Bug 1492943 - Part 2 - Update copy for HSTS certificate errors. r=nhnt11
authorJohann Hofmann <jhofmann@mozilla.com>
Tue, 16 Oct 2018 18:50:37 +0000
changeset 441496 a552ab852b35f17b53441f1ce51f95a215f6329f
parent 441495 dc57e840695b4534ce98f817f3bf2a42c35fd6d4
child 441497 7afc10b1bea13050b90796bcea2c66493e799f96
push id34866
push usershindli@mozilla.com
push dateWed, 17 Oct 2018 00:54:47 +0000
treeherdermozilla-central@d4fe026dee75 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1492943 - Part 2 - Update copy for HSTS certificate errors. r=nhnt11 Copy changes as outlined in https://docs.google.com/document/d/18mKAiSSLRTVcjJ1C9rIMQRnQ7eMwqqXPPN0xIyW6DDI/edit?ts=5bbfbfbb# - New heading - Slightly updated description - Replace "More..." with "More Information" - Remove the "Recommended" label on the return button Differential Revision: https://phabricator.services.mozilla.com/D8831
--- a/browser/base/content/aboutNetError-new.xhtml
+++ b/browser/base/content/aboutNetError-new.xhtml
@@ -27,16 +27,17 @@
     <link rel="icon" id="favicon" href="chrome://global/skin/icons/warning.svg"/>
   <body dir="&locale.dir;">
     <!-- ERROR ITEM CONTAINER (removed during loading to avoid bug 39098) -->
     <div id="errorContainer">
       <div id="errorPageTitlesContainer">
         <span id="ept_nssBadCert">&certerror.pagetitle2;</span>
+        <span id="ept_nssBadCert_sts">&certerror.sts.pagetitle;</span>
         <span id="ept_captivePortal">&captivePortal.title;</span>
         <span id="ept_dnsNotFound">&dnsNotFound.pageTitle;</span>
         <span id="ept_malformedURI">&malformedURI.pageTitle;</span>
         <span id="ept_blockedByPolicy">&blockedByPolicy.title;</span>
       <div id="errorTitlesContainer">
         <h1 id="et_generic">&generic.title;</h1>
         <h1 id="et_captivePortal">&captivePortal.title;</h1>
@@ -55,16 +56,17 @@
         <h1 id="et_netInterrupt">&netInterrupt.title;</h1>
         <h1 id="et_deniedPortAccess">&deniedPortAccess.title;</h1>
         <h1 id="et_proxyResolveFailure">&proxyResolveFailure.title;</h1>
         <h1 id="et_proxyConnectFailure">&proxyConnectFailure.title;</h1>
         <h1 id="et_contentEncodingError">&contentEncodingError.title;</h1>
         <h1 id="et_unsafeContentType">&unsafeContentType.title;</h1>
         <h1 id="et_nssFailure2">&nssFailure2.title;</h1>
         <h1 id="et_nssBadCert">&certerror.longpagetitle2;</h1>
+        <h1 id="et_nssBadCert_sts">&certerror.sts.longpagetitle;</h1>
         <h1 id="et_cspBlocked">&cspBlocked.title;</h1>
         <h1 id="et_remoteXUL">&remoteXUL.title;</h1>
         <h1 id="et_corruptedContentErrorv2">&corruptedContentErrorv2.title;</h1>
         <h1 id="et_sslv3Used">&sslv3Used.title;</h1>
         <h1 id="et_inadequateSecurityError">&inadequateSecurityError.title;</h1>
         <h1 id="et_blockedByPolicy">&blockedByPolicy.title;</h1>
         <h1 id="et_clockSkewError">&clockSkewError.title;</h1>
@@ -86,16 +88,17 @@
         <div id="ed_netInterrupt">&netInterrupt.longDesc;</div>
         <div id="ed_deniedPortAccess">&deniedPortAccess.longDesc;</div>
         <div id="ed_proxyResolveFailure">&proxyResolveFailure.longDesc;</div>
         <div id="ed_proxyConnectFailure">&proxyConnectFailure.longDesc;</div>
         <div id="ed_contentEncodingError">&contentEncodingError.longDesc;</div>
         <div id="ed_unsafeContentType">&unsafeContentType.longDesc;</div>
         <div id="ed_nssFailure2">&nssFailure2.longDesc2;</div>
         <div id="ed_nssBadCert">&certerror.introPara2;</div>
+        <div id="ed_nssBadCert_sts">&certerror.sts.introPara;</div>
         <div id="ed_cspBlocked">&cspBlocked.longDesc;</div>
         <div id="ed_remoteXUL">&remoteXUL.longDesc;</div>
         <div id="ed_corruptedContentErrorv2">&corruptedContentErrorv2.longDesc;</div>
         <div id="ed_sslv3Used">&sslv3Used.longDesc2;</div>
         <div id="ed_inadequateSecurityError">&inadequateSecurityError.longDesc;</div>
         <div id="ed_blockedByPolicy"></div>
         <div id="ed_clockSkewError">&clockSkewError.longDesc;</div>
@@ -111,16 +114,20 @@
         <div id="es_nssBadCert_SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
         <div id="es_nssBadCert_SEC_ERROR_OCSP_FUTURE_RESPONSE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
         <div id="es_nssBadCert_SEC_ERROR_OCSP_OLD_RESPONSE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
         <div id="es_nssBadCert_MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
         <div id="es_nssBadCert_MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
         <div id="es_nssBadCert_SSL_ERROR_BAD_CERT_DOMAIN">&certerror.badCertDomain.whatCanYouDoAboutIt;</div>
         <div id="es_nssBadCert_SEC_ERROR_OCSP_INVALID_SIGNING_CERT">&certerror.badCertDomain.whatCanYouDoAboutIt;</div>
+      <!-- Stores an alternative text for when we don't want to add "Recommended" to the
+           return button. This is one of many l10n atrocities in this file and should be
+           removed when we finally switch to Fluent. -->
+      <span id="stsReturnButtonText">&returnToPreviousPage.label;</span>
     <!-- PAGE CONTAINER (for styling purposes only) -->
     <div id="errorPageContainer" class="container">
       <div id="text-container">
         <!-- Error Title -->
         <div class="title">
           <h1 class="title-text"/>
--- a/browser/base/content/aboutNetError.js
+++ b/browser/base/content/aboutNetError.js
@@ -123,16 +123,20 @@ function disallowCertOverridesIfNeeded()
   // Disallow overrides if this is a Strict-Transport-Security
   // host and the cert is bad (STS Spec section 7.3) or if the
   // certerror is in a frame (bug 633691).
   if (cssClass == "badStsCert" || window != top) {
     document.getElementById("exceptionDialogButton").setAttribute("hidden", "true");
   if (cssClass == "badStsCert") {
+    let stsReturnButtonText = document.getElementById("stsReturnButtonText").textContent;
+    document.getElementById("returnButton").textContent = stsReturnButtonText;
+    document.getElementById("advancedPanelReturnButton").textContent = stsReturnButtonText;
 function initPage() {
   var err = getErrorCode();
   // List of error pages with an illustration.
   let illustratedErrors = [
     "malformedURI", "dnsNotFound", "connectionFailure", "netInterrupt",
@@ -147,25 +151,35 @@ function initPage() {
   gIsCertError = (err == "nssBadCert");
   // Only worry about captive portals if this is a cert error.
   let showCaptivePortalUI = isCaptive() && gIsCertError;
   if (showCaptivePortalUI) {
     err = "captivePortal";
-  let pageTitle = document.getElementById("ept_" + err);
+  let l10nErrId = err;
+  let className = getCSSClass();
+  if (className) {
+    document.body.classList.add(className);
+  }
+  if (gIsCertError && className == "badStsCert") {
+    l10nErrId += "_sts";
+  }
+  let pageTitle = document.getElementById("ept_" + l10nErrId);
   if (pageTitle) {
     document.title = pageTitle.textContent;
   // if it's an unknown error or there's no title or description
   // defined, get the generic message
-  var errTitle = document.getElementById("et_" + err);
-  var errDesc  = document.getElementById("ed_" + err);
+  var errTitle = document.getElementById("et_" + l10nErrId);
+  var errDesc  = document.getElementById("ed_" + l10nErrId);
   if (!errTitle || !errDesc) {
     errTitle = document.getElementById("et_generic");
     errDesc  = document.getElementById("ed_generic");
   // eslint-disable-next-line no-unsanitized/property
   document.querySelector(".title-text").innerHTML = errTitle.innerHTML;
@@ -203,17 +217,16 @@ function initPage() {
     learnMoreLink.href = "https://support.mozilla.org/kb/how-resolve-sslv3-error-messages-firefox";
     document.body.className = "certerror";
   // remove undisplayed errors to avoid bug 39098
   var errContainer = document.getElementById("errorContainer");
-  var className = getCSSClass();
   if (className && className != "expertBadCert") {
     // Associate a CSS class with the root of the page, if one was passed in,
     // to allow custom styling.
     // Not "expertBadCert" though, don't want to deal with the favicon
     document.documentElement.className = className;
     // Also, if they specified a CSS class, they must supply their own
     // favicon.  In order to trigger the browser to repaint though, we
@@ -317,17 +330,17 @@ function initPageCaptivePortal() {
   // When the portal is freed, an event is generated by the frame script
   // that we can pick up and attempt to reload the original page.
   window.addEventListener("AboutNetErrorCaptivePortalFreed", () => {
 function initPageCertError() {
-  document.body.className = "certerror";
+  document.body.classList.add("certerror");
   for (let host of document.querySelectorAll(".hostname")) {
     host.textContent = document.location.hostname;
   document.getElementById("learnMoreContainer").style.display = "block";
--- a/browser/base/content/test/static/browser_misused_characters_in_strings.js
+++ b/browser/base/content/test/static/browser_misused_characters_in_strings.js
@@ -13,16 +13,20 @@ let gWhitelist = [{
     key: "certerror.introPara",
     type: "single-quote",
   }, {
     file: "netError.dtd",
     key: "certerror.introPara2",
     type: "single-quote",
   }, {
     file: "netError.dtd",
+    key: "certerror.sts.introPara",
+    type: "single-quote",
+  }, {
+    file: "netError.dtd",
     key: "certerror.expiredCert.whatCanYouDoAboutIt2",
     type: "single-quote",
   }, {
     file: "netError.dtd",
     key: "certerror.whatShouldIDo.badStsCertExplanation1",
     type: "single-quote",
   }, {
     file: "netError.dtd",
--- a/browser/locales/en-US/chrome/overrides/netError.dtd
+++ b/browser/locales/en-US/chrome/overrides/netError.dtd
@@ -145,21 +145,23 @@
   <li>The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.</li>
   <li>Please contact the website owners to inform them of this problem.</li>
 <!ENTITY certerror.longpagetitle1 "Your connection is not secure">
 <!ENTITY certerror.longpagetitle2 "Warning: Potential Security Risk Ahead">
+<!ENTITY certerror.sts.longpagetitle  "Did Not Connect: Potential Security Issue">
 <!-- Localization note (certerror.introPara, certerror.introPara2) - The text content of the span tag
 will be replaced at runtime with the name of the server to which the user
 was trying to connect. -->
 <!ENTITY certerror.introPara "The owner of <span class='hostname'/> has configured their website improperly.  To protect your information from being stolen, &brandShortName; has not connected to this website.">
 <!ENTITY certerror.introPara2 "&brandShortName; detected a potential security threat and did not continue to <span class='hostname'/>. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.">
+<!ENTITY certerror.sts.introPara "&brandShortName; detected a potential security threat and did not continue to <span class='hostname'/> because this website requires a secure connection.">
 <!ENTITY certerror.expiredCert.secondPara "This issue is most likely because your computer clock is set to the wrong time, which would prevent &brandShortName; from connecting securely.">
 <!ENTITY certerror.whatCanYouDoAboutItTitle "What can you do about it?">
 <!ENTITY certerror.unknownIssuer.whatCanYouDoAboutIt "
 <p>The issue is most likely with the website, and there is nothing you can do to resolve it.</p>
 <p>If you are on a corporate network or using anti-virus software, you can reach out to the support teams for assistance. You can also notify the website’s administrator about the problem.</p>
@@ -209,16 +211,17 @@ was trying to connect. -->
 <!-- LOCALIZATION NOTE (certerror.wrongSystemTime2,
                         certerror.wrongSystemTimeWithoutReference) - The <span id='..' />
      tags will be injected with actual values, please leave them unchanged. -->
 <!ENTITY certerror.wrongSystemTime2 "<p> &brandShortName; did not connect to <span id='wrongSystemTime_URL'/> because your computer’s clock appears to show the wrong time and this is preventing a secure connection.</p> <p>Your computer is set to <span id='wrongSystemTime_systemDate'/>, when it should be <span id='wrongSystemTime_actualDate'/>. To fix this problem, change your date and time settings to match the correct time.</p>">
 <!ENTITY certerror.wrongSystemTimeWithoutReference "<p>&brandShortName; did not connect to <span id='wrongSystemTimeWithoutReference_URL'/> because your computer’s clock appears to show the wrong time and this is preventing a secure connection.</p> <p>Your computer is set to <span id='wrongSystemTimeWithoutReference_systemDate'/>. To fix this problem, change your date and time settings to match the correct time.</p>">
 <!ENTITY certerror.pagetitle1  "Insecure Connection">
 <!ENTITY certerror.pagetitle2  "Warning: Potential Security Risk Ahead">
+<!ENTITY certerror.sts.pagetitle  "Did Not Connect: Potential Security Issue">
 <!ENTITY certerror.whatShouldIDo.badStsCertExplanation "This site uses HTTP
 Strict Transport Security (HSTS) to specify that &brandShortName; may only connect
 to it securely. As a result, it is not possible to add an exception for this
 <!ENTITY certerror.whatShouldIDo.badStsCertExplanation1 "<span class='hostname'></span> has a security policy called HTTP Strict Transport Security (HSTS), which means that &brandShortName; can only connect to it securely. You can’t add an exception to visit this site.">
 <!ENTITY certerror.copyToClipboard.label "Copy text to clipboard">
 <!ENTITY inadequateSecurityError.title "Your connection is not secure">
--- a/browser/themes/shared/aboutNetError-new.css
+++ b/browser/themes/shared/aboutNetError-new.css
@@ -93,25 +93,25 @@ body:not(.captiveportal) #openPortalLogi
 body:not(.clockSkewError) #errorTryAgain {
   display: none;
 body:not(.clockSkewError) #advancedPanelErrorTryAgain {
   display: none;
-body:not(.clockSkewError) #moreInformationButton {
+body:not(:-moz-any(.clockSkewError,.badStsCert)) #moreInformationButton {
   display: none;
 #openPortalLoginPageButton {
   margin-inline-start: 0;
-body:not(.neterror):not(.clockSkewError) #advancedButton {
+body:not(:-moz-any(.clockSkewError,.badStsCert,.neterror)) #advancedButton {
   display: block;
 #certificateErrorReporting {
   display: none;
   padding-bottom: 10px;