Hyperlinked ssl error page not useful for wildcards. b=432491 r=gavin a=beltzner
authorjohnath@mozilla.com
Wed, 07 May 2008 13:39:53 -0700
changeset 15024 312d85c9d4b0716f6b6b3adcd3832672692f9edb
parent 15023 84a37eec08f39866e5de14f9cf844dc3edf1d5a6
child 15025 0293e25b9cb2139652ec5740941789a4b5c78ced
push id25
push userjorendorff@mozilla.com
push dateFri, 09 May 2008 18:10:52 +0000
treeherdermozilla-central@b7dd3823dbdd [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgavin, beltzner
bugs432491
milestone1.9pre
Hyperlinked ssl error page not useful for wildcards. b=432491 r=gavin a=beltzner
docshell/resources/content/netError.xhtml
--- a/docshell/resources/content/netError.xhtml
+++ b/docshell/resources/content/netError.xhtml
@@ -218,16 +218,21 @@
         var link = document.getElementById('cert_domain_link');
         if (!link)
           return;
         
         var okHost = link.getAttribute("title");
         var thisHost = document.location.hostname;
         var proto = document.location.protocol;
 
+        // If okHost is a wildcard domain ("*.example.com") let's
+        // use "www" instead.  "*.example.com" isn't going to
+        // get anyone anywhere useful. bug 432491
+        okHost = okHost.replace(/^\*\./, "www.");
+
         /* case #1: 
          * example.com uses an invalid security certificate.
          *
          * The certificate is only valid for www.example.com
          *
          * Make sure to include the "." ahead of thisHost so that
          * a MitM attack on paypal.com doesn't hyperlink to "notpaypal.com"
          *