bug 832837 - move insecure form submission warning from nsSecureBrowserUIImpl to the HTML form implementation r=mrbkap r=phlsa
authorDavid Keeler <dkeeler@mozilla.com>
Thu, 15 Jan 2015 11:01:10 -0800
changeset 227575 03fed89b215df9aecdc112d933f703c4d794b91d
parent 227485 3cda3997f45dce9a751ab555751ef762b909fbdf
child 227576 52de461bce377bd8a247f9e8be750c0bcc8c353c
push id28235
push usercbook@mozilla.com
push dateThu, 05 Feb 2015 13:47:35 +0000
treeherdermozilla-central@58ce6051edf5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmrbkap, phlsa
bugs832837
milestone38.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 832837 - move insecure form submission warning from nsSecureBrowserUIImpl to the HTML form implementation r=mrbkap r=phlsa As a result, we can remove nsSecurityWarningDialogs completely, which this patch also does.
CLOBBER
dom/html/HTMLFormElement.cpp
dom/html/HTMLFormElement.h
security/manager/boot/public/moz.build
security/manager/boot/public/nsISecurityWarningDialogs.idl
security/manager/boot/src/moz.build
security/manager/boot/src/nsBOOTModule.cpp
security/manager/boot/src/nsSecureBrowserUIImpl.cpp
security/manager/boot/src/nsSecureBrowserUIImpl.h
security/manager/boot/src/nsSecurityWarningDialogs.cpp
security/manager/boot/src/nsSecurityWarningDialogs.h
security/manager/locales/en-US/chrome/pipnss/security.properties
security/manager/locales/jar.mn
toolkit/locales/en-US/chrome/global/browser.properties
--- a/CLOBBER
+++ b/CLOBBER
@@ -17,9 +17,9 @@
 #
 # Modifying this file will now automatically clobber the buildbot machines \o/
 #
 
 # Are you updating CLOBBER because you think it's needed for your WebIDL
 # changes to stick? As of bug 928195, this shouldn't be necessary! Please
 # don't change CLOBBER for WebIDL changes any more.
 
-Bug 870366 - Blacklisting PREF_JS_EXPORTS in Makefile.ins (because of 852814)
+bug 832837 removes nsISecurityWarningDialogs.idl, which requires a clobber according to bug 1114669
--- a/dom/html/HTMLFormElement.cpp
+++ b/dom/html/HTMLFormElement.cpp
@@ -15,41 +15,44 @@
 #include "mozilla/dom/HTMLFormElementBinding.h"
 #include "mozilla/Move.h"
 #include "nsIHTMLDocument.h"
 #include "nsGkAtoms.h"
 #include "nsStyleConsts.h"
 #include "nsPresContext.h"
 #include "nsIDocument.h"
 #include "nsIFormControlFrame.h"
-#include "nsISecureBrowserUI.h"
 #include "nsError.h"
 #include "nsContentUtils.h"
 #include "nsInterfaceHashtable.h"
 #include "nsContentList.h"
 #include "nsCOMArray.h"
 #include "nsAutoPtr.h"
 #include "nsTArray.h"
 #include "nsIMutableArray.h"
 #include "nsIFormAutofillContentService.h"
 #include "mozilla/BinarySearch.h"
 
 // form submission
+#include "mozilla/Telemetry.h"
 #include "nsIFormSubmitObserver.h"
 #include "nsIObserverService.h"
 #include "nsICategoryManager.h"
 #include "nsCategoryManagerUtils.h"
 #include "nsISimpleEnumerator.h"
 #include "nsRange.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsNetUtil.h"
 #include "nsIWebProgress.h"
 #include "nsIDocShell.h"
 #include "nsFormData.h"
 #include "nsFormSubmissionConstants.h"
+#include "nsIPromptService.h"
+#include "nsISecurityUITelemetry.h"
+#include "nsIStringBundle.h"
 
 // radio buttons
 #include "mozilla/dom/HTMLInputElement.h"
 #include "nsIRadioVisitor.h"
 #include "RadioNodeList.h"
 
 #include "nsLayoutUtils.h"
 
@@ -854,51 +857,138 @@ HTMLFormElement::SubmitSubmission(nsForm
   } else {
     ForgetCurrentSubmission();
   }
 
   return rv;
 }
 
 nsresult
+HTMLFormElement::DoSecureToInsecureSubmitCheck(nsIURI* aActionURL,
+                                               bool* aCancelSubmit)
+{
+  *aCancelSubmit = false;
+
+  // Only ask the user about posting from a secure URI to an insecure URI if
+  // this element is in the root document. When this is not the case, the mixed
+  // content blocker will take care of security for us.
+  nsIDocument* parent = OwnerDoc()->GetParentDocument();
+  bool isRootDocument = (!parent || nsContentUtils::IsChromeDoc(parent));
+  if (!isRootDocument) {
+    return NS_OK;
+  }
+
+  nsIPrincipal* principal = NodePrincipal();
+  if (!principal) {
+    *aCancelSubmit = true;
+    return NS_OK;
+  }
+  nsCOMPtr<nsIURI> principalURI;
+  nsresult rv = principal->GetURI(getter_AddRefs(principalURI));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!principalURI) {
+    principalURI = OwnerDoc()->GetDocumentURI();
+  }
+  bool formIsHTTPS;
+  rv = principalURI->SchemeIs("https", &formIsHTTPS);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  bool actionIsHTTPS;
+  rv = aActionURL->SchemeIs("https", &actionIsHTTPS);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  bool actionIsJS;
+  rv = aActionURL->SchemeIs("javascript", &actionIsJS);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (!formIsHTTPS || actionIsHTTPS || actionIsJS) {
+    return NS_OK;
+  }
+
+  nsCOMPtr<nsIPromptService> promptSvc =
+    do_GetService("@mozilla.org/embedcomp/prompt-service;1");
+  if (!promptSvc) {
+    return NS_ERROR_FAILURE;
+  }
+  nsCOMPtr<nsIStringBundle> stringBundle;
+  nsCOMPtr<nsIStringBundleService> stringBundleService =
+    mozilla::services::GetStringBundleService();
+  if (!stringBundleService) {
+    return NS_ERROR_FAILURE;
+  }
+  rv = stringBundleService->CreateBundle(
+    "chrome://global/locale/browser.properties",
+    getter_AddRefs(stringBundle));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  nsAutoString title;
+  nsAutoString message;
+  nsAutoString cont;
+  stringBundle->GetStringFromName(
+    MOZ_UTF16("formPostSecureToInsecureWarning.title"), getter_Copies(title));
+  stringBundle->GetStringFromName(
+    MOZ_UTF16("formPostSecureToInsecureWarning.message"),
+    getter_Copies(message));
+  stringBundle->GetStringFromName(
+    MOZ_UTF16("formPostSecureToInsecureWarning.continue"),
+    getter_Copies(cont));
+  int32_t buttonPressed;
+  bool checkState = false; // this is unused (ConfirmEx requires this parameter)
+  nsCOMPtr<nsPIDOMWindow> window = OwnerDoc()->GetWindow();
+  rv = promptSvc->ConfirmEx(window, title.get(), message.get(),
+                            (nsIPromptService::BUTTON_TITLE_IS_STRING *
+                             nsIPromptService::BUTTON_POS_0) +
+                            (nsIPromptService::BUTTON_TITLE_CANCEL *
+                             nsIPromptService::BUTTON_POS_1),
+                            cont.get(), nullptr, nullptr, nullptr,
+                            &checkState, &buttonPressed);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  *aCancelSubmit = (buttonPressed == 1);
+  uint32_t telemetryBucket =
+    nsISecurityUITelemetry::WARNING_CONFIRM_POST_TO_INSECURE_FROM_SECURE;
+  mozilla::Telemetry::Accumulate(mozilla::Telemetry::SECURITY_UI,
+                                 telemetryBucket);
+  if (!*aCancelSubmit) {
+    // The user opted to continue, so note that in the next telemetry bucket.
+    mozilla::Telemetry::Accumulate(mozilla::Telemetry::SECURITY_UI,
+                                   telemetryBucket + 1);
+  }
+  return NS_OK;
+}
+
+nsresult
 HTMLFormElement::NotifySubmitObservers(nsIURI* aActionURL,
                                        bool* aCancelSubmit,
                                        bool    aEarlyNotify)
 {
   // If this is the first form, bring alive the first form submit
   // category observers
   if (!gFirstFormSubmitted) {
     gFirstFormSubmitted = true;
     NS_CreateServicesFromCategory(NS_FIRST_FORMSUBMIT_CATEGORY,
                                   nullptr,
                                   NS_FIRST_FORMSUBMIT_CATEGORY);
   }
 
-  // XXXbz what do the submit observers actually want?  The window
-  // of the document this is shown in?  Or something else?
-  // sXBL/XBL2 issue
-  nsCOMPtr<nsPIDOMWindow> window = OwnerDoc()->GetWindow();
-
-  // Notify the secure browser UI, if any, that the form is being submitted.
-  nsCOMPtr<nsIDocShell> docshell = OwnerDoc()->GetDocShell();
-  if (docshell && !aEarlyNotify) {
-    nsCOMPtr<nsISecureBrowserUI> secureUI;
-    docshell->GetSecurityUI(getter_AddRefs(secureUI));
-    nsCOMPtr<nsIFormSubmitObserver> formSubmitObserver =
-      do_QueryInterface(secureUI);
-    if (formSubmitObserver) {
-      nsresult rv = formSubmitObserver->Notify(this,
-                                               window,
-                                               aActionURL,
-                                               aCancelSubmit);
-      NS_ENSURE_SUCCESS(rv, rv);
-
-      if (*aCancelSubmit) {
-        return NS_OK;
-      }
+  if (!aEarlyNotify) {
+    nsresult rv = DoSecureToInsecureSubmitCheck(aActionURL, aCancelSubmit);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    if (*aCancelSubmit) {
+      return NS_OK;
     }
   }
 
   // Notify observers that the form is being submitted.
   nsCOMPtr<nsIObserverService> service =
     mozilla::services::GetObserverService();
   if (!service)
     return NS_ERROR_FAILURE;
@@ -909,16 +999,21 @@ HTMLFormElement::NotifySubmitObservers(n
                                             NS_FORMSUBMIT_SUBJECT,
                                             getter_AddRefs(theEnum));
   NS_ENSURE_SUCCESS(rv, rv);
 
   if (theEnum) {
     nsCOMPtr<nsISupports> inst;
     *aCancelSubmit = false;
 
+    // XXXbz what do the submit observers actually want?  The window
+    // of the document this is shown in?  Or something else?
+    // sXBL/XBL2 issue
+    nsCOMPtr<nsPIDOMWindow> window = OwnerDoc()->GetWindow();
+
     bool loop = true;
     while (NS_SUCCEEDED(theEnum->HasMoreElements(&loop)) && loop) {
       theEnum->GetNext(getter_AddRefs(inst));
 
       nsCOMPtr<nsIFormSubmitObserver> formSubmitObserver(
                       do_QueryInterface(inst));
       if (formSubmitObserver) {
         rv = formSubmitObserver->Notify(this,
--- a/dom/html/HTMLFormElement.h
+++ b/dom/html/HTMLFormElement.h
@@ -491,16 +491,26 @@ protected:
    * @param aActionURL the URL being submitted to
    * @param aCancelSubmit out param where submit observers can specify that the
    *        submit should be cancelled.
    */
   nsresult NotifySubmitObservers(nsIURI* aActionURL, bool* aCancelSubmit,
                                  bool aEarlyNotify);
 
   /**
+   * If this form submission is secure -> insecure, ask the user if they want
+   * to continue.
+   *
+   * @param aActionURL the URL being submitted to
+   * @param aCancelSubmit out param: will be true if the user wants to cancel
+   */
+  nsresult DoSecureToInsecureSubmitCheck(nsIURI* aActionURL,
+                                         bool* aCancelSubmit);
+
+  /**
    * Find form controls in this form with the correct value in the name
    * attribute.
    */
   already_AddRefed<nsISupports> DoResolveName(const nsAString& aName, bool aFlushContent);
 
   /**
    * Get the full URL to submit to.  Do not submit if the returned URL is null.
    *
--- a/security/manager/boot/public/moz.build
+++ b/security/manager/boot/public/moz.build
@@ -3,14 +3,13 @@
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 XPIDL_SOURCES += [
     'nsIBufEntropyCollector.idl',
     'nsICertBlocklist.idl',
     'nsISecurityUITelemetry.idl',
-    'nsISecurityWarningDialogs.idl',
     'nsISSLStatusProvider.idl',
 ]
 
 XPIDL_MODULE = 'pipboot'
 
deleted file mode 100644
--- a/security/manager/boot/public/nsISecurityWarningDialogs.idl
+++ /dev/null
@@ -1,32 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsISupports.idl"
-
-interface nsIInterfaceRequestor;
-
-/**
- * Functions that display warnings for transitions between secure
- * and insecure pages, posts to insecure servers etc.
- */
-[scriptable, uuid(a9561631-5964-4d3f-b372-9f23504054b1)]
-interface nsISecurityWarningDialogs : nsISupports
-{
-  /**
-   *  Inform the user: Although the currently displayed
-   *  page was loaded using a secure connection, and the UI probably
-   *  currently indicates a secure page, 
-   *  that information is being submitted to an insecure page.
-   *
-   *  @param ctx A user interface context.
-   *
-   *  @return true if the user confirms to submit.
-   */
-  boolean confirmPostToInsecureFromSecure(in nsIInterfaceRequestor ctx);
-};
-
-%{C++
-#define NS_SECURITYWARNINGDIALOGS_CONTRACTID "@mozilla.org/nsSecurityWarningDialogs;1"
-%}
--- a/security/manager/boot/src/moz.build
+++ b/security/manager/boot/src/moz.build
@@ -10,17 +10,16 @@ EXPORTS.mozilla += [
 
 UNIFIED_SOURCES += [
     'CertBlocklist.cpp',
     'DataStorage.cpp',
     'nsBOOTModule.cpp',
     'nsEntropyCollector.cpp',
     'nsSecureBrowserUIImpl.cpp',
     'nsSecurityHeaderParser.cpp',
-    'nsSecurityWarningDialogs.cpp',
     'nsSiteSecurityService.cpp',
     'PublicKeyPinningService.cpp',
     'RootCertificateTelemetryUtils.cpp',
 ]
 
 LOCAL_INCLUDES += [
     '../../../pkix/include',
 ]
--- a/security/manager/boot/src/nsBOOTModule.cpp
+++ b/security/manager/boot/src/nsBOOTModule.cpp
@@ -3,43 +3,38 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "mozilla/ModuleUtils.h"
 
 #include "CertBlocklist.h"
 #include "nsEntropyCollector.h"
 #include "nsSecureBrowserUIImpl.h"
-#include "nsSecurityWarningDialogs.h"
 #include "nsSiteSecurityService.h"
 
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsEntropyCollector)
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl)
 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(CertBlocklist, Init)
-NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSecurityWarningDialogs, Init)
 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSiteSecurityService, Init)
 
 NS_DEFINE_NAMED_CID(NS_ENTROPYCOLLECTOR_CID);
-NS_DEFINE_NAMED_CID(NS_SECURITYWARNINGDIALOGS_CID);
 NS_DEFINE_NAMED_CID(NS_SECURE_BROWSER_UI_CID);
 NS_DEFINE_NAMED_CID(NS_SITE_SECURITY_SERVICE_CID);
 NS_DEFINE_NAMED_CID(NS_CERT_BLOCKLIST_CID);
 
 static const mozilla::Module::CIDEntry kBOOTCIDs[] = {
   { &kNS_ENTROPYCOLLECTOR_CID, false, nullptr, nsEntropyCollectorConstructor },
-  { &kNS_SECURITYWARNINGDIALOGS_CID, false, nullptr, nsSecurityWarningDialogsConstructor },
   { &kNS_SECURE_BROWSER_UI_CID, false, nullptr, nsSecureBrowserUIImplConstructor },
   { &kNS_SITE_SECURITY_SERVICE_CID, false, nullptr, nsSiteSecurityServiceConstructor },
   { &kNS_CERT_BLOCKLIST_CID, false, nullptr, CertBlocklistConstructor},
   { nullptr }
 };
 
 static const mozilla::Module::ContractIDEntry kBOOTContracts[] = {
   { NS_ENTROPYCOLLECTOR_CONTRACTID, &kNS_ENTROPYCOLLECTOR_CID },
-  { NS_SECURITYWARNINGDIALOGS_CONTRACTID, &kNS_SECURITYWARNINGDIALOGS_CID },
   { NS_SECURE_BROWSER_UI_CONTRACTID, &kNS_SECURE_BROWSER_UI_CID },
   { NS_SSSERVICE_CONTRACTID, &kNS_SITE_SECURITY_SERVICE_CID },
   { NS_CERTBLOCKLIST_CONTRACTID, &kNS_CERT_BLOCKLIST_CID },
   { nullptr }
 };
 
 static const mozilla::Module kBootModule = {
   mozilla::Module::kVersion,
--- a/security/manager/boot/src/nsSecureBrowserUIImpl.cpp
+++ b/security/manager/boot/src/nsSecureBrowserUIImpl.cpp
@@ -4,41 +4,34 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nspr.h"
 #include "prlog.h"
 
 #include "nsISecureBrowserUI.h"
 #include "nsSecureBrowserUIImpl.h"
 #include "nsCOMPtr.h"
-#include "nsIInterfaceRequestor.h"
-#include "nsIInterfaceRequestorUtils.h"
 #include "nsIServiceManager.h"
 #include "nsCURILoader.h"
 #include "nsIDocShell.h"
 #include "nsIDocShellTreeItem.h"
 #include "nsIDocument.h"
-#include "nsIPrincipal.h"
 #include "nsIDOMElement.h"
 #include "nsPIDOMWindow.h"
-#include "nsIContent.h"
 #include "nsIWebProgress.h"
 #include "nsIWebProgressListener.h"
 #include "nsIChannel.h"
 #include "nsIHttpChannel.h"
 #include "nsIFileChannel.h"
 #include "nsIWyciwygChannel.h"
 #include "nsIFTPChannel.h"
 #include "nsITransportSecurityInfo.h"
 #include "nsISSLStatus.h"
 #include "nsIURI.h"
 #include "nsISecurityEventSink.h"
-#include "nsIPrompt.h"
-#include "nsIFormSubmitObserver.h"
-#include "nsISecurityWarningDialogs.h"
 #include "nsISecurityInfoProvider.h"
 #include "imgIRequest.h"
 #include "nsThreadUtils.h"
 #include "nsNetUtil.h"
 #include "nsNetCID.h"
 #include "nsCRT.h"
 
 using namespace mozilla;
@@ -136,17 +129,16 @@ nsSecureBrowserUIImpl::~nsSecureBrowserU
   if (mTransferringRequests.IsInitialized()) {
     PL_DHashTableFinish(&mTransferringRequests);
   }
 }
 
 NS_IMPL_ISUPPORTS(nsSecureBrowserUIImpl,
                   nsISecureBrowserUI,
                   nsIWebProgressListener,
-                  nsIFormSubmitObserver,
                   nsISupportsWeakReference,
                   nsISSLStatusProvider)
 
 NS_IMETHODIMP
 nsSecureBrowserUIImpl::Init(nsIDOMWindow *aWindow)
 {
 
 #ifdef PR_LOGGING
@@ -306,35 +298,16 @@ nsSecureBrowserUIImpl::MapInternalToExte
 NS_IMETHODIMP
 nsSecureBrowserUIImpl::SetDocShell(nsIDocShell *aDocShell)
 {
   nsresult rv;
   mDocShell = do_GetWeakReference(aDocShell, &rv);
   return rv;
 }
 
-static nsresult IsChildOfDomWindow(nsIDOMWindow *parent, nsIDOMWindow *child,
-                                   bool* value)
-{
-  *value = false;
-  
-  if (parent == child) {
-    *value = true;
-    return NS_OK;
-  }
-  
-  nsCOMPtr<nsIDOMWindow> childsParent;
-  child->GetParent(getter_AddRefs(childsParent));
-  
-  if (childsParent && childsParent.get() != child)
-    IsChildOfDomWindow(parent, childsParent, value);
-  
-  return NS_OK;
-}
-
 static uint32_t GetSecurityStateFromSecurityInfoAndRequest(nsISupports* info,
                                                            nsIRequest* request)
 {
   nsresult res;
   uint32_t securityState;
 
   nsCOMPtr<nsITransportSecurityInfo> psmInfo(do_QueryInterface(info));
   if (!psmInfo) {
@@ -378,82 +351,16 @@ static uint32_t GetSecurityStateFromSecu
   }
 
   PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI: GetSecurityState: - Returning %d\n", 
                                        securityState));
   return securityState;
 }
 
 
-NS_IMETHODIMP
-nsSecureBrowserUIImpl::Notify(nsIDOMHTMLFormElement* aDOMForm,
-                              nsIDOMWindow* aWindow, nsIURI* actionURL,
-                              bool* cancelSubmit)
-{
-  // Return NS_OK unless we want to prevent this form from submitting.
-  *cancelSubmit = false;
-  if (!aWindow || !actionURL || !aDOMForm)
-    return NS_OK;
-  
-  nsCOMPtr<nsIContent> formNode = do_QueryInterface(aDOMForm);
-
-  nsCOMPtr<nsIDocument> document = formNode->GetComposedDoc();
-  if (!document) return NS_OK;
-
-  nsIPrincipal *principal = formNode->NodePrincipal();
-  
-  if (!principal)
-  {
-    *cancelSubmit = true;
-    return NS_OK;
-  }
-
-  nsCOMPtr<nsIURI> formURL;
-  if (NS_FAILED(principal->GetURI(getter_AddRefs(formURL))) ||
-      !formURL)
-  {
-    formURL = document->GetDocumentURI();
-  }
-
-  nsCOMPtr<nsIDOMWindow> postingWindow =
-    do_QueryInterface(document->GetWindow());
-  // We can't find this document's window, cancel it.
-  if (!postingWindow)
-  {
-    NS_WARNING("If you see this and can explain why it should be allowed, note in Bug 332324");
-    *cancelSubmit = true;
-    return NS_OK;
-  }
-
-  nsCOMPtr<nsIDOMWindow> window;
-  {
-    ReentrantMonitorAutoEnter lock(mReentrantMonitor);
-    window = do_QueryReferent(mWindow);
-
-    // The window was destroyed, so we assume no form was submitted within it.
-    if (!window)
-      return NS_OK;
-  }
-
-  bool isChild;
-  IsChildOfDomWindow(window, postingWindow, &isChild);
-  
-  // This notify call is not for our window, ignore it.
-  if (!isChild)
-    return NS_OK;
-  
-  bool okayToPost;
-  nsresult res = CheckPost(formURL, actionURL, &okayToPost);
-  
-  if (NS_SUCCEEDED(res) && !okayToPost)
-    *cancelSubmit = true;
-  
-  return res;
-}
-
 //  nsIWebProgressListener
 NS_IMETHODIMP 
 nsSecureBrowserUIImpl::OnProgressChange(nsIWebProgress* aWebProgress,
                                         nsIRequest* aRequest,
                                         int32_t aCurSelfProgress,
                                         int32_t aMaxSelfProgress,
                                         int32_t aCurTotalProgress,
                                         int32_t aMaxTotalProgress)
@@ -1503,170 +1410,8 @@ nsSecureBrowserUIImpl::GetSSLStatus(nsIS
       return NS_OK;
   }
  
   *_result = mSSLStatus;
   NS_IF_ADDREF(*_result);
 
   return NS_OK;
 }
-
-nsresult
-nsSecureBrowserUIImpl::IsURLHTTPS(nsIURI* aURL, bool* value)
-{
-  *value = false;
-
-  if (!aURL)
-    return NS_OK;
-
-  return aURL->SchemeIs("https", value);
-}
-
-nsresult
-nsSecureBrowserUIImpl::IsURLJavaScript(nsIURI* aURL, bool* value)
-{
-  *value = false;
-
-  if (!aURL)
-    return NS_OK;
-
-  return aURL->SchemeIs("javascript", value);
-}
-
-nsresult
-nsSecureBrowserUIImpl::CheckPost(nsIURI *formURL, nsIURI *actionURL, bool *okayToPost)
-{
-  bool formSecure, actionSecure, actionJavaScript;
-  *okayToPost = true;
-
-  nsresult rv = IsURLHTTPS(formURL, &formSecure);
-  if (NS_FAILED(rv))
-    return rv;
-
-  rv = IsURLHTTPS(actionURL, &actionSecure);
-  if (NS_FAILED(rv))
-    return rv;
-
-  rv = IsURLJavaScript(actionURL, &actionJavaScript);
-  if (NS_FAILED(rv))
-    return rv;
-
-  // If we are posting to a secure link, all is okay.
-  // It doesn't matter whether the currently viewed page is secure or not,
-  // because the data will be sent to a secure URL.
-  if (actionSecure) {
-    return NS_OK;
-  }
-
-  // Action is a JavaScript call, not an actual post. That's okay too.
-  if (actionJavaScript) {
-    return NS_OK;
-  }
-
-  // posting to insecure webpage from a secure webpage.
-  if (formSecure) {
-    *okayToPost = ConfirmPostToInsecureFromSecure();
-  }
-
-  return NS_OK;
-}
-
-//
-// Implementation of an nsIInterfaceRequestor for use
-// as context for NSS calls
-//
-class nsUIContext : public nsIInterfaceRequestor
-{
-public:
-  NS_DECL_ISUPPORTS
-  NS_DECL_NSIINTERFACEREQUESTOR
-
-  explicit nsUIContext(nsIDOMWindow *window);
-
-protected:
-  virtual ~nsUIContext();
-
-private:
-  nsCOMPtr<nsIDOMWindow> mWindow;
-};
-
-NS_IMPL_ISUPPORTS(nsUIContext, nsIInterfaceRequestor)
-
-nsUIContext::nsUIContext(nsIDOMWindow *aWindow)
-: mWindow(aWindow)
-{
-}
-
-nsUIContext::~nsUIContext()
-{
-}
-
-/* void getInterface (in nsIIDRef uuid, [iid_is (uuid), retval] out nsQIResult result); */
-NS_IMETHODIMP nsUIContext::GetInterface(const nsIID & uuid, void * *result)
-{
-  NS_ENSURE_TRUE(mWindow, NS_ERROR_FAILURE);
-  nsresult rv;
-
-  if (uuid.Equals(NS_GET_IID(nsIPrompt))) {
-    nsCOMPtr<nsIDOMWindow> window = do_QueryInterface(mWindow, &rv);
-    if (NS_FAILED(rv)) return rv;
-
-    nsIPrompt *prompt;
-
-    rv = window->GetPrompter(&prompt);
-    *result = prompt;
-  } else if (uuid.Equals(NS_GET_IID(nsIDOMWindow))) {
-    *result = mWindow;
-    NS_ADDREF ((nsISupports*) *result);
-    rv = NS_OK;
-  } else {
-    rv = NS_ERROR_NO_INTERFACE;
-  }
-
-  return rv;
-}
-
-bool
-nsSecureBrowserUIImpl::GetNSSDialogs(nsCOMPtr<nsISecurityWarningDialogs> & dialogs,
-                                     nsCOMPtr<nsIInterfaceRequestor> & ctx)
-{
-  if (!NS_IsMainThread()) {
-    NS_ERROR("nsSecureBrowserUIImpl::GetNSSDialogs called off the main thread");
-    return false;
-  }
-
-  dialogs = do_GetService(NS_SECURITYWARNINGDIALOGS_CONTRACTID);
-  if (!dialogs)
-    return false;
-
-  nsCOMPtr<nsIDOMWindow> window;
-  {
-    ReentrantMonitorAutoEnter lock(mReentrantMonitor);
-    window = do_QueryReferent(mWindow);
-    NS_ASSERTION(window, "Window has gone away?!");
-  }
-  ctx = new nsUIContext(window);
-  
-  return true;
-}
-
-/**
- * ConfirmPostToInsecureFromSecure - returns true if
- *   the user approves the submit (or doesn't care).
- *   returns false on errors.
- */
-bool nsSecureBrowserUIImpl::
-ConfirmPostToInsecureFromSecure()
-{
-  nsCOMPtr<nsISecurityWarningDialogs> dialogs;
-  nsCOMPtr<nsIInterfaceRequestor> ctx;
-
-  if (!GetNSSDialogs(dialogs, ctx)) {
-    return false; // Should this allow true for unimplemented?
-  }
-
-  bool result;
-
-  nsresult rv = dialogs->ConfirmPostToInsecureFromSecure(ctx, &result);
-  if (NS_FAILED(rv)) return false;
-
-  return result;
-}
--- a/security/manager/boot/src/nsSecureBrowserUIImpl.h
+++ b/security/manager/boot/src/nsSecureBrowserUIImpl.h
@@ -9,61 +9,49 @@
 #ifdef DEBUG
 #include "mozilla/Atomics.h"
 #endif
 #include "mozilla/ReentrantMonitor.h"
 #include "nsCOMPtr.h"
 #include "nsString.h"
 #include "nsIDOMElement.h"
 #include "nsIDOMWindow.h"
-#include "nsIDOMHTMLFormElement.h"
 #include "nsISecureBrowserUI.h"
 #include "nsIDocShell.h"
 #include "nsIDocShellTreeItem.h"
 #include "nsIWebProgressListener.h"
-#include "nsIFormSubmitObserver.h"
 #include "nsIURI.h"
 #include "nsISecurityEventSink.h"
 #include "nsWeakReference.h"
 #include "nsISSLStatusProvider.h"
 #include "nsIAssociatedContentSecurity.h"
 #include "pldhash.h"
 #include "nsINetUtil.h"
 
 class nsISSLStatus;
-class nsITransportSecurityInfo;
-class nsISecurityWarningDialogs;
 class nsIChannel;
-class nsIInterfaceRequestor;
 
 #define NS_SECURE_BROWSER_UI_CID \
 { 0xcc75499a, 0x1dd1, 0x11b2, {0x8a, 0x82, 0xca, 0x41, 0x0a, 0xc9, 0x07, 0xb8}}
 
 
 class nsSecureBrowserUIImpl : public nsISecureBrowserUI,
                               public nsIWebProgressListener,
-                              public nsIFormSubmitObserver,
                               public nsSupportsWeakReference,
                               public nsISSLStatusProvider
 {
 public:
   
   nsSecureBrowserUIImpl();
   
   NS_DECL_THREADSAFE_ISUPPORTS
   NS_DECL_NSIWEBPROGRESSLISTENER
   NS_DECL_NSISECUREBROWSERUI
-  
   NS_DECL_NSISSLSTATUSPROVIDER
 
-  NS_IMETHOD Notify(nsIDOMHTMLFormElement* formNode, nsIDOMWindow* window,
-                    nsIURI *actionURL, bool* cancelSubmit) MOZ_OVERRIDE;
-  NS_IMETHOD NotifyInvalidSubmit(nsIDOMHTMLFormElement* formNode,
-                                 nsIArray* invalidElements) MOZ_OVERRIDE { return NS_OK; }
-  
 protected:
   virtual ~nsSecureBrowserUIImpl();
 
   mozilla::ReentrantMonitor mReentrantMonitor;
   
   nsWeakPtr mWindow;
   nsWeakPtr mDocShell;
   nsCOMPtr<nsINetUtil> mIOService;
@@ -107,27 +95,13 @@ protected:
   void UpdateSubrequestMembers(nsISupports* securityInfo, nsIRequest* request);
 
   void ObtainEventSink(nsIChannel *channel, 
                        nsCOMPtr<nsISecurityEventSink> &sink);
 
   nsCOMPtr<nsISSLStatus> mSSLStatus;
   nsCOMPtr<nsISupports> mCurrentToplevelSecurityInfo;
 
-  nsresult CheckPost(nsIURI *formURI, nsIURI *actionURL, bool *okayToPost);
-  nsresult IsURLHTTPS(nsIURI* aURL, bool *value);
-  nsresult IsURLJavaScript(nsIURI* aURL, bool *value);
-
-  bool ConfirmEnteringSecure();
-  bool ConfirmEnteringWeak();
-  bool ConfirmLeavingSecure();
-  bool ConfirmMixedMode();
-  bool ConfirmPostToInsecure();
-  bool ConfirmPostToInsecureFromSecure();
-
-  bool GetNSSDialogs(nsCOMPtr<nsISecurityWarningDialogs> & dialogs,
-                     nsCOMPtr<nsIInterfaceRequestor> & window);
-
   PLDHashTable mTransferringRequests;
 };
 
 
 #endif /* nsSecureBrowserUIImpl_h_ */
deleted file mode 100644
--- a/security/manager/boot/src/nsSecurityWarningDialogs.cpp
+++ /dev/null
@@ -1,162 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsSecurityWarningDialogs.h"
-#include "nsIComponentManager.h"
-#include "nsIServiceManager.h"
-#include "nsReadableUtils.h"
-#include "nsString.h"
-#include "nsIPrompt.h"
-#include "nsIInterfaceRequestor.h"
-#include "nsIInterfaceRequestorUtils.h"
-#include "nsIPrefService.h"
-#include "nsIPrefBranch.h"
-#include "nsThreadUtils.h"
-
-#include "mozilla/Telemetry.h"
-#include "nsISecurityUITelemetry.h"
-
-NS_IMPL_ISUPPORTS(nsSecurityWarningDialogs, nsISecurityWarningDialogs)
-
-#define STRING_BUNDLE_URL    "chrome://pipnss/locale/security.properties"
-
-nsSecurityWarningDialogs::nsSecurityWarningDialogs()
-{
-}
-
-nsSecurityWarningDialogs::~nsSecurityWarningDialogs()
-{
-}
-
-nsresult
-nsSecurityWarningDialogs::Init()
-{
-  nsresult rv;
-
-  mPrefBranch = do_GetService(NS_PREFSERVICE_CONTRACTID, &rv);
-  if (NS_FAILED(rv)) return rv;
-
-  nsCOMPtr<nsIStringBundleService> service =
-           do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv);
-  if (NS_FAILED(rv)) return rv;
-  
-  rv = service->CreateBundle(STRING_BUNDLE_URL,
-                             getter_AddRefs(mStringBundle));
-  return rv;
-}
-
-NS_IMETHODIMP 
-nsSecurityWarningDialogs::ConfirmPostToInsecureFromSecure(nsIInterfaceRequestor *ctx, bool* _result)
-{
-  nsresult rv;
-
-  // The Telemetry clickthrough constant is 1 more than the constant for the dialog.
-  rv = ConfirmDialog(ctx, nullptr, // No preference for this one - it's too important
-                     MOZ_UTF16("PostToInsecureFromSecureMessage"),
-                     nullptr,
-                     nsISecurityUITelemetry::WARNING_CONFIRM_POST_TO_INSECURE_FROM_SECURE,
-                     _result);
-
-  return rv;
-}
-
-nsresult
-nsSecurityWarningDialogs::ConfirmDialog(nsIInterfaceRequestor *ctx, const char *prefName,
-                            const char16_t *messageName, 
-                            const char16_t *showAgainName, 
-                            const uint32_t aBucket,
-                            bool* _result)
-{
-  nsresult rv;
-
-  // Get user's preference for this alert
-  // prefName, showAgainName are null if there is no preference for this dialog
-  bool prefValue = true;
-  
-  if (prefName) {
-    rv = mPrefBranch->GetBoolPref(prefName, &prefValue);
-    if (NS_FAILED(rv)) prefValue = true;
-  }
-  
-  // Stop if confirm is not requested
-  if (!prefValue) {
-    *_result = true;
-    return NS_OK;
-  }
-  
-  MOZ_ASSERT(NS_IsMainThread());
-  mozilla::Telemetry::Accumulate(mozilla::Telemetry::SECURITY_UI, aBucket);
-  // See AlertDialog() for a description of how showOnce works.
-  nsAutoCString showOncePref(prefName);
-  showOncePref += ".show_once";
-
-  bool showOnce = false;
-  mPrefBranch->GetBoolPref(showOncePref.get(), &showOnce);
-
-  if (showOnce)
-    prefValue = false;
-
-  // Get Prompt to use
-  nsCOMPtr<nsIPrompt> prompt = do_GetInterface(ctx);
-  if (!prompt) return NS_ERROR_FAILURE;
-
-  // Get messages strings from localization file
-  nsXPIDLString windowTitle, message, alertMe, cont;
-
-  mStringBundle->GetStringFromName(MOZ_UTF16("Title"),
-                                   getter_Copies(windowTitle));
-  mStringBundle->GetStringFromName(messageName,
-                                   getter_Copies(message));
-  if (showAgainName) {
-    mStringBundle->GetStringFromName(showAgainName,
-                                     getter_Copies(alertMe));
-  }
-  mStringBundle->GetStringFromName(MOZ_UTF16("Continue"),
-                                   getter_Copies(cont));
-  // alertMe is allowed to be null
-  if (!windowTitle || !message || !cont) return NS_ERROR_FAILURE;
-      
-  // Replace # characters with newlines to lay out the dialog.
-  char16_t* msgchars = message.BeginWriting();
-  
-  uint32_t i = 0;
-  for (i = 0; msgchars[i] != '\0'; i++) {
-    if (msgchars[i] == '#') {
-      msgchars[i] = '\n';
-    }
-  }  
-
-  int32_t buttonPressed;
-
-  rv  = prompt->ConfirmEx(windowTitle, 
-                          message, 
-                          (nsIPrompt::BUTTON_TITLE_IS_STRING * nsIPrompt::BUTTON_POS_0) +
-                          (nsIPrompt::BUTTON_TITLE_CANCEL * nsIPrompt::BUTTON_POS_1),
-                          cont,
-                          nullptr,
-                          nullptr,
-                          alertMe, 
-                          &prefValue, 
-                          &buttonPressed);
-
-  if (NS_FAILED(rv)) return rv;
-
-  *_result = (buttonPressed != 1);
-  if (*_result) {
-  // For confirmation dialogs, the clickthrough constant is 1 more
-  // than the constant for the dialog.
-  mozilla::Telemetry::Accumulate(mozilla::Telemetry::SECURITY_UI, aBucket + 1);
-  }
-
-  if (!prefValue && prefName) {
-    mPrefBranch->SetBoolPref(prefName, false);
-  } else if (prefValue && showOnce) {
-    mPrefBranch->SetBoolPref(showOncePref.get(), false);
-  }
-
-  return rv;
-}
-
deleted file mode 100644
--- a/security/manager/boot/src/nsSecurityWarningDialogs.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef nsSecurityWarningDialogs_h
-#define nsSecurityWarningDialogs_h
-
-#include "nsISecurityWarningDialogs.h"
-#include "nsIPrefBranch.h"
-#include "nsIStringBundle.h"
-#include "nsCOMPtr.h"
-
-class nsSecurityWarningDialogs : public nsISecurityWarningDialogs
-{
-public:
-  NS_DECL_THREADSAFE_ISUPPORTS
-  NS_DECL_NSISECURITYWARNINGDIALOGS
-
-  nsSecurityWarningDialogs();
-
-  nsresult Init();
-
-protected:
-  virtual ~nsSecurityWarningDialogs();
-
-  nsresult AlertDialog(nsIInterfaceRequestor *ctx, const char *prefName,
-                   const char16_t *messageName,
-                   const char16_t *showAgainName,
-                   bool aAsync, const uint32_t aBucket);
-  nsresult ConfirmDialog(nsIInterfaceRequestor *ctx, const char *prefName,
-                   const char16_t *messageName, 
-                   const char16_t *showAgainName, const uint32_t aBucket,
-                   bool* _result);
-  nsCOMPtr<nsIStringBundle> mStringBundle;
-  nsCOMPtr<nsIPrefBranch> mPrefBranch;
-};
-
-#define NS_SECURITYWARNINGDIALOGS_CID \
- { /* 8d995d4f-adcc-4159-b7f1-e94af72eeb88 */       \
-  0x8d995d4f, 0xadcc, 0x4159,                       \
- {0xb7, 0xf1, 0xe9, 0x4a, 0xf7, 0x2e, 0xeb, 0x88} }
-
-#endif
deleted file mode 100644
--- a/security/manager/locales/en-US/chrome/pipnss/security.properties
+++ /dev/null
@@ -1,7 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-Title=Security Warning
-PostToInsecureFromSecureMessage=Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.##Are you sure you want to continue sending this information?##
-Continue=Continue
--- a/security/manager/locales/jar.mn
+++ b/security/manager/locales/jar.mn
@@ -4,13 +4,12 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 
 @AB_CD@.jar:
 % locale pipnss @AB_CD@ %locale/@AB_CD@/pipnss/
 % locale pippki @AB_CD@ %locale/@AB_CD@/pippki/
   locale/@AB_CD@/pipnss/pipnss.properties     (%chrome/pipnss/pipnss.properties)
   locale/@AB_CD@/pipnss/nsserrors.properties  (%chrome/pipnss/nsserrors.properties)
-  locale/@AB_CD@/pipnss/security.properties   (%chrome/pipnss/security.properties)
   locale/@AB_CD@/pippki/pippki.dtd            (%chrome/pippki/pippki.dtd)
   locale/@AB_CD@/pippki/pippki.properties     (%chrome/pippki/pippki.properties)
   locale/@AB_CD@/pippki/certManager.dtd       (%chrome/pippki/certManager.dtd)
   locale/@AB_CD@/pippki/deviceManager.dtd     (%chrome/pippki/deviceManager.dtd)
--- a/toolkit/locales/en-US/chrome/global/browser.properties
+++ b/toolkit/locales/en-US/chrome/global/browser.properties
@@ -3,8 +3,12 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 browsewithcaret.checkMsg=Do not show me this dialog box again.
 browsewithcaret.checkWindowTitle=Caret Browsing
 browsewithcaret.checkLabel=Pressing F7 turns Caret Browsing on or off. This feature places a moveable cursor in web pages, allowing you to select text with the keyboard. Do you want to turn Caret Browsing on?
 browsewithcaret.checkButtonLabel=Yes
 
 plainText.wordWrap=Wrap Long Lines
+
+formPostSecureToInsecureWarning.title = Security Warning
+formPostSecureToInsecureWarning.message = The information you have entered on this page will be sent over an insecure connection and could be read by a third party.\n\nAre you sure you want to send this information?
+formPostSecureToInsecureWarning.continue = Continue