No bug - Modernize style and improve comments of InsecurePasswordUtils.jsm
authorMatthew Noorenberghe <mozilla@noorenberghe.ca>
Thu, 17 Mar 2016 22:24:33 -0700
changeset 289347 cbefc1f9f9f6417e922d361b7c4ece108aa052fc
parent 289346 24ff79c5fb013cd016219c91b86482d31f7e09de
child 289348 cdcccf027c37873120a30baff31e501df33f61f0
push id73798
push usercbook@mozilla.com
push dateFri, 18 Mar 2016 15:10:54 +0000
treeherdermozilla-inbound@5096e12520cd [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
milestone48.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
No bug - Modernize style and improve comments of InsecurePasswordUtils.jsm MozReview-Commit-ID: 6c2J4ncppPL
toolkit/components/passwordmgr/InsecurePasswordUtils.jsm
toolkit/components/passwordmgr/LoginManagerContent.jsm
--- a/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm
+++ b/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm
@@ -1,93 +1,80 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 this.EXPORTED_SYMBOLS = [ "InsecurePasswordUtils" ];
 
-const Ci = Components.interfaces;
-const Cu = Components.utils;
-const Cc = Components.classes;
+const { classes: Cc, interfaces: Ci, results: Cr, utils: Cu } = Components;
+const STRINGS_URI = "chrome://global/locale/security/security.properties";
 
 Cu.import("resource://gre/modules/Services.jsm");
 Cu.import("resource://gre/modules/XPCOMUtils.jsm");
 
 XPCOMUtils.defineLazyModuleGetter(this, "devtools",
                                   "resource://devtools/shared/Loader.jsm");
 XPCOMUtils.defineLazyModuleGetter(this, "LoginManagerContent",
                                   "resource://gre/modules/LoginManagerContent.jsm");
-
-Object.defineProperty(this, "WebConsoleUtils", {
-  get: function() {
-    return devtools.require("devtools/shared/webconsole/utils").Utils;
-  },
-  configurable: true,
-  enumerable: true
+XPCOMUtils.defineLazyGetter(this, "WebConsoleUtils", () => {
+  return this.devtools.require("devtools/shared/webconsole/utils").Utils;
 });
-
-const STRINGS_URI = "chrome://global/locale/security/security.properties";
-var l10n = new WebConsoleUtils.L10n(STRINGS_URI);
+XPCOMUtils.defineLazyGetter(this, "l10n", () => {
+  return new this.WebConsoleUtils.L10n(STRINGS_URI);
+});
 
 this.InsecurePasswordUtils = {
-
-  _sendWebConsoleMessage : function (messageTag, domDoc) {
-    /*
-     * All web console messages are warnings for now so I decided to set the
-     * flag here and save a bit of the flag creation in the callers.
-     * It's easy to expose this later if needed
-     */
-
-    let  windowId = WebConsoleUtils.getInnerWindowId(domDoc.defaultView);
+  _sendWebConsoleMessage(messageTag, domDoc) {
+    let windowId = WebConsoleUtils.getInnerWindowId(domDoc.defaultView);
     let category = "Insecure Password Field";
+    // All web console messages are warnings for now.
     let flag = Ci.nsIScriptError.warningFlag;
     let message = l10n.getStr(messageTag);
-    let consoleMsg = Cc["@mozilla.org/scripterror;1"]
-      .createInstance(Ci.nsIScriptError);
-
-    consoleMsg.initWithWindowID(
-      message, "", 0, 0, 0, flag, category, windowId);
+    let consoleMsg = Cc["@mozilla.org/scripterror;1"].createInstance(Ci.nsIScriptError);
+    consoleMsg.initWithWindowID(message, "", 0, 0, 0, flag, category, windowId);
 
     Services.console.logMessage(consoleMsg);
   },
 
-  /*
+  /**
    * Checks whether the passed nested document is insecure
    * or is inside an insecure parent document.
    *
    * We check the chain of frame ancestors all the way until the top document
    * because MITM attackers could replace https:// iframes if they are nested inside
    * http:// documents with their own content, thus creating a security risk
    * and potentially stealing user data. Under such scenario, a user might not
    * get a Mixed Content Blocker message, if the main document is served over HTTP
    * and framing an HTTPS page as it would under the reverse scenario (http
    * inside https).
    */
-  _checkForInsecureNestedDocuments : function(domDoc) {
+  _checkForInsecureNestedDocuments(domDoc) {
     if (domDoc.defaultView == domDoc.defaultView.parent) {
       // We are at the top, nothing to check here
       return false;
     }
     if (!LoginManagerContent.isDocumentSecure(domDoc)) {
       // We are insecure
       return true;
     }
     // I am secure, but check my parent
     return this._checkForInsecureNestedDocuments(domDoc.defaultView.parent.document);
   },
 
 
-  /*
+  /**
    * Checks if there are insecure password fields present on the form's document
    * i.e. passwords inside forms with http action, inside iframes with http src,
    * or on insecure web pages. If insecure password fields are present,
    * a log message is sent to the web console to warn developers.
+   *
+   * @param {FormLike} aForm A form-like object. @See {FormLikeFactory}
    */
-  checkForInsecurePasswords : function (aForm) {
-    var domDoc = aForm.ownerDocument;
+  checkForInsecurePasswords(aForm) {
+    let domDoc = aForm.ownerDocument;
     let topDocument = domDoc.defaultView.top.document;
     let isSafePage = LoginManagerContent.isDocumentSecure(topDocument);
 
     if (!isSafePage) {
       this._sendWebConsoleMessage("InsecurePasswordsPresentOnPage", domDoc);
     }
 
     // Check if we are on an iframe with insecure src, or inside another
--- a/toolkit/components/passwordmgr/LoginManagerContent.jsm
+++ b/toolkit/components/passwordmgr/LoginManagerContent.jsm
@@ -1301,16 +1301,19 @@ var FormLikeFactory = {
    * Create a FormLike object from a password or username field.
    *
    * If the field is in a <form>, construct the FormLike from the form.
    * Otherwise, create a FormLike with a rootElement (wrapper) according to
    * heuristics. Currently all <input> not in a <form> are one FormLike but this
    * shouldn't be relied upon as the heuristics may change to detect multiple
    * "forms" (e.g. registration and login) on one page with a <form>.
    *
+   * Note that two FormLikes created from the same field won't return the same FormLike object.
+   * Use the `rootElement` property on the FormLike as a key instead.
+   *
    * @param {HTMLInputElement} aField - a password or username field in a document
    * @return {FormLike}
    * @throws Error if aField isn't a password or username field in a document
    */
   createFromField(aField) {
     if (!(aField instanceof Ci.nsIDOMHTMLInputElement) ||
         (aField.type != "password" && !LoginHelper.isUsernameFieldType(aField)) ||
         !aField.ownerDocument) {