking_content")) {
+              pref = "privacy.warn_tracking_content";
+              message = "BlockedTrackingContentMessage";
+              priority = this.PRIORITY_INFO_LOW;
+              pane = "security_pane";
+              if (!this.usePrivateBrowsing) {
+                this.lastState = aState & ~nsIWebProgressListener.STATE_BLOCKED_TRACKING_CONTENT;
+                buttons = [{
+                  label: this._stringBundle.GetStringFromName("SecurityKeepBlocking.label"),
+                  accessKey: this._stringBundle.GetStringFromName("SecurityKeepBlocking.accesskey"),
+                  callback: this.onSecurityChange.bind(this, null, null, -1)
+                }, {
+                  label: this._stringBundle.GetStringFromName("SecurityUnblock.label"),
+                  accessKey: this._stringBundle.GetStringFromName("SecurityUnblock.accesskey"),
+                  callback: () => {
+                    const nsIPermissionManager = Components.interfaces.nsIPermissionManager;
+                    Components.classes["@mozilla.org/permissionmanager;1"]
+                              .getService(nsIPermissionManager)
+                              .add(this.activeBrowser.currentURI,
+                                   "trackingprotection",
+                                   nsIPermissionManager.ALLOW_ACTION);
+                    this.reloadPage();
+                  }
+                }];
+              }
             } else if (aState & nsIWebProgressListener.STATE_LOADED_MIXED_DISPLAY_CONTENT &&
                 this._prefs.getBoolPref("security.warn_mixed_display_content")) {
               pref = "security.warn_mixed_display_content";
               message = "MixedDisplayContentMessage";
               priority = this.PRIORITY_WARNING_LOW;
             } else if (aState & nsIWebProgressListener.STATE_BLOCKED_MIXED_DISPLAY_CONTENT &&
                 this._prefs.getBoolPref("security.warn_mixed_display_content")) {
               pref = "security.warn_mixed_display_content";
@@ -189,17 +222,17 @@
             if (!this._prefs.getBoolPref(pref))
               return true;
 
             if ("goPreferences" in window) {
               buttons.push({
                 label: this._stringBundle.GetStringFromName("SecurityPreferences.label"),
                 accessKey: this._stringBundle.GetStringFromName("SecurityPreferences.accesskey"),
                 callback: function() {
-                  goPreferences("ssl_pane");
+                  goPreferences(pane);
                   return true;
                 }
               });
             }
             var text = this._stringBundle.GetStringFromName(message);
             box = this.appendNotification(text, message, null, priority, buttons);
             box.persistence = 1;
             box.timeout = Date.now() + 20000; // 20 seconds
--- a/suite/common/dataman/dataman.js
+++ b/suite/common/dataman/dataman.js
@@ -1280,17 +1280,17 @@ var gPerms = {
     // this.addSelBox, this.addHost, this.addType, this.addButton
     if (this.addSelBox.hidden) {
       // Show addition box, disable button.
       this.addButton.disabled = true;
       this.addType.removeAllItems(); // Make sure list is clean.
       let permTypes = ["allowXULXBL", "cookie", "geo", "image", "indexedDB",
                        "install", "object", "offline-app", "password",
                        "plugins", "popup", "script", "sts/use", "sts/subd",
-                       "stylesheet"];
+                       "stylesheet", "trackingprotection"];
       for (let i = 0; i < permTypes.length; i++) {
         let typeDesc = permTypes[i];
         try {
           typeDesc = gDataman.bundle.getString("perm." + permTypes[i] + ".label");
         }
         catch (e) {
         }
         let menuitem = this.addType.appendItem(typeDesc, permTypes[i]);
@@ -1356,16 +1356,18 @@ var gPerms = {
       case "plugins":
         if (Services.prefs.getBoolPref("plugins.click_to_play"))
           return Services.perms.UNKNOWN_ACTION;
         return Services.perms.ALLOW_ACTION;
       case "popup":
         if (Services.prefs.getBoolPref("dom.disable_open_during_load"))
           return Services.perms.DENY_ACTION;
         return Services.perms.ALLOW_ACTION;
+      case "trackingprotection":
+        return Services.perms.DENY_ACTION;
     }
     try {
       // Look for an nsContentBlocker permission
       switch (Services.prefs.getIntPref("permissions.default." + aType)) {
         case 3:
           return NOFOREIGN;
         case 2:
           return Services.perms.DENY_ACTION;
--- a/suite/common/pref/pref-security.js
+++ b/suite/common/pref/pref-security.js
@@ -1,9 +1,15 @@
 /* -*- Mode: Java; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 function Startup()
 {
-  // intentionally left empty for soon-ish use
+  var prefTrackProtect = document.getElementById("privacy.trackingprotection.enabled");
+  SetWarnTrackEnabled(prefTrackProtect.value);
 }
+
+function SetWarnTrackEnabled(aEnable)
+{
+  EnableElementById("warnTrackContent", aEnable, false);
+}
--- a/suite/common/pref/pref-security.xul
+++ b/suite/common/pref/pref-security.xul
@@ -16,16 +16,20 @@
             script="chrome://communicator/content/pref/pref-security.js">
     <preferences id="security_preferences">
       <!-- User Tracking -->
       <preference id="privacy.donottrackheader.enabled"
                   name="privacy.donottrackheader.enabled"
                   type="bool"/>
       <preference id="privacy.trackingprotection.enabled"
                   name="privacy.trackingprotection.enabled"
+                  type="bool"
+                  onchange="SetWarnTrackEnabled(this.value);"/>
+      <preference id="privacy.warn_tracking_content"
+                  name="privacy.warn_tracking_content"
                   type="bool"/>
 
       <!-- Location Aware Browsing -->
       <preference id="geo.enabled"
                   name="geo.enabled"
                   type="bool"/>
 
       <!-- Safe Browsing -->
@@ -45,16 +49,21 @@
       <checkbox id="doNotTrack"
                 label="&doNotTrack.label;"
                 accesskey="&doNotTrack.accesskey;"
                 preference="privacy.donottrackheader.enabled"/>
       <checkbox id="trackProtect"
                 label="&trackProtect.label;"
                 accesskey="&trackProtect.accesskey;"
                 preference="privacy.trackingprotection.enabled"/>
+      <checkbox id="warnTrackContent"
+                class="indent"
+                label="&warnTrackContent.label;"
+                accesskey="&warnTrackContent.accesskey;"
+                preference="privacy.warn_tracking_content"/>
     </groupbox>
 
     <!-- REMOVE #ifndef once bug 903439 is fixed -->
 #ifndef RELEASE_BUILD
     <!-- Location Aware Browsing -->
     <groupbox id="geoLocationGroup">
       <caption label="&geoLocation.label;"/>
 
--- a/suite/locales/en-US/chrome/common/dataman/dataman.properties
+++ b/suite/locales/en-US/chrome/common/dataman/dataman.properties
@@ -27,16 +27,17 @@ perm.offline-app.label=Offline Web Appli
 perm.object.label=Run Plugins
 perm.password.label=Save Passwords
 perm.plugins.label=Activate Plugins
 perm.popup.label=Open Popup Windows
 perm.script.label=Run Scripts
 perm.stylesheet.label=Load Stylesheets
 perm.sts/use.label=Use Strict Transport Security
 perm.sts/subd.label=Apply Strict Transport Security to subdomains
+perm.trackingprotection.label=Tracking Activity
 
 perm.type.default=Select a type
 
 # passwords
 pwd.hidePasswords=Hide Passwords
 pwd.hidePasswords.accesskey=P
 pwd.showPasswords=Show Passwords
 pwd.showPasswords.accesskey=P
--- a/suite/locales/en-US/chrome/common/notification.properties
+++ b/suite/locales/en-US/chrome/common/notification.properties
@@ -175,18 +175,20 @@ lockPromptInfoButton.accesskey=L
 # %S will be replaced with the application name.
 updatePrompt.text=Your copy of %S is old and probably has known security flaws, but you have disabled automated update checks. Please update to a newer version.
 updatePromptCheckButton.label=Check for Updates
 updatePromptCheckButton.accesskey=C
 
 SecurityTitle=Security Warning
 MixedContentMessage=You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party.
 MixedActiveContentMessage=You have requested an encrypted page that contains insecure information. Information that you see or enter on this page could easily be read by a third party.
+TrackingContentMessage=Parts of this page may be tracking your online activity.
 MixedDisplayContentMessage=You have requested a page that is only partially encrypted and does not prevent eavesdropping.
 BlockedActiveContentMessage=Insecure information on this page was blocked.
+BlockedTrackingContentMessage=Parts of the page that track your online activity were blocked.
 BlockedDisplayContentMessage=Unencrypted information on this page was blocked.
 EnterInsecureMessage=You have left an encrypted page. Information you send or receive from now on could easily be read by a third party.
 EnterSecureMessage=You have requested an encrypted page. The website has identified itself correctly, and information you see or enter on this page can't easily be read by a third party.
 SecurityKeepBlocking.label=Keep Blocking
 SecurityKeepBlocking.accesskey=K
 SecurityUnblock.label=Unblock
 SecurityUnblock.accesskey=U
 SecurityPreferences.label=Preferences
--- a/suite/locales/en-US/chrome/common/pref/pref-security.dtd
+++ b/suite/locales/en-US/chrome/common/pref/pref-security.dtd
@@ -7,16 +7,18 @@
 
 <!ENTITY tracking.label                   "User Tracking">
 <!ENTITY trackingIntro.label              "Websites may track how you use them, thus affecting your privacy.">
 
 <!ENTITY doNotTrack.label                 "Tell websites that I do not want to be tracked">
 <!ENTITY doNotTrack.accesskey             "T">
 <!ENTITY trackProtect.label               "Prevent tracking activities by known sites">
 <!ENTITY trackProtect.accesskey           "n">
+<!ENTITY warnTrackContent.label           "Warn me when known tracking activities were detected">
+<!ENTITY warnTrackContent.accesskey       "W">
 
 <!ENTITY geoLocation.label                "Location Aware Browsing">
 <!ENTITY geoIntro.label                   "Websites may request more information about your current location.">
 
 <!ENTITY geoEnabled.label                 "Prompt me for permission if a request is made">
 <!ENTITY geoEnabled.accesskey             "m">
 <!ENTITY geoDisabled.label                "Disable this feature and deny all requests">
 <!ENTITY geoDisabled.accesskey            "D">