Bug 1324184 - Enable "no-tabs", "no-template-curly-in-string" and "quotes" ESLint rules for PSM. r=keeler
authorCykesiopka <cykesiopka.bmo@gmail.com>
Wed, 21 Dec 2016 00:43:17 +0800
changeset 374169 62c0fad31e2cb2279136e10d44cf0f043e1e9596
parent 374168 8cfe0d2b6a60c8609476bde27059842542ee30a5
child 374170 f7f5da2f308afb4ac6f40046666bf8a4c9281f61
push id1419
push userjlund@mozilla.com
push dateMon, 10 Apr 2017 20:44:07 +0000
treeherdermozilla-release@5e6801b73ef6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1324184
milestone53.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1324184 - Enable "no-tabs", "no-template-curly-in-string" and "quotes" ESLint rules for PSM. r=keeler Also sorts the rule list alphabetically. MozReview-Commit-ID: 9LwgwfiViom
security/manager/.eslintrc.js
security/manager/pki/resources/content/certManager.js
security/manager/pki/resources/content/certViewer.js
security/manager/pki/resources/content/changepassword.js
security/manager/pki/resources/content/device_manager.js
security/manager/pki/resources/content/exceptionDialog.js
security/manager/pki/resources/content/pippki.js
security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html
security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html
security/manager/ssl/tests/unit/test_cert_blocklist.js
security/manager/ssl/tests/unit/test_cert_chains.js
security/manager/ssl/tests/unit/test_cert_signatures.js
security/manager/ssl/tests/unit/test_content_signing.js
security/manager/ssl/tests/unit/test_getchain.js
security/manager/ssl/tests/unit/test_hash_algorithms.js
security/manager/ssl/tests/unit/test_hmac.js
security/manager/ssl/tests/unit/test_ocsp_fetch_method.js
security/manager/ssl/tests/unit/test_ocsp_url.js
security/manager/ssl/tests/unit/test_pinning_dynamic.js
security/manager/ssl/tests/unit/test_pinning_header_parsing.js
security/manager/ssl/tests/unit/test_sss_eviction.js
security/manager/ssl/tests/unit/test_sss_savestate.js
security/manager/tools/genHPKPStaticPins.js
security/manager/tools/genRootCAHashes.js
security/manager/tools/getHSTSPreloadList.js
security/manager/tools/makeCNNICHashes.js
--- a/security/manager/.eslintrc.js
+++ b/security/manager/.eslintrc.js
@@ -79,31 +79,28 @@ module.exports = { // eslint-disable-lin
     "no-dupe-args": "error",
 
     // No duplicate keys in object declarations
     "no-dupe-keys": "error",
 
     // No duplicate cases in switch statements
     "no-duplicate-case": "error",
 
-    // Disallow use of eval().
-    "no-eval": "error",
-
-    // No labels
-    "no-labels": "error",
-
     // If an if block ends with a return no need for an else block
     "no-else-return": "error",
 
     // No empty character classes in regex
     "no-empty-character-class": "error",
 
     // Disallow empty destructuring
     "no-empty-pattern": "error",
 
+    // Disallow use of eval().
+    "no-eval": "error",
+
     // No assigning to exception variable
     "no-ex-assign": "error",
 
     // No using !! where casting to boolean is already happening
     "no-extra-boolean-cast": "error",
 
     // No double semicolon
     "no-extra-semi": "error",
@@ -115,16 +112,19 @@ module.exports = { // eslint-disable-lin
     "no-global-assign": "error",
 
     // No invalid regular expressions
     "no-invalid-regexp": "error",
 
     // No odd whitespace characters
     "no-irregular-whitespace": "error",
 
+    // No labels.
+    "no-labels": "error",
+
     // No single if block inside an else block
     "no-lonely-if": "error",
 
     // No mixing spaces and tabs in indent
     "no-mixed-spaces-and-tabs": ["error", "smart-tabs"],
 
     // No unnecessary spacing
     "no-multi-spaces": ["error", { "exceptions": {
@@ -159,16 +159,22 @@ module.exports = { // eslint-disable-lin
     "no-self-compare": "error",
 
     // No declaring variables that hide things like arguments
     "no-shadow-restricted-names": "error",
 
     // Disallow sparse arrays, eg. let arr = [,,"error"].
     "no-sparse-arrays": "error",
 
+    // Disallow tabs.
+    "no-tabs": "error",
+
+    // Disallow template literal placeholder syntax in regular strings.
+    "no-template-curly-in-string": "error",
+
     // Disallow throwing literals (eg. |throw "error"| instead of
     // |throw new Error("error")|)
     "no-throw-literal": "error",
 
     // No trailing whitespace
     "no-trailing-spaces": "error",
 
     // No using undeclared variables
@@ -181,16 +187,20 @@ module.exports = { // eslint-disable-lin
     "no-unreachable": "error",
 
     // No expressions where a statement is expected
     "no-unused-expressions": "error",
 
     // No using with
     "no-with": "error",
 
+    // Require double quote strings to be used, except cases where another quote
+    // type is used to avoid escaping.
+    "quotes": ["error", "double", { "avoidEscape": true }],
+
     // Always require semicolon at end of statement
     "semi": ["error", "always"],
 
     // Require space before blocks
     "space-before-blocks": "error",
 
     // No space padding in parentheses
     "space-in-parens": ["error", "never"],
--- a/security/manager/pki/resources/content/certManager.js
+++ b/security/manager/pki/resources/content/certManager.js
@@ -74,37 +74,37 @@ function LoadCerts()
   Services.obs.addObserver(smartCardObserver, "smartcard-remove", false);
 
   certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
   var certcache = certdb.getCerts();
 
   caTreeView = Components.classes[nsCertTree]
                     .createInstance(nsICertTree);
   caTreeView.loadCertsFromCache(certcache, nsIX509Cert.CA_CERT);
-  document.getElementById('ca-tree').view = caTreeView;
+  document.getElementById("ca-tree").view = caTreeView;
 
   serverTreeView = Components.classes[nsCertTree]
                         .createInstance(nsICertTree);
   serverTreeView.loadCertsFromCache(certcache, nsIX509Cert.SERVER_CERT);
-  document.getElementById('server-tree').view = serverTreeView;
+  document.getElementById("server-tree").view = serverTreeView;
 
   emailTreeView = Components.classes[nsCertTree]
                        .createInstance(nsICertTree);
   emailTreeView.loadCertsFromCache(certcache, nsIX509Cert.EMAIL_CERT);
-  document.getElementById('email-tree').view = emailTreeView;
+  document.getElementById("email-tree").view = emailTreeView;
 
   userTreeView = Components.classes[nsCertTree]
                       .createInstance(nsICertTree);
   userTreeView.loadCertsFromCache(certcache, nsIX509Cert.USER_CERT);
-  document.getElementById('user-tree').view = userTreeView;
+  document.getElementById("user-tree").view = userTreeView;
 
   orphanTreeView = Components.classes[nsCertTree]
                       .createInstance(nsICertTree);
   orphanTreeView.loadCertsFromCache(certcache, nsIX509Cert.UNKNOWN_CERT);
-  document.getElementById('orphan-tree').view = orphanTreeView;
+  document.getElementById("orphan-tree").view = orphanTreeView;
 
   enableBackupAllButton();
 }
 
 function enableBackupAllButton()
 {
   let backupAllButton = document.getElementById("mine_backupAllButton");
   backupAllButton.disabled = userTreeView.rowCount < 1;
@@ -367,17 +367,17 @@ function restoreCerts()
                   "*.p12; *.pfx");
   fp.appendFilter(bundle.getString("file_browse_Certificate_spec"),
                   gCertFileTypes);
   fp.appendFilters(nsIFilePicker.filterAll);
   if (fp.show() == nsIFilePicker.returnOK) {
     // If this is an X509 user certificate, import it as one.
 
     var isX509FileType = false;
-    var fileTypesList = gCertFileTypes.slice(1).split('; *');
+    var fileTypesList = gCertFileTypes.slice(1).split("; *");
     for (var type of fileTypesList) {
       if (fp.file.path.endsWith(type)) {
         isX509FileType = true;
         break;
       }
     }
 
     if (isX509FileType) {
@@ -527,16 +527,16 @@ function addEmailCert()
     emailTreeView.selection.clearSelection();
     caTreeView.loadCertsFromCache(certcache, nsIX509Cert.CA_CERT);
     caTreeView.selection.clearSelection();
   }
 }
 
 function addException()
 {
-  window.openDialog('chrome://pippki/content/exceptionDialog.xul', "",
-                    'chrome,centerscreen,modal');
+  window.openDialog("chrome://pippki/content/exceptionDialog.xul", "",
+                    "chrome,centerscreen,modal");
   var certcache = certdb.getCerts();
   serverTreeView.loadCertsFromCache(certcache, nsIX509Cert.SERVER_CERT);
   serverTreeView.selection.clearSelection();
   orphanTreeView.loadCertsFromCache(certcache, nsIX509Cert.UNKNOWN_CERT);
   orphanTreeView.selection.clearSelection();
 }
--- a/security/manager/pki/resources/content/certViewer.js
+++ b/security/manager/pki/resources/content/certViewer.js
@@ -246,43 +246,43 @@ function addTreeItemToTreeChild(treeChil
   }
   treeRow.appendChild(treeCell);
   treeElem1.appendChild(treeRow);
   treeChild.appendChild(treeElem1);
   return treeElem1;
 }
 
 function displaySelected() {
-  var asn1Tree = document.getElementById('prettyDumpTree')
+  var asn1Tree = document.getElementById("prettyDumpTree")
           .view.QueryInterface(nsIASN1Tree);
   var items = asn1Tree.selection;
-  var certDumpVal = document.getElementById('certDumpVal');
+  var certDumpVal = document.getElementById("certDumpVal");
   if (items.currentIndex != -1) {
     var value = asn1Tree.getDisplayData(items.currentIndex);
     certDumpVal.value = value;
   } else {
     certDumpVal.value = "";
   }
 }
 
 function BuildPrettyPrint(cert)
 {
   var certDumpTree = Components.classes[nsASN1Tree].
                           createInstance(nsIASN1Tree);
   certDumpTree.loadASN1Structure(cert.ASN1Structure);
-  document.getElementById('prettyDumpTree').view = certDumpTree;
+  document.getElementById("prettyDumpTree").view = certDumpTree;
 }
 
 function addAttributeFromCert(nodeName, value)
 {
   var node = document.getElementById(nodeName);
   if (!value) {
-    value = bundle.getString('notPresent');
+    value = bundle.getString("notPresent");
   }
-  node.setAttribute('value', value);
+  node.setAttribute("value", value);
 }
 
 /**
  * Displays information about a cert in the "General" tab of the cert viewer.
  *
  * @param {nsIX509Cert} cert
  *        Cert to display information about.
  */
@@ -299,50 +299,50 @@ function DisplayGeneralDataFromCert(cert
 
   addAttributeFromCert("issuercommonname", cert.issuerCommonName);
   addAttributeFromCert("issuerorganization", cert.issuerOrganization);
   addAttributeFromCert("issuerorgunit", cert.issuerOrganizationUnit);
 }
 
 function updateCertDump()
 {
-  var asn1Tree = document.getElementById('prettyDumpTree')
+  var asn1Tree = document.getElementById("prettyDumpTree")
           .view.QueryInterface(nsIASN1Tree);
 
-  var tree = document.getElementById('treesetDump');
+  var tree = document.getElementById("treesetDump");
   if (tree.currentIndex < 0) {
     doPrompt("No items are selected."); //This should never happen.
   } else {
     var item = tree.contentView.getItemAtIndex(tree.currentIndex);
-    var dbKey = item.firstChild.firstChild.getAttribute('display');
+    var dbKey = item.firstChild.firstChild.getAttribute("display");
     //  Get the cert from the cert database
     var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
     var cert = certdb.findCertByDBKey(dbKey);
     asn1Tree.loadASN1Structure(cert.ASN1Structure);
   }
   displaySelected();
 }
 
 function getCurrentCert()
 {
   var realIndex;
-  var tree = document.getElementById('treesetDump');
+  var tree = document.getElementById("treesetDump");
   if (tree.view.selection.isSelected(tree.currentIndex)
-      && document.getElementById('prettyprint_tab').selected) {
+      && document.getElementById("prettyprint_tab").selected) {
     /* if the user manually selected a cert on the Details tab,
        then take that one  */
     realIndex = tree.currentIndex;
   } else {
     /* otherwise, take the one at the bottom of the chain
        (i.e. the one of the end-entity, unless we're displaying
        CA certs) */
     realIndex = tree.view.rowCount - 1;
   }
   if (realIndex >= 0) {
     var item = tree.contentView.getItemAtIndex(realIndex);
-    var dbKey = item.firstChild.firstChild.getAttribute('display');
+    var dbKey = item.firstChild.firstChild.getAttribute("display");
     var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
     var cert = certdb.findCertByDBKey(dbKey);
     return cert;
   }
   /* shouldn't really happen */
   return null;
 }
--- a/security/manager/pki/resources/content/changepassword.js
+++ b/security/manager/pki/resources/content/changepassword.js
@@ -101,17 +101,17 @@ function process()
 
        if (status == nsIPKCS11Slot.SLOT_READY) {
          oldpwbox.setAttribute("inited", "empty");
        } else {
          oldpwbox.setAttribute("inited", "true");
        }
 
        // Select first password field
-       document.getElementById('pw1').focus();
+       document.getElementById("pw1").focus();
      } else {
        // Select old password field
        oldpwbox.setAttribute("hidden", "false");
        msgBox.setAttribute("hidden", "true");
        oldpwbox.setAttribute("inited", "false");
        oldpwbox.focus();
      }
    }
--- a/security/manager/pki/resources/content/device_manager.js
+++ b/security/manager/pki/resources/content/device_manager.js
@@ -139,17 +139,17 @@ function AddModule(module, slots)
 }
 
 var selected_slot;
 var selected_module;
 
 /* get the slot selected by the user (can only be one-at-a-time) */
 function getSelectedItem()
 {
-  var tree = document.getElementById('device_tree');
+  var tree = document.getElementById("device_tree");
   if (tree.currentIndex < 0) return;
   var item = tree.contentView.getItemAtIndex(tree.currentIndex);
   selected_slot = null;
   selected_module = null;
   if (item) {
     var kind = item.getAttribute("pk11kind");
     var module_name;
     if (kind == "slot") {
@@ -197,44 +197,41 @@ function enableButtons()
           } else {
             login_toggle = "false";
           }
         }
       }
     }
     showSlotInfo();
   }
-  var thebutton = document.getElementById('login_button');
-  thebutton.setAttribute("disabled", login_toggle);
-  thebutton = document.getElementById('logout_button');
-  thebutton.setAttribute("disabled", logout_toggle);
-  thebutton = document.getElementById('change_pw_button');
-  thebutton.setAttribute("disabled", pw_toggle);
-  thebutton = document.getElementById('unload_button');
-  thebutton.setAttribute("disabled", unload_toggle);
-  // not implemented
-  //thebutton = document.getElementById('change_slotname_button');
-  //thebutton.setAttribute("disabled", toggle);
+  document.getElementById("login_button")
+          .setAttribute("disabled", login_toggle);
+  document.getElementById("logout_button")
+          .setAttribute("disabled", logout_toggle);
+  document.getElementById("change_pw_button")
+          .setAttribute("disabled", pw_toggle);
+  document.getElementById("unload_button")
+          .setAttribute("disabled", unload_toggle);
 }
 
 // clear the display of information for the slot
 function ClearInfoList()
 {
   let infoList = document.getElementById("info_list");
   while (infoList.hasChildNodes()) {
     infoList.removeChild(infoList.firstChild);
   }
 }
 
 function ClearDeviceList()
 {
   ClearInfoList();
 
   skip_enable_buttons = true;
-  var tree = document.getElementById('device_tree');
+  var tree = document.getElementById("device_tree");
   tree.view.selection.clearSelection();
   skip_enable_buttons = false;
 
   // Remove the existing listed modules so that a refresh doesn't display the
   // module that just changed.
   let deviceList = document.getElementById("device_list");
   while (deviceList.hasChildNodes()) {
     deviceList.removeChild(deviceList.firstChild);
@@ -397,17 +394,17 @@ function doUnload()
     ClearDeviceList();
     RefreshDeviceList();
   }
 }
 
 // handle card insertion and removal
 function onSmartCardChange()
 {
-  var tree = document.getElementById('device_tree');
+  var tree = document.getElementById("device_tree");
   var index = tree.currentIndex;
   tree.currentIndex = 0;
   ClearDeviceList();
   RefreshDeviceList();
   tree.currentIndex = index;
   enableButtons();
 }
 
--- a/security/manager/pki/resources/content/exceptionDialog.js
+++ b/security/manager/pki/resources/content/exceptionDialog.js
@@ -58,17 +58,17 @@ function initExceptionDialog() {
   setText("warningText", gPKIBundle.getFormattedString("addExceptionBrandedWarning2", [brandName]));
   gDialog.getButton("extra1").disabled = true;
 
   var args = window.arguments;
   if (args && args[0]) {
     if (args[0].location) {
       // We were pre-seeded with a location.
       document.getElementById("locationTextBox").value = args[0].location;
-      document.getElementById('checkCertButton').disabled = false;
+      document.getElementById("checkCertButton").disabled = false;
 
       if (args[0].sslStatus) {
         gSSLStatus = args[0].sslStatus;
         gCert = gSSLStatus.serverCert;
         gBroken = true;
         updateCertStatus();
       } else if (args[0].prefetchCert) {
         // We can optionally pre-fetch the certificate too.  Don't do this
@@ -101,17 +101,17 @@ function checkCert() {
   gBroken = false;
   updateCertStatus();
 
   var uri = getURI();
 
   var req = new XMLHttpRequest();
   try {
     if (uri) {
-      req.open('GET', uri.prePath, false);
+      req.open("GET", uri.prePath, false);
       req.channel.notificationCallbacks = new badCertListener();
       req.send(null);
     }
   } catch (e) {
     // We *expect* exceptions if there are problems with the certificate
     // presented by the site.  Log it, just in case, but we can proceed here,
     // with appropriate sanity checks
     Components.utils.reportError("Attempted to connect to a site with a bad certificate in the add exception dialog. " +
@@ -171,17 +171,17 @@ function resetDialog() {
   setText("status3Description", "");
   setText("status3LongDescription", "");
 }
 
 /**
  * Called by input textboxes to manage UI state
  */
 function handleTextChange() {
-  var checkCertButton = document.getElementById('checkCertButton');
+  var checkCertButton = document.getElementById("checkCertButton");
   checkCertButton.disabled = !(document.getElementById("locationTextBox").value);
   if (gNeedReset) {
     gNeedReset = false;
     resetDialog();
   }
 }
 
 function updateCertStatus() {
--- a/security/manager/pki/resources/content/pippki.js
+++ b/security/manager/pki/resources/content/pippki.js
@@ -32,28 +32,28 @@ function viewCertHelper(parent, cert) {
   var cd = Components.classes[nsCertificateDialogs].getService(nsICertificateDialogs);
   cd.viewCert(parent, cert);
 }
 
 function getDERString(cert)
 {
   var length = {};
   var derArray = cert.getRawDER(length);
-  var derString = '';
+  var derString = "";
   for (var i = 0; i < derArray.length; i++) {
     derString += String.fromCharCode(derArray[i]);
   }
   return derString;
 }
 
 function getPKCS7String(cert, chainMode)
 {
   var length = {};
   var pkcs7Array = cert.exportAsCMS(chainMode, length);
-  var pkcs7String = '';
+  var pkcs7String = "";
   for (var i = 0; i < pkcs7Array.length; i++) {
     pkcs7String += String.fromCharCode(pkcs7Array[i]);
   }
   return pkcs7String;
 }
 
 function getPEMString(cert)
 {
@@ -120,17 +120,17 @@ function exportToFile(parent, cert)
   fp.appendFilter(bundle.getString("CertFormatPKCS7"), "*.p7c");
   fp.appendFilter(bundle.getString("CertFormatPKCS7Chain"), "*.p7c");
   fp.appendFilters(nsIFilePicker.filterAll);
   var res = fp.show();
   if (res != nsIFilePicker.returnOK && res != nsIFilePicker.returnReplace) {
     return;
   }
 
-  var content = '';
+  var content = "";
   switch (fp.filterIndex) {
     case 1:
       content = getPEMString(cert);
       var chain = cert.getChain();
       for (let i = 1; i < chain.length; i++) {
         content += getPEMString(chain.queryElementAt(i, Components.interfaces.nsIX509Cert));
       }
       break;
--- a/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html
@@ -9,60 +9,66 @@
   <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 
   <script class="testbody" type="text/javascript">
   "use strict";
 
   SimpleTest.waitForExplicitFinish();
 
-  const STSPATH = "/tests/security/manager/ssl/tests/mochitest/stricttransportsecurity";
+  const STSPATH =
+    "tests/security/manager/ssl/tests/mochitest/stricttransportsecurity";
 
   // initialized manually here
-  var testsleft = {'plain': 4, 'subdom': 4};
+  var testsleft = {plain: 4, subdom: 4};
   var roundsLeft = 2;
 
   var testframes = {
-    'samedom':
-      {'url':     "http://example.com" + STSPATH + "/verify.sjs",
-        'expected': {'plain': 'SECURE', 'subdom': 'SECURE'}},
-    'subdom':
-      {'url':     "http://test1.example.com" + STSPATH + "/verify.sjs",
-        'expected': {'plain': 'INSECURE', 'subdom': 'SECURE'}},
-    'otherdom':
-      {'url':     "http://example.org" + STSPATH + "/verify.sjs",
-        'expected': {'plain': 'INSECURE', 'subdom': 'INSECURE'}},
-    'alreadysecure':
-      {'url':     "https://test2.example.com" + STSPATH + "/verify.sjs",
-        'expected': {'plain': 'SECURE', 'subdom': 'SECURE'}},
+    samedom: {
+      url: `http://example.com/${STSPATH}/verify.sjs`,
+      expected: {plain: "SECURE", subdom: "SECURE"}
+    },
+    subdom: {
+      url: `http://test1.example.com/${STSPATH}/verify.sjs`,
+      expected: {plain: "INSECURE", subdom: "SECURE"}
+    },
+    otherdom: {
+      url: `http://example.org/${STSPATH}/verify.sjs`,
+      expected: {plain: "INSECURE", subdom: "INSECURE"}
+    },
+    alreadysecure: {
+      url: `https://test2.example.com/${STSPATH}/verify.sjs`,
+      expected: {plain: "SECURE", subdom: "SECURE"}
+    },
   };
 
   function startRound(round) {
     let frame = document.createElement("iframe");
-    frame.setAttribute('id', 'ifr_bootstrap');
-    frame.setAttribute('src', "https://example.com" + STSPATH + "/" + round + "_bootstrap.html");
+    frame.setAttribute("id", "ifr_bootstrap");
+    frame.setAttribute("src",
+                       `https://example.com/${STSPATH}/${round}_bootstrap.html`);
     document.body.appendChild(frame);
   }
 
   function endRound(round) {
     // remove all the iframes in the document
-    document.body.removeChild(document.getElementById('ifr_bootstrap'));
+    document.body.removeChild(document.getElementById("ifr_bootstrap"));
     for (let test in testframes) {
-      document.body.removeChild(document.getElementById('ifr_' + test));
+      document.body.removeChild(document.getElementById("ifr_" + test));
     }
 
     // clean up the STS state
     SpecialPowers.cleanUpSTSData("http://example.com");
   }
 
   function loadVerifyFrames(round) {
     for (let test in testframes) {
       let frame = document.createElement("iframe");
-      frame.setAttribute('id', 'ifr_' + test);
-      frame.setAttribute('src', testframes[test].url + '?id=' + test);
+      frame.setAttribute("id", "ifr_" + test);
+      frame.setAttribute("src", testframes[test].url + "?id=" + test);
       document.body.appendChild(frame);
     }
   }
 
   /* Messages received are in this format:
    *  (BOOTSTRAP|SECURE|INSECURE) testid
    * For example: "BOOTSTRAP plain"
    *          or: "INSECURE otherdom"
--- a/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html
@@ -17,17 +17,18 @@
   // inside a ContentTask tripping ESLint no-undef checks.
   /* global content */
 
   SimpleTest.waitForExplicitFinish();
 
   const Cc = Components.classes;
   const Ci = Components.interfaces;
   const Cu = Components.utils;
-  const STSPATH = "/tests/security/manager/ssl/tests/mochitest/stricttransportsecurity";
+  const STSPATH =
+    "tests/security/manager/ssl/tests/mochitest/stricttransportsecurity";
   const NUM_TEST_FRAMES = 4;
   const CONTENT_PAGE =
     "http://mochi.test:8888/chrome/security/manager/ssl/tests/mochitest/stricttransportsecurity/page_blank.html";
 
   Cu.import("resource://testing-common/BrowserTestUtils.jsm");
   Cu.import("resource://testing-common/ContentTask.jsm");
   Cu.import("resource://gre/modules/Task.jsm");
 
@@ -39,36 +40,32 @@
     window.QueryInterface(Ci.nsIInterfaceRequestor).
     getInterface(Ci.nsIWebNavigation).QueryInterface(Ci.nsIDocShellTreeItem).
     rootTreeItem.QueryInterface(Ci.nsIInterfaceRequestor).
     getInterface(Ci.nsIDOMWindow);
 
   SpecialPowers.Services.prefs.setIntPref("browser.startup.page", 0);
 
   var testframes = {
-    'samedom':
-      {'url':     "http://example.com" + STSPATH + "/verify.sjs",
-        'expected': {'plain': 'SECURE',
-                     'subdom': 'SECURE',
-                     'nosts': 'INSECURE'}},
-    'subdom':
-      {'url':     "http://test1.example.com" + STSPATH + "/verify.sjs",
-        'expected': {'plain': 'INSECURE',
-                     'subdom': 'SECURE',
-                     'nosts': 'INSECURE'}},
-    'otherdom':
-      {'url':     "http://example.org" + STSPATH + "/verify.sjs",
-        'expected': {'plain': 'INSECURE',
-                     'subdom': 'INSECURE',
-                     'nosts': 'INSECURE'}},
-    'alreadysecure':
-      {'url':     "https://test2.example.com" + STSPATH + "/verify.sjs",
-        'expected': {'plain': 'SECURE',
-                     'subdom': 'SECURE',
-                     'nosts': 'SECURE'}},
+    samedom: {
+      url: `http://example.com/${STSPATH}/verify.sjs`,
+      expected: {plain: "SECURE", subdom: "SECURE", nosts: "INSECURE"}
+    },
+    subdom: {
+      url: `http://test1.example.com/${STSPATH}/verify.sjs`,
+      expected: {plain: "INSECURE", subdom: "SECURE", nosts: "INSECURE"}
+    },
+    otherdom: {
+      url: `http://example.org/${STSPATH}/verify.sjs`,
+      expected: {plain: "INSECURE", subdom: "INSECURE", nosts: "INSECURE"}
+    },
+    alreadysecure: {
+      url: `https://test2.example.com/${STSPATH}/verify.sjs`,
+      expected: {plain: "SECURE", subdom: "SECURE", nosts: "SECURE"}
+    },
   };
 
   function whenDelayedStartupFinished(aWindow, aCallback) {
     SpecialPowers.Services.obs.addObserver(function observer(aSubject, aTopic) {
       if (aWindow == aSubject) {
         SpecialPowers.Services.obs.removeObserver(observer, aTopic);
         SimpleTest.executeSoon(aCallback);
       }
@@ -90,61 +87,61 @@
   }
 
   function startRound(win, isPrivate, round) {
     currentround = round;
     testsleftinround = NUM_TEST_FRAMES;
     SimpleTest.info("TESTS LEFT IN ROUND " + currentround + ": " + testsleftinround);
 
     let browser = win.gBrowser.selectedBrowser;
-    let src = "https://example.com" + STSPATH + "/" + round + "_bootstrap.html";
+    let src = `https://example.com/${STSPATH}/${round}_bootstrap.html`;
 
     ContentTask.spawn(browser, src, function* (contentSrc) {
       let frame = content.document.createElement("iframe");
-      frame.setAttribute('id', 'ifr_bootstrap');
-      frame.setAttribute('src', contentSrc);
+      frame.setAttribute("id", "ifr_bootstrap");
+      frame.setAttribute("src", contentSrc);
 
       return new Promise(resolve => {
         frame.addEventListener("load", resolve);
         content.document.body.appendChild(frame);
       });
     }).then(() => {
       onMessageReceived(win, isPrivate, "BOOTSTRAP " + round);
     });
   }
 
   function loadVerifyFrames(win, isPrivate, round) {
-    loadVerifyFrame(win, isPrivate, testframes.samedom, 'samedom', function() {
-      loadVerifyFrame(win, isPrivate, testframes.subdom, 'subdom', function() {
-        loadVerifyFrame(win, isPrivate, testframes.otherdom, 'otherdom', function() {
-          loadVerifyFrame(win, isPrivate, testframes.alreadysecure, 'alreadysecure');
+    loadVerifyFrame(win, isPrivate, testframes.samedom, "samedom", function() {
+      loadVerifyFrame(win, isPrivate, testframes.subdom, "subdom", function() {
+        loadVerifyFrame(win, isPrivate, testframes.otherdom, "otherdom", function() {
+          loadVerifyFrame(win, isPrivate, testframes.alreadysecure, "alreadysecure");
         });
       });
     });
   }
 
   function loadVerifyFrame(win, isPrivate, test, testName, aCallback) {
-    let id = 'ifr_' + testName;
-    let src = test.url + '?id=' + testName;
+    let id = "ifr_" + testName;
+    let src = test.url + "?id=" + testName;
     let browser = win.gBrowser.selectedBrowser;
 
     ContentTask.spawn(browser, [id, src], function* ([contentId, contentSrc]) {
       let frame = content.document.createElement("iframe");
-      frame.setAttribute('id', contentId);
-      frame.setAttribute('src', contentSrc);
+      frame.setAttribute("id", contentId);
+      frame.setAttribute("src", contentSrc);
 
       return new Promise(resolve => {
         frame.addEventListener("load", () => {
           resolve(frame.contentDocument.location.protocol);
         });
 
         content.document.body.appendChild(frame);
       });
     }).then(scheme => {
-      if (scheme == 'https:') {
+      if (scheme == "https:") {
         onMessageReceived(win, isPrivate, "SECURE " + testName);
       } else {
         onMessageReceived(win, isPrivate, "INSECURE " + testName);
       }
 
       if (aCallback) {
         aCallback();
       }
@@ -179,20 +176,20 @@
 
     // if this round is complete...
     if (testsleftinround < 1) {
       SimpleTest.info("DONE WITH ROUND " + currentround);
       // remove all the iframes in the document
       let browser = win.gBrowser.selectedBrowser;
       ContentTask.spawn(browser, testframes, function* (contentTestFrames) {
         content.document.body.removeChild(
-          content.document.getElementById('ifr_bootstrap'));
+          content.document.getElementById("ifr_bootstrap"));
         for (let test in contentTestFrames) {
           content.document.body.removeChild(
-            content.document.getElementById('ifr_' + test));
+            content.document.getElementById("ifr_" + test));
         }
       }).then(() => {
         currentround = "";
 
         if (!isPrivate) {
           clean_up_sts_state(isPrivate);
         }
         // Close test window.
@@ -203,33 +200,33 @@
       });
     }
   }
 
   function test_sts_before_private_mode() {
     testOnWindow(false, function(win) {
       SimpleTest.info("In public window");
       dump_STSState(false);
-      startRound(win, false, 'plain');
+      startRound(win, false, "plain");
     });
   }
 
   function test_sts_in_private_mode() {
     testOnWindow(true, function(win) {
       SimpleTest.info("In private window");
       dump_STSState(true);
-      startRound(win, true, 'subdom');
+      startRound(win, true, "subdom");
     });
   }
 
   function test_sts_after_exiting_private_mode() {
     testOnWindow(false, function(win) {
       SimpleTest.info("In a new public window");
       dump_STSState(false);
-      startRound(win, false, 'nosts');
+      startRound(win, false, "nosts");
     });
   }
 
   function clean_up_sts_state(isPrivate) {
     // erase all signs that this test ran.
     SimpleTest.info("Cleaning up STS data");
     let flags = isPrivate ? Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
     SpecialPowers.cleanUpSTSData("http://example.com", flags);
@@ -260,16 +257,16 @@
 
   function finish() {
     SpecialPowers.Services.prefs.clearUserPref("browser.startup.page");
     SimpleTest.finish();
   }
   function nextTest() {
     SimpleTest.executeSoon(tests.length ? tests.shift() : finish);
   }
-  window.addEventListener('load', nextTest, false);
+  window.addEventListener("load", nextTest, false);
   </script>
 </head>
 
 <body>
   This test will load some iframes and do some tests.
 </body>
 </html>
--- a/security/manager/ssl/tests/unit/test_cert_blocklist.js
+++ b/security/manager/ssl/tests/unit/test_cert_blocklist.js
@@ -141,27 +141,20 @@ function verify_cert(file, expectedError
 
 function load_cert(cert, trust) {
   let file = "bad_certs/" + cert + ".pem";
   addCertFromFile(certDB, file, trust);
 }
 
 function test_is_revoked(certList, issuerString, serialString, subjectString,
                          pubKeyString) {
-  let issuer = converter.convertToByteArray(issuerString ? issuerString : '',
-                                            {});
-
-  let serial = converter.convertToByteArray(serialString ? serialString : '',
-                                            {});
-
-  let subject = converter.convertToByteArray(subjectString ? subjectString : '',
-                                             {});
-
-  let pubKey = converter.convertToByteArray(pubKeyString ? pubKeyString : '',
-                                            {});
+  let issuer = converter.convertToByteArray(issuerString || "", {});
+  let serial = converter.convertToByteArray(serialString || "", {});
+  let subject = converter.convertToByteArray(subjectString || "", {});
+  let pubKey = converter.convertToByteArray(pubKeyString || "", {});
 
   return certList.isCertRevoked(issuer,
                                 issuerString ? issuerString.length : 0,
                                 serial,
                                 serialString ? serialString.length : 0,
                                 subject,
                                 subjectString ? subjectString.length : 0,
                                 pubKey,
@@ -286,17 +279,17 @@ function run_test() {
     // properly
     ok(test_is_revoked(certList, "another imaginary issuer", "serial2."),
        "issuer / serial pair should be blocked");
     ok(test_is_revoked(certList, "another imaginary issuer", "another serial."),
        "issuer / serial pair should be blocked");
 
     // test a subject / pubKey revocation
     ok(test_is_revoked(certList, "nonsense", "more nonsense",
-       "some imaginary subject", "some imaginary pubkey"),
+                       "some imaginary subject", "some imaginary pubkey"),
        "issuer / serial pair should be blocked");
 
     // Check the blocklist entry has been persisted properly to the backing
     // file
     check_revocations_txt_contents(expected);
 
     // Check the blocklisted intermediate now causes a failure
     let file = "test_onecrl/test-int-ee.pem";
--- a/security/manager/ssl/tests/unit/test_cert_chains.js
+++ b/security/manager/ssl/tests/unit/test_cert_chains.js
@@ -27,17 +27,17 @@ function test_cert_equals() {
      "equals() on cert objects constructed from the same cert file should" +
      " return true");
   ok(!certA.equals(certC),
      "equals() on cert objects constructed from files for different certs" +
      " should return false");
 }
 
 function test_cert_list_serialization() {
-  let certList = build_cert_chain(['default-ee', 'expired-ee']);
+  let certList = build_cert_chain(["default-ee", "expired-ee"]);
 
   // Serialize the cert list to a string
   let serHelper = Cc["@mozilla.org/network/serialization-helper;1"]
                     .getService(Ci.nsISerializationHelper);
   certList.QueryInterface(Ci.nsISerializable);
   let serialized = serHelper.serializeToString(certList);
 
   // Deserialize from the string and compare to the original object
--- a/security/manager/ssl/tests/unit/test_cert_signatures.js
+++ b/security/manager/ssl/tests/unit/test_cert_signatures.js
@@ -20,19 +20,19 @@ var certdb = Cc["@mozilla.org/security/x
 // specified to modify a byte from the end of the certificate.
 function readAndTamperWithNthByte(certificatePath, n) {
   let pem = readFile(do_get_file(certificatePath, false));
   let der = atob(pemToBase64(pem));
   if (n < 0) {
     // remember, n is negative at this point
     n = der.length + n;
   }
-  let replacement = '\x22';
+  let replacement = "\x22";
   if (der.charCodeAt(n) == replacement) {
-    replacement = '\x23';
+    replacement = "\x23";
   }
   der = der.substring(0, n) + replacement + der.substring(n + 1);
   return btoa(der);
 }
 
 // The signature on certificates appears last. This should modify the contents
 // of the signature such that it no longer validates correctly while still
 // resulting in a structurally valid certificate.
--- a/security/manager/ssl/tests/unit/test_content_signing.js
+++ b/security/manager/ssl/tests/unit/test_content_signing.js
@@ -30,19 +30,19 @@ function loadChain(prefix, names) {
     let filename = `${prefix}_${name}.pem`;
     chain.push(readFile(do_get_file(filename)));
   }
   return chain;
 }
 
 function run_test() {
   // set up some data
-  const DATA = readFile(do_get_file(TEST_DATA_DIR + 'test.txt'));
+  const DATA = readFile(do_get_file(TEST_DATA_DIR + "test.txt"));
   const GOOD_SIGNATURE = "p384ecdsa=" +
-      readFile(do_get_file(TEST_DATA_DIR + 'test.txt.signature'))
+      readFile(do_get_file(TEST_DATA_DIR + "test.txt.signature"))
       .trim();
 
   const BAD_SIGNATURE = "p384ecdsa=WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2r" +
                         "UWM4GJke4pE8ecHiXoi-7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1G" +
                         "q25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L";
 
   let remoteNewTabChain = loadChain(TEST_DATA_DIR + "content_signing",
                                     ["remote_newtab_ee", "int", "root"]);
@@ -195,17 +195,17 @@ function run_test() {
     "this data is garbage\n-----BEGIN CERTIFICATE-----\nnon-base64-stuff\n" +
     "-----END CERTIFICATE-----",
     ];
 
   for (let badSection of badSections) {
     // ensure we test each bad section on its own...
     badChains.push(badSection);
     // ... and as part of a chain with good certificates
-    badChains.push(badSection + '\n' + chainSuffix);
+    badChains.push(badSection + "\n" + chainSuffix);
   }
 
   for (let badChain of badChains) {
     throws(() => {
       verifier = getSignatureVerifier();
       verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, badChain,
                                       ONECRL_NAME);
     }, /NS_ERROR/, `Bad chain data starting "${badChain.substring(0, 80)}" ` +
--- a/security/manager/ssl/tests/unit/test_getchain.js
+++ b/security/manager/ssl/tests/unit/test_getchain.js
@@ -5,31 +5,31 @@
 
 "use strict";
 
 do_get_profile(); // must be called before getting nsIX509CertDB
 const certdb  = Cc["@mozilla.org/security/x509certdb;1"]
                   .getService(Ci.nsIX509CertDB);
 // This is the list of certificates needed for the test.
 var certList = [
-  'ee',
-  'ca-1',
-  'ca-2',
+  "ee",
+  "ca-1",
+  "ca-2",
 ];
 
 // Since all the ca's are identical expect for the serial number
 // I have to grab them by enumerating all the certs and then finding
 // the ones that I am interested in.
 function get_ca_array() {
   let ret_array = [];
   let allCerts = certdb.getCerts();
   let enumerator = allCerts.getEnumerator();
   while (enumerator.hasMoreElements()) {
     let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert);
-    if (cert.commonName == 'ca') {
+    if (cert.commonName == "ca") {
       ret_array[parseInt(cert.serialNumber, 16)] = cert;
     }
   }
   return ret_array;
 }
 
 
 function check_matching_issuer_and_getchain(expected_issuer_serial, cert) {
--- a/security/manager/ssl/tests/unit/test_hash_algorithms.js
+++ b/security/manager/ssl/tests/unit/test_hash_algorithms.js
@@ -41,17 +41,17 @@ function hexdigest(data) {
 }
 
 function doHash(algo, value, cmp) {
   let hash = Cc["@mozilla.org/security/hash;1"].createInstance(Ci.nsICryptoHash);
   hash.initWithString(algo);
 
   let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
                     .createInstance(Ci.nsIScriptableUnicodeConverter);
-  converter.charset = 'utf8';
+  converter.charset = "utf8";
   value = converter.convertToByteArray(value);
   hash.update(value, value.length);
   equal(hexdigest(hash.finish(false)), cmp,
         `Actual and expected hash for ${algo} should match`);
 
   hash.initWithString(algo);
   hash.update(value, value.length);
   equal(hexdigest(hash.finish(false)), cmp,
@@ -59,17 +59,17 @@ function doHash(algo, value, cmp) {
 }
 
 function doHashStream(algo, value, cmp) {
   let hash = Cc["@mozilla.org/security/hash;1"].createInstance(Ci.nsICryptoHash);
   hash.initWithString(algo);
 
   let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
                     .createInstance(Ci.nsIScriptableUnicodeConverter);
-  converter.charset = 'utf8';
+  converter.charset = "utf8";
   let stream = converter.convertToInputStream(value);
   hash.updateFromStream(stream, stream.available());
   equal(hexdigest(hash.finish(false)), cmp,
         `Actual and expected hash for ${algo} should match updating from stream`);
 }
 
 function run_test() {
   for (let algo in hashes) {
--- a/security/manager/ssl/tests/unit/test_hmac.js
+++ b/security/manager/ssl/tests/unit/test_hmac.js
@@ -26,18 +26,18 @@ function getHMAC(data, key, alg) {
 
   equal(digest1, digest2,
         "Initial digest and digest after calling reset() should match");
 
   return digest1;
 }
 
 function testHMAC(alg) {
-  const key1 = 'MyKey_ABCDEFGHIJKLMN';
-  const key2 = 'MyKey_01234567890123';
+  const key1 = "MyKey_ABCDEFGHIJKLMN";
+  const key2 = "MyKey_01234567890123";
 
   const dataA = "Secret message";
   const dataB = "Secres message";
 
   let digest1a = getHMAC(key1, dataA, alg);
   let digest2 = getHMAC(key2, dataA, alg);
   let digest1b = getHMAC(key1, dataA, alg);
 
--- a/security/manager/ssl/tests/unit/test_ocsp_fetch_method.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method.js
@@ -24,18 +24,18 @@ function start_ocsp_responder(expectedCe
 
 function check_cert_err(cert_name, expected_error) {
   let cert = constructCertFromFile("test_ocsp_fetch_method/" + cert_name + ".pem");
   return checkCertErrorGeneric(certdb, cert, expected_error,
                                certificateUsageSSLServer);
 }
 
 function run_test() {
-  addCertFromFile(certdb, "test_ocsp_fetch_method/ca.pem", 'CTu,CTu,CTu');
-  addCertFromFile(certdb, "test_ocsp_fetch_method/int.pem", ',,');
+  addCertFromFile(certdb, "test_ocsp_fetch_method/ca.pem", "CTu,CTu,CTu");
+  addCertFromFile(certdb, "test_ocsp_fetch_method/int.pem", ",,");
 
   // Enabled so that we can force ocsp failure responses.
   Services.prefs.setBoolPref("security.OCSP.require", true);
 
   Services.prefs.setCharPref("network.dns.localDomains",
                              "www.example.com");
   Services.prefs.setIntPref("security.OCSP.enabled", 1);
 
--- a/security/manager/ssl/tests/unit/test_ocsp_url.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_url.js
@@ -26,18 +26,18 @@ function start_ocsp_responder(expectedCe
 
 function check_cert_err(cert_name, expected_error) {
   let cert = constructCertFromFile("test_ocsp_url/" + cert_name + ".pem");
   return checkCertErrorGeneric(certdb, cert, expected_error,
                                certificateUsageSSLServer);
 }
 
 function run_test() {
-  addCertFromFile(certdb, "test_ocsp_url/ca.pem", 'CTu,CTu,CTu');
-  addCertFromFile(certdb, "test_ocsp_url/int.pem", ',,');
+  addCertFromFile(certdb, "test_ocsp_url/ca.pem", "CTu,CTu,CTu");
+  addCertFromFile(certdb, "test_ocsp_url/int.pem", ",,");
 
   // Enabled so that we can force ocsp failure responses.
   Services.prefs.setBoolPref("security.OCSP.require", true);
 
   Services.prefs.setCharPref("network.dns.localDomains",
                              "www.example.com");
   Services.prefs.setIntPref("security.OCSP.enabled", 1);
 
@@ -92,17 +92,17 @@ function run_test() {
     let ocspResponder = failingOCSPResponder();
     // XXX Bug 1013615 parser accepts ":8888" as hostname
     check_cert_err("no-host-url", SEC_ERROR_OCSP_SERVER_ERROR);
     ocspResponder.stop(run_next_test);
   });
 
   add_test(function() {
     clearOCSPCache();
-    let ocspResponder = start_ocsp_responder(["no-path-url"], ['']);
+    let ocspResponder = start_ocsp_responder(["no-path-url"], [""]);
     check_cert_err("no-path-url", PRErrorCodeSuccess);
     ocspResponder.stop(run_next_test);
   });
 
   add_test(function() {
     clearOCSPCache();
     let ocspResponder = failingOCSPResponder();
     check_cert_err("no-scheme-host-port", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
--- a/security/manager/ssl/tests/unit/test_pinning_dynamic.js
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic.js
@@ -112,81 +112,113 @@ function checkStateRead(aSubject, aTopic
   certdb = Cc["@mozilla.org/security/x509certdb;1"]
              .getService(Ci.nsIX509CertDB);
 
   loadCert("pinningroot", "CTu,CTu,CTu");
   loadCert("badca", "CTu,CTu,CTu");
 
   // the written entry is for a.pinning2.example.com without subdomains
   // and b.pinning2.example.com with subdomains
-  checkFail(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com");
-  checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com");
-  checkOK(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com");
-  checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com");
+  checkFail(certFromFile("a.pinning2.example.com-badca"),
+            "a.pinning2.example.com");
+  checkOK(certFromFile("a.pinning2.example.com-pinningroot"),
+          "a.pinning2.example.com");
+  checkOK(certFromFile("x.a.pinning2.example.com-badca"),
+          "x.a.pinning2.example.com");
+  checkOK(certFromFile("x.a.pinning2.example.com-pinningroot"),
+          "x.a.pinning2.example.com");
 
-  checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com");
-  checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com");
-  checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com");
-  checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com");
+  checkFail(certFromFile("b.pinning2.example.com-badca"),
+            "b.pinning2.example.com");
+  checkOK(certFromFile("b.pinning2.example.com-pinningroot"),
+          "b.pinning2.example.com");
+  checkFail(certFromFile("x.b.pinning2.example.com-badca"),
+            "x.b.pinning2.example.com");
+  checkOK(certFromFile("x.b.pinning2.example.com-pinningroot"),
+          "x.b.pinning2.example.com");
 
   checkDefaultSiteHPKPStatus();
 
 
   // add includeSubdomains to a.pinning2.example.com
   gSSService.setKeyPins("a.pinning2.example.com", true,
                         new Date().getTime() + 1000000, 2,
                         [NON_ISSUED_KEY_HASH, PINNING_ROOT_KEY_HASH]);
-  checkFail(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com");
-  checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com");
-  checkFail(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com");
-  checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com");
-  checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com");
-  checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com");
-  checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com");
-  checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com");
+  checkFail(certFromFile("a.pinning2.example.com-badca"),
+            "a.pinning2.example.com");
+  checkOK(certFromFile("a.pinning2.example.com-pinningroot"),
+          "a.pinning2.example.com");
+  checkFail(certFromFile("x.a.pinning2.example.com-badca"),
+            "x.a.pinning2.example.com");
+  checkOK(certFromFile("x.a.pinning2.example.com-pinningroot"),
+          "x.a.pinning2.example.com");
+  checkFail(certFromFile("b.pinning2.example.com-badca"),
+            "b.pinning2.example.com");
+  checkOK(certFromFile("b.pinning2.example.com-pinningroot"),
+          "b.pinning2.example.com");
+  checkFail(certFromFile("x.b.pinning2.example.com-badca"),
+            "x.b.pinning2.example.com");
+  checkOK(certFromFile("x.b.pinning2.example.com-pinningroot"),
+          "x.b.pinning2.example.com");
 
   ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
                              "a.pinning2.example.com", 0),
      "a.pinning2.example.com should still have HPKP status after adding" +
      " includeSubdomains to a.pinning2.example.com");
   ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
                              "x.a.pinning2.example.com", 0),
      "x.a.pinning2.example.com should now have HPKP status after adding" +
      " includeSubdomains to a.pinning2.example.com");
 
   // Now setpins without subdomains
   gSSService.setKeyPins("a.pinning2.example.com", false,
                         new Date().getTime() + 1000000, 2,
                         [NON_ISSUED_KEY_HASH, PINNING_ROOT_KEY_HASH]);
-  checkFail(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com");
-  checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com");
-  checkOK(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com");
-  checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com");
+  checkFail(certFromFile("a.pinning2.example.com-badca"),
+            "a.pinning2.example.com");
+  checkOK(certFromFile("a.pinning2.example.com-pinningroot"),
+          "a.pinning2.example.com");
+  checkOK(certFromFile("x.a.pinning2.example.com-badca"),
+          "x.a.pinning2.example.com");
+  checkOK(certFromFile("x.a.pinning2.example.com-pinningroot"),
+          "x.a.pinning2.example.com");
 
-  checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com");
-  checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com");
-  checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com");
-  checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com");
+  checkFail(certFromFile("b.pinning2.example.com-badca"),
+            "b.pinning2.example.com");
+  checkOK(certFromFile("b.pinning2.example.com-pinningroot"),
+          "b.pinning2.example.com");
+  checkFail(certFromFile("x.b.pinning2.example.com-badca"),
+            "x.b.pinning2.example.com");
+  checkOK(certFromFile("x.b.pinning2.example.com-pinningroot"),
+          "x.b.pinning2.example.com");
 
   checkDefaultSiteHPKPStatus();
 
   // failure to insert new pin entry leaves previous pin behavior
   throws(() => {
     gSSService.setKeyPins("a.pinning2.example.com", true,
                           new Date().getTime() + 1000000, 1, ["not a hash"]);
   }, /NS_ERROR_ILLEGAL_VALUE/, "Attempting to set an invalid pin should fail");
-  checkFail(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com");
-  checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com");
-  checkOK(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com");
-  checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com");
+  checkFail(certFromFile("a.pinning2.example.com-badca"),
+            "a.pinning2.example.com");
+  checkOK(certFromFile("a.pinning2.example.com-pinningroot"),
+          "a.pinning2.example.com");
+  checkOK(certFromFile("x.a.pinning2.example.com-badca"),
+          "x.a.pinning2.example.com");
+  checkOK(certFromFile("x.a.pinning2.example.com-pinningroot"),
+          "x.a.pinning2.example.com");
 
-  checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com");
-  checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com");
-  checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com");
-  checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com");
+  checkFail(certFromFile("b.pinning2.example.com-badca"),
+            "b.pinning2.example.com");
+  checkOK(certFromFile("b.pinning2.example.com-pinningroot"),
+          "b.pinning2.example.com");
+  checkFail(certFromFile("x.b.pinning2.example.com-badca"),
+            "x.b.pinning2.example.com");
+  checkOK(certFromFile("x.b.pinning2.example.com-pinningroot"),
+          "x.b.pinning2.example.com");
 
   checkDefaultSiteHPKPStatus();
 
   // Incorrect size results in failure
   throws(() => {
     gSSService.setKeyPins("a.pinning2.example.com", true,
                           new Date().getTime() + 1000000, 2, ["not a hash"]);
   }, /NS_ERROR_XPC_NOT_ENOUGH_ELEMENTS_IN_ARRAY/,
@@ -204,43 +236,51 @@ function checkStateRead(aSubject, aTopic
                         1, [NON_ISSUED_KEY_HASH]);
 
   // Check that a preload pin loaded from file works as expected
   checkFail(certFromFile("a.preload.example.com-badca"), "a.preload.example.com");
   checkOK(certFromFile("a.preload.example.com-pinningroot"), "a.preload.example.com");
 
   // Check a dynamic addition works as expected
   // first, it should succeed with the badCA - because there's no pin
-  checkOK(certFromFile('b.preload.example.com-badca'), "b.preload.example.com");
+  checkOK(certFromFile("b.preload.example.com-badca"), "b.preload.example.com");
   // then we add a pin, and we should get a failure (ensuring the expiry is
   // after the test timeout)
   gSSService.setKeyPins("b.preload.example.com", false,
                         new Date().getTime() + 1000000, 2,
                         [NON_ISSUED_KEY_HASH, PINNING_ROOT_KEY_HASH], true);
-  checkFail(certFromFile('b.preload.example.com-badca'), "b.preload.example.com");
+  checkFail(certFromFile("b.preload.example.com-badca"), "b.preload.example.com");
 
   do_timeout(1250, checkExpiredState);
 }
 
 function checkExpiredState() {
-  checkOK(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com");
-  checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com");
-  checkOK(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com");
-  checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com");
+  checkOK(certFromFile("a.pinning2.example.com-badca"),
+          "a.pinning2.example.com");
+  checkOK(certFromFile("a.pinning2.example.com-pinningroot"),
+          "a.pinning2.example.com");
+  checkOK(certFromFile("x.a.pinning2.example.com-badca"),
+          "x.a.pinning2.example.com");
+  checkOK(certFromFile("x.a.pinning2.example.com-pinningroot"),
+          "x.a.pinning2.example.com");
 
-  checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com");
-  checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com");
-  checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com");
-  checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com");
+  checkFail(certFromFile("b.pinning2.example.com-badca"),
+          "b.pinning2.example.com");
+  checkOK(certFromFile("b.pinning2.example.com-pinningroot"),
+          "b.pinning2.example.com");
+  checkFail(certFromFile("x.b.pinning2.example.com-badca"),
+          "x.b.pinning2.example.com");
+  checkOK(certFromFile("x.b.pinning2.example.com-pinningroot"),
+          "x.b.pinning2.example.com");
   checkPreloadClear();
 }
 
 function checkPreloadClear() {
   // Check that the preloaded pins still work after private data is cleared
   gSSService.clearAll();
-  checkFail(certFromFile('b.preload.example.com-badca'), "b.preload.example.com");
+  checkFail(certFromFile("b.preload.example.com-badca"), "b.preload.example.com");
 
   // Check that the preloaded pins are cleared when we clear preloads
   gSSService.clearPreloads();
-  checkOK(certFromFile('b.preload.example.com-badca'), "b.preload.example.com");
+  checkOK(certFromFile("b.preload.example.com-badca"), "b.preload.example.com");
 
   do_test_finished();
 }
--- a/security/manager/ssl/tests/unit/test_pinning_header_parsing.js
+++ b/security/manager/ssl/tests/unit/test_pinning_header_parsing.js
@@ -19,27 +19,27 @@ function certFromFile(cert_name) {
 function loadCert(cert_name, trust_string) {
   let cert_filename = "test_pinning_dynamic/" + cert_name + ".pem";
   addCertFromFile(certdb, cert_filename, trust_string);
   return constructCertFromFile(cert_filename);
 }
 
 function checkFailParseInvalidPin(pinValue) {
   let sslStatus = new FakeSSLStatus(
-                        certFromFile('a.pinning2.example.com-pinningroot'));
+                        certFromFile("a.pinning2.example.com-pinningroot"));
   let uri = Services.io.newURI("https://a.pinning2.example.com", null, null);
   throws(() => {
     gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
                              pinValue, sslStatus, 0);
   }, /NS_ERROR_FAILURE/, `Invalid pin "${pinValue}" should be rejected`);
 }
 
 function checkPassValidPin(pinValue, settingPin, expectedMaxAge) {
   let sslStatus = new FakeSSLStatus(
-                        certFromFile('a.pinning2.example.com-pinningroot'));
+                        certFromFile("a.pinning2.example.com-pinningroot"));
   let uri = Services.io.newURI("https://a.pinning2.example.com", null, null);
   let maxAge = {};
 
   // setup preconditions for the test, if setting ensure there is no previous
   // state, if removing ensure there is a valid pin in place.
   if (settingPin) {
     gSSService.removeState(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0);
   } else {
--- a/security/manager/ssl/tests/unit/test_sss_eviction.js
+++ b/security/manager/ssl/tests/unit/test_sss_eviction.js
@@ -16,17 +16,17 @@ function do_state_written(aSubject, aTop
 
   equal(aData, SSS_STATE_FILE_NAME);
 
   let stateFile = gProfileDir.clone();
   stateFile.append(SSS_STATE_FILE_NAME);
   ok(stateFile.exists());
   let stateFileContents = readFile(stateFile);
   // the last part is removed because it's the empty string after the final \n
-  let lines = stateFileContents.split('\n').slice(0, -1);
+  let lines = stateFileContents.split("\n").slice(0, -1);
   // We can receive multiple data-storage-written events. In particular, we
   // may receive one where DataStorage wrote out data before we were done
   // processing all of our headers. In this case, the data may not be
   // as we expect. We only care about the final one being correct, however,
   // so we return and wait for the next event if things aren't as we expect.
   // There should be 1024 entries.
   if (lines.length != 1024) {
     return;
--- a/security/manager/ssl/tests/unit/test_sss_savestate.js
+++ b/security/manager/ssl/tests/unit/test_sss_savestate.js
@@ -24,25 +24,25 @@ function checkStateWritten(aSubject, aTo
 
   equal(aData, SSS_STATE_FILE_NAME);
 
   let stateFile = gProfileDir.clone();
   stateFile.append(SSS_STATE_FILE_NAME);
   ok(stateFile.exists());
   let stateFileContents = readFile(stateFile);
   // the last line is removed because it's just a trailing newline
-  let lines = stateFileContents.split('\n').slice(0, -1);
+  let lines = stateFileContents.split("\n").slice(0, -1);
   equal(lines.length, EXPECTED_ENTRIES);
   let sites = {}; // a map of domain name -> [the entry in the state file]
   for (let line of lines) {
-    let parts = line.split('\t');
+    let parts = line.split("\t");
     let host = parts[0];
     let score = parts[1];
     let lastAccessed = parts[2];
-    let entry = parts[3].split(',');
+    let entry = parts[3].split(",");
     let expectedColumns = EXPECTED_HSTS_COLUMNS;
     if (host.indexOf("HPKP") != -1) {
       expectedColumns = EXPECTED_HPKP_COLUMNS;
     }
     equal(entry.length, expectedColumns);
     sites[host] = entry;
   }
 
--- a/security/manager/tools/genHPKPStaticPins.js
+++ b/security/manager/tools/genHPKPStaticPins.js
@@ -14,17 +14,17 @@
 
 if (arguments.length != 3) {
   throw new Error("Usage: genHPKPStaticPins.js " +
                   "<absolute path to PreloadedHPKPins.json> " +
                   "<an unused argument - see bug 1205406> " +
                   "<absolute path to StaticHPKPins.h>");
 }
 
-var { 'classes': Cc, 'interfaces': Ci, 'utils': Cu, 'results': Cr } = Components;
+const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
 
 var { NetUtil } = Cu.import("resource://gre/modules/NetUtil.jsm", {});
 var { FileUtils } = Cu.import("resource://gre/modules/FileUtils.jsm", {});
 var { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
 
 var gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
                 .getService(Ci.nsIX509CertDB);
 
@@ -231,17 +231,17 @@ function downloadAndParseChromeCerts(fil
   let pemCert = "";
   let pemPubKey = "";
   let hash = "";
   let chromeNameToHash = {};
   let chromeNameToMozName = {};
   let chromeName;
   for (let line of lines) {
     // Skip comments and newlines.
-    if (line.length == 0 || line[0] == '#') {
+    if (line.length == 0 || line[0] == "#") {
       continue;
     }
     switch (state) {
       case PRE_NAME:
         chromeName = line;
         state = POST_NAME;
         break;
       case POST_NAME:
--- a/security/manager/tools/genRootCAHashes.js
+++ b/security/manager/tools/genRootCAHashes.js
@@ -57,17 +57,17 @@ const FP_POSTAMBLE = "};\n";
 
 // Helper
 function writeString(fos, string) {
   fos.write(string, string.length);
 }
 
 // Remove all colons from a string
 function stripColons(hexString) {
-  return hexString.replace(/:/g, '');
+  return hexString.replace(/:/g, "");
 }
 
 // Expect an array of bytes and make it C-formatted
 function hexSlice(bytes, start, end) {
   let ret = "";
   for (let i = start; i < end; i++) {
     let hex = (0 + bytes.charCodeAt(i).toString(16)).slice(-2).toUpperCase();
     ret += "0x" + hex;
@@ -105,17 +105,17 @@ function loadTrustAnchors(file) {
   return { roots: [], maxBin: 0 };
 }
 
 // Saves our persistence file so that we don't lose track of the mapping
 // between bin numbers and the CA-hashes, even as CAs come and go.
 function writeTrustAnchors(file) {
   let fos = FileUtils.openSafeFileOutputStream(file);
 
-  let serializedData = JSON.stringify(gTrustAnchors, null, '  ');
+  let serializedData = JSON.stringify(gTrustAnchors, null, "  ");
   fos.write(JSON_HEADER, JSON_HEADER.length);
   fos.write(serializedData, serializedData.length);
 
   FileUtils.closeSafeFileOutputStream(fos);
 }
 
 
 // Write the C++ header file
--- a/security/manager/tools/getHSTSPreloadList.js
+++ b/security/manager/tools/getHSTSPreloadList.js
@@ -316,17 +316,17 @@ function output(sortedStatuses, currentL
               (status.finalIncludeSubdomains ? "true" : "false") + " */ ",
               fos);
       // Write out the string itself as individual characters, including the
       // null terminator.  We do it this way rather than using C's string
       // concatentation because some compilers have hardcoded limits on the
       // lengths of string literals, and the preload list is large enough
       // that it runs into said limits.
       for (let c of status.name) {
-	writeTo("'" + c + "', ", fos);
+        writeTo("'" + c + "', ", fos);
       }
       writeTo("'\\0',\n", fos);
     }
     writeTo("};\n", fos);
 
     const PREFIX = "\n" +
       "struct nsSTSPreload\n" +
       "{\n" +
--- a/security/manager/tools/makeCNNICHashes.js
+++ b/security/manager/tools/makeCNNICHashes.js
@@ -194,17 +194,17 @@ function compareCertificatesByHash(certA
   if (aBin > bBin) {
      return 1;
   }
  return 0;
 }
 
 function certToPEM(cert) {
   let der = cert.getRawDER({});
-  let derString = '';
+  let derString = "";
   for (let i = 0; i < der.length; i++) {
     derString += String.fromCharCode(der[i]);
   }
   let base64Lines = btoa(derString).replace(/(.{64})/g, "$1\n");
   let output = "-----BEGIN CERTIFICATE-----\n";
   for (let line of base64Lines.split("\n")) {
     if (line.length > 0) {
       output += line + "\n";