Backed out changeset 05e25df4db43 (bug 1450784) for failing bc at browser/base/content/test/static/browser_misused_characters_in_strings.js on a CLOSED TREE
authorAndreea Pavel <apavel@mozilla.com>
Tue, 04 Dec 2018 22:28:23 +0200
changeset 508613 3285b6018d3aa3d02e8a1f4b359e3aaeab58d8d2
parent 508612 5d2f9b45ad97f636627f1618519c26362aa080df
child 508614 62f498382b14816950a6568513354ecbabe05245
push id1905
push userffxbld-merge
push dateMon, 21 Jan 2019 12:33:13 +0000
treeherdermozilla-release@c2fca1944d8c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1450784
milestone65.0a1
backs out05e25df4db432b6f877658287774d52adf758c43
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset 05e25df4db43 (bug 1450784) for failing bc at browser/base/content/test/static/browser_misused_characters_in_strings.js on a CLOSED TREE
browser/actors/NetErrorChild.jsm
browser/app/profile/firefox.js
browser/base/content/aboutNetError-new.xhtml
browser/base/content/aboutNetError.js
browser/base/content/test/static/browser_misused_characters_in_strings.js
browser/locales/en-US/chrome/overrides/netError.dtd
browser/themes/shared/aboutNetError-new.css
security/manager/locales/en-US/chrome/pipnss/pipnss.properties
--- a/browser/actors/NetErrorChild.jsm
+++ b/browser/actors/NetErrorChild.jsm
@@ -21,18 +21,16 @@ XPCOMUtils.defineLazyGlobalGetters(this,
 XPCOMUtils.defineLazyGetter(this, "gPipNSSBundle", function() {
   return Services.strings.createBundle("chrome://pipnss/locale/pipnss.properties");
 });
 XPCOMUtils.defineLazyGetter(this, "gBrandBundle", function() {
   return Services.strings.createBundle("chrome://branding/locale/brand.properties");
 });
 XPCOMUtils.defineLazyPreferenceGetter(this, "newErrorPagesEnabled",
   "browser.security.newcerterrorpage.enabled");
-XPCOMUtils.defineLazyPreferenceGetter(this, "mitmErrorPageEnabled",
-  "browser.security.newcerterrorpage.mitm.enabled");
 XPCOMUtils.defineLazyGetter(this, "gNSSErrorsBundle", function() {
   return Services.strings.createBundle("chrome://pipnss/locale/nsserrors.properties");
 });
 
 
 const SEC_ERROR_BASE          = Ci.nsINSSErrorsService.NSS_SEC_ERROR_BASE;
 const MOZILLA_PKIX_ERROR_BASE = Ci.nsINSSErrorsService.MOZILLA_PKIX_ERROR_BASE;
 
@@ -121,28 +119,18 @@ class NetErrorChild extends ActorChild {
     }
 
     let msg1 = gPipNSSBundle.formatStringFromName("certErrorIntro",
                                                   [hostString], 1);
     msg1 += "\n\n";
 
     if (input.data.certIsUntrusted) {
       switch (input.data.code) {
+        // We only want to measure MitM rates for now. Treat it as unkown issuer.
         case MOZILLA_PKIX_ERROR_MITM_DETECTED:
-          if (newErrorPagesEnabled && mitmErrorPageEnabled) {
-            let brandName = gBrandBundle.GetStringFromName("brandShortName");
-            msg1 = gPipNSSBundle.GetStringFromName("certErrorMitM");
-            msg1 += "\n\n";
-            msg1 += gPipNSSBundle.formatStringFromName("certErrorMitM2", [brandName], 1);
-            msg1 += "\n\n";
-            msg1 += gPipNSSBundle.formatStringFromName("certErrorMitM3", [brandName], 1);
-            msg1 += "\n";
-            break;
-          }
-          // If the condition is false, fall through...
         case SEC_ERROR_UNKNOWN_ISSUER:
           let brandName = gBrandBundle.GetStringFromName("brandShortName");
           if (newErrorPagesEnabled) {
             msg1 = "";
             msg1 += gPipNSSBundle.formatStringFromName("certErrorTrust_UnknownIssuer4", [hostString], 1);
             msg1 += "\n\n";
             msg1 += gPipNSSBundle.formatStringFromName("certErrorTrust_UnknownIssuer6", [brandName, hostString], 2);
             msg1 += "\n\n";
@@ -417,49 +405,16 @@ class NetErrorChild extends ActorChild {
           gPipNSSBundle.GetStringFromName("certErrorSymantecDistrustAdministrator");
         descriptionContainer.append(adminDescription);
 
         learnMoreLink.href = baseURL + "symantec-warning";
 
         updateContainerPosition();
         break;
       case MOZILLA_PKIX_ERROR_MITM_DETECTED:
-        if (newErrorPagesEnabled && mitmErrorPageEnabled) {
-          // We don't actually know what the MitM is called (since we don't
-          // maintain a list), so we'll try and display the common name of the
-          // root issuer to the user. In the worst case they are as clueless as
-          // before, in the best case this gives them an actionable hint.
-          // This may be revised in the future.
-          let {securityInfo} = docShell.failedChannel;
-          securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
-          let mitmName = null;
-          for (let cert of securityInfo.failedCertChain.getEnumerator()) {
-            mitmName = cert.issuerCommonName;
-          }
-          for (let span of doc.querySelectorAll(".mitm-name")) {
-            span.textContent = mitmName;
-          }
-
-          learnMoreLink.href = baseURL + "security-error";
-
-          let title = doc.getElementById("et_mitm");
-          let desc = doc.getElementById("ed_mitm");
-          doc.querySelector(".title-text").textContent = title.textContent;
-          // eslint-disable-next-line no-unsanitized/property
-          doc.getElementById("errorShortDescText").innerHTML = desc.innerHTML;
-
-          // eslint-disable-next-line no-unsanitized/property
-          es.innerHTML = errWhatToDo.innerHTML;
-          // eslint-disable-next-line no-unsanitized/property
-          est.innerHTML = errWhatToDoTitle.innerHTML;
-
-          updateContainerPosition();
-          break;
-        }
-        // If the condition is false, fall through...
       case MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT:
         learnMoreLink.href = baseURL + "security-error";
         break;
 
       // In case the certificate expired we make sure the system clock
       // matches the remote-settings service (blocklist via Kinto) ping time
       // and is not before the build date.
       case SEC_ERROR_EXPIRED_CERTIFICATE:
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -951,20 +951,18 @@ pref("app.feedback.baseURL", "https://in
 pref("app.productInfo.baseURL", "https://www.mozilla.org/firefox/features/");
 
 // Name of alternate about: page for certificate errors (when undefined, defaults to about:neterror)
 pref("security.alternate_certificate_error_page", "certerror");
 
 // Enable the new certificate error pages.
 #ifdef EARLY_BETA_OR_EARLIER
 pref("browser.security.newcerterrorpage.enabled", true);
-pref("browser.security.newcerterrorpage.mitm.enabled", true);
 #else
 pref("browser.security.newcerterrorpage.enabled", false);
-pref("browser.security.newcerterrorpage.mitm.enabled", false);
 #endif
 
 pref("security.certerrors.recordEventTelemetry", true);
 
 // Whether to start the private browsing mode at application startup
 pref("browser.privatebrowsing.autostart", false);
 
 // Whether the bookmark panel should be shown when bookmarking a page.
--- a/browser/base/content/aboutNetError-new.xhtml
+++ b/browser/base/content/aboutNetError-new.xhtml
@@ -63,17 +63,16 @@
         <h1 id="et_nssBadCert">&certerror.longpagetitle2;</h1>
         <h1 id="et_nssBadCert_sts">&certerror.sts.longpagetitle;</h1>
         <h1 id="et_cspBlocked">&cspBlocked.title;</h1>
         <h1 id="et_remoteXUL">&remoteXUL.title;</h1>
         <h1 id="et_corruptedContentErrorv2">&corruptedContentErrorv2.title;</h1>
         <h1 id="et_sslv3Used">&sslv3Used.title;</h1>
         <h1 id="et_inadequateSecurityError">&inadequateSecurityError.title;</h1>
         <h1 id="et_blockedByPolicy">&blockedByPolicy.title;</h1>
-        <h1 id="et_mitm">&certerror.mitm.title;</h1>
         <h1 id="et_clockSkewError">&clockSkewError.title;</h1>
         <h1 id="et_networkProtocolError">&networkProtocolError.title;</h1>
       </div>
       <div id="errorDescriptionsContainer">
         <div id="ed_generic">&generic.longDesc;</div>
         <div id="ed_captivePortal">&captivePortal.longDesc2;</div>
         <div id="ed_dnsNotFound">&dnsNotFound.longDesc1;</div>
         <div id="ed_fileNotFound">&fileNotFound.longDesc;</div>
@@ -92,17 +91,16 @@
         <div id="ed_proxyResolveFailure">&proxyResolveFailure.longDesc;</div>
         <div id="ed_proxyConnectFailure">&proxyConnectFailure.longDesc;</div>
         <div id="ed_contentEncodingError">&contentEncodingError.longDesc;</div>
         <div id="ed_unsafeContentType">&unsafeContentType.longDesc;</div>
         <div id="ed_nssFailure2">&nssFailure2.longDesc2;</div>
         <div id="ed_nssBadCert">&certerror.introPara2;</div>
         <div id="ed_nssBadCert_sts">&certerror.sts.introPara;</div>
         <div id="ed_nssBadCert_SEC_ERROR_EXPIRED_CERTIFICATE">&certerror.expiredCert.introPara;</div>
-        <div id="ed_mitm">&certerror.mitm.longDesc;</div>
         <div id="ed_cspBlocked">&cspBlocked.longDesc;</div>
         <div id="ed_remoteXUL">&remoteXUL.longDesc;</div>
         <div id="ed_corruptedContentErrorv2">&corruptedContentErrorv2.longDesc;</div>
         <div id="ed_sslv3Used">&sslv3Used.longDesc2;</div>
         <div id="ed_inadequateSecurityError">&inadequateSecurityError.longDesc;</div>
         <div id="ed_blockedByPolicy"></div>
         <div id="ed_clockSkewError">&clockSkewError.longDesc;</div>
         <div id="ed_networkProtocolError">&networkProtocolError.longDesc;</div>
@@ -116,29 +114,21 @@
       </div>
       <div id="whatCanYouDoAboutItContainer">
         <div id="es_nssBadCert_SEC_ERROR_UNKNOWN_ISSUER">&certerror.unknownIssuer.whatCanYouDoAboutIt;</div>
         <div id="es_nssBadCert_SEC_ERROR_EXPIRED_CERTIFICATE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
         <div id="es_nssBadCert_SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
         <div id="es_nssBadCert_MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
         <div id="es_nssBadCert_MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
         <div id="es_nssBadCert_SSL_ERROR_BAD_CERT_DOMAIN">&certerror.badCertDomain.whatCanYouDoAboutIt;</div>
-        <div id="es_nssBadCert_MOZILLA_PKIX_ERROR_MITM_DETECTED">
-          <ul>
-            <li>&certerror.mitm.whatCanYouDoAboutIt1;</li>
-            <li>&certerror.mitm.whatCanYouDoAboutIt2;</li>
-            <li id="mitmWhatCanYouDoAboutIt3">&certerror.mitm.whatCanYouDoAboutIt3;</li>
-          </ul>
-        </div>
       </div>
       <!-- Stores an alternative text for when we don't want to add "Recommended" to the
            return button. This is one of many l10n atrocities in this file and should be
            removed when we finally switch to Fluent. -->
       <span id="stsReturnButtonText">&returnToPreviousPage.label;</span>
-      <span id="stsMitmWhatCanYouDoAboutIt3">&certerror.mitm.sts.whatCanYouDoAboutIt3;</span>
     </div>
 
     <!-- PAGE CONTAINER (for styling purposes only) -->
     <div id="errorPageContainer" class="container">
       <div id="text-container">
         <!-- Error Title -->
         <div class="title">
           <h1 class="title-text"/>
--- a/browser/base/content/aboutNetError.js
+++ b/browser/base/content/aboutNetError.js
@@ -129,21 +129,16 @@ function disallowCertOverridesIfNeeded()
   }
   if (cssClass == "badStsCert") {
     document.getElementById("badStsCertExplanation").removeAttribute("hidden");
 
     if (gNewErrorPagesEnabled) {
       let stsReturnButtonText = document.getElementById("stsReturnButtonText").textContent;
       document.getElementById("returnButton").textContent = stsReturnButtonText;
       document.getElementById("advancedPanelReturnButton").textContent = stsReturnButtonText;
-
-      let stsMitmWhatCanYouDoAboutIt3 =
-        document.getElementById("stsMitmWhatCanYouDoAboutIt3").innerHTML;
-      // eslint-disable-next-line no-unsanitized/property
-      document.getElementById("mitmWhatCanYouDoAboutIt3").innerHTML = stsMitmWhatCanYouDoAboutIt3;
     }
   }
 }
 
 function initPage() {
   var err = getErrorCode();
   // List of error pages with an illustration.
   let illustratedErrors = [
--- a/browser/base/content/test/static/browser_misused_characters_in_strings.js
+++ b/browser/base/content/test/static/browser_misused_characters_in_strings.js
@@ -44,24 +44,16 @@ let gWhitelist = [{
     file: "netError.dtd",
     key: "certerror.wrongSystemTimeWithoutReference",
     type: "single-quote",
   }, {
     file: "netError.dtd",
     key: "clockSkewError.longDesc",
     type: "single-quote",
   }, {
-    file: "netError.dtd",
-    key: "certerror.mitm.longDesc",
-    type: "single-quote",
-  }, {
-    file: "netError.dtd",
-    key: "certerror.mitm.whatCanYouDoAboutIt3",
-    type: "single-quote",
-  }, {
     file: "phishing-afterload-warning-message.dtd",
     key: "safeb.palm.advisory.desc2",
     type: "single-quote",
   }, {
     file: "phishing-afterload-warning-message.dtd",
     key: "safeb.blocked.malwarePage.errorDesc.override",
     type: "single-quote",
   }, {
--- a/browser/locales/en-US/chrome/overrides/netError.dtd
+++ b/browser/locales/en-US/chrome/overrides/netError.dtd
@@ -229,23 +229,16 @@ certificate.">
 
 <!ENTITY inadequateSecurityError.title "Your connection is not secure">
 <!-- LOCALIZATION NOTE (inadequateSecurityError.longDesc) - Do not translate
      "NS_ERROR_NET_INADEQUATE_SECURITY". -->
 <!ENTITY inadequateSecurityError.longDesc "<p><span class='hostname'></span> uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe. The website administrator will need to fix the server first before you can visit the site.</p><p>Error code: NS_ERROR_NET_INADEQUATE_SECURITY</p>">
 
 <!ENTITY blockedByPolicy.title "Blocked Page">
 
-<!ENTITY certerror.mitm.title "Software is Preventing &brandShortName; From Safely Connecting to This Site">
-<!ENTITY certerror.mitm.longDesc "<span class='hostname'></span> is most likely a safe site, but a secure connection could not be established. This issue is caused by <span class='mitm-name'/>, which is either software on your computer or your network.">
-<!ENTITY certerror.mitm.whatCanYouDoAboutIt1 "If your antivirus software includes a feature that scans encrypted connections (often called “web scanning” or “https scanning”), you can disable that feature. If that doesn’t work, you can remove and reinstall the antivirus software.">
-<!ENTITY certerror.mitm.whatCanYouDoAboutIt2 "If you are on a corporate network, you can contact your IT department.">
-<!ENTITY certerror.mitm.whatCanYouDoAboutIt3 "If you are not familiar with <span class='mitm-name'/>, then this could be an attack and you should not continue to the site.">
-<!ENTITY certerror.mitm.sts.whatCanYouDoAboutIt3 "If you are not familiar with <span class='mitm-name'/>, then this could be an attack, and there is nothing you can do to access the site.">
-
 <!ENTITY clockSkewError.title "Your Computer Clock is Wrong">
 <!ENTITY clockSkewError.longDesc "Your computer thinks it is <span id='wrongSystemTime_systemDate1'/>, which prevents &brandShortName; from connecting securely. To visit <span class='hostname'></span>, update your computer clock in your system settings to the current date, time, and time zone, and then refresh <span class='hostname'></span>.">
 
 <!ENTITY prefReset.longDesc "It looks like your network security settings might be causing this. Do you want the default settings to be restored?">
 <!ENTITY prefReset.label "Restore default settings">
 
 <!ENTITY networkProtocolError.title "Network Protocol Error">
 <!ENTITY networkProtocolError.longDesc "<p>The page you are trying to view cannot be shown because an error in the network protocol was detected.</p><ul><li>Please contact the website owners to inform them of this problem.</li></ul>">
--- a/browser/themes/shared/aboutNetError-new.css
+++ b/browser/themes/shared/aboutNetError-new.css
@@ -140,18 +140,17 @@ body:not(:-moz-any(.clockSkewError,.badS
   flex-direction: row;
   flex-wrap: wrap;
   justify-content: space-between;
   align-content: space-between;
   align-items: flex-start;
   margin-top: 1em;
 }
 
-.mitm-name,
-#hostname {
+span#hostname {
   font-weight: bold;
 }
 
 #automaticallyReportInFuture {
   cursor: pointer;
 }
 
 #errorCode:not([href]) {
--- a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
+++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
@@ -286,22 +286,16 @@ certErrorMismatchMultiple3=Websites prov
 # LOCALIZATION NOTE (certErrorExpiredNow): Do not translate %1$S (date+time of expired certificate) or %2$S (current date+time)
 certErrorExpiredNow=The certificate expired on %1$S. The current time is %2$S.
 certErrorExpiredNow2=Websites prove their identity via certificates, which are valid for a set time period. The certificate for %S appears to be expired.
 
 # LOCALIZATION NOTE (certErrorNotYetValidNow): Do not translate %1$S (date+time certificate will become valid) or %2$S (current date+time)
 certErrorNotYetValidNow=The certificate will not be valid until %1$S. The current time is %2$S.
 certErrorNotYetValidNow2=Websites prove their identity via certificates, which are valid for a set time period. The certificate for %S appears to be not yet valid.
 
-certErrorMitM=Websites prove their identity via certificates, which are issued by certificate authorities.
-# LOCALIZATION NOTE (certErrorMitM2): %S is brandShortName
-certErrorMitM2=%S is backed by the non-profit Mozilla, which administers a completely open certificate authority (CA) store. The CA store helps ensure that certificate authorities are following best practices for user security.
-# LOCALIZATION NOTE (certErrorMitM3): %S is brandShortName
-certErrorMitM3=%S uses the Mozilla CA store to verify that a connection is secure, rather than certificates supplied by the user’s operating system. So, if an antivirus program or a network is intercepting a connection with a security certificate issued by a CA that is not in the Mozilla CA store, the connection is considered unsafe.
-
 # LOCALIZATION NOTE (certErrorSymantecDistrustDescription1): %S will be replaced by the domain for which the certificate is valid.
 certErrorSymantecDistrustDescription1=Websites prove their identity via certificates, which are issued by certificate authorities. Most browsers no longer trust certificates issued by GeoTrust, RapidSSL, Symantec, Thawte, and VeriSign. %S uses a certificate from one of these authorities and so the website’s identity cannot be proven.
 certErrorSymantecDistrustAdministrator=You may notify the website’s administrator about this problem.
 
 # LOCALIZATION NOTE (certErrorCodePrefix3): %S is replaced by the error code.
 certErrorCodePrefix3=Error code: %S
 
 P12DefaultNickname=Imported Certificate