Bug 1492943 - Part 2 - Update copy for HSTS certificate errors. r=nhnt11
Copy changes as outlined in https://docs.google.com/document/d/18mKAiSSLRTVcjJ1C9rIMQRnQ7eMwqqXPPN0xIyW6DDI/edit?ts=5bbfbfbb#
- New heading
- Slightly updated description
- Replace "More..." with "More Information"
- Remove the "Recommended" label on the return button
Differential Revision:
https://phabricator.services.mozilla.com/D8831
--- a/browser/base/content/aboutNetError-new.xhtml
+++ b/browser/base/content/aboutNetError-new.xhtml
@@ -27,16 +27,17 @@
<link rel="icon" id="favicon" href="chrome://global/skin/icons/warning.svg"/>
</head>
<body dir="&locale.dir;">
<!-- ERROR ITEM CONTAINER (removed during loading to avoid bug 39098) -->
<div id="errorContainer">
<div id="errorPageTitlesContainer">
<span id="ept_nssBadCert">&certerror.pagetitle2;</span>
+ <span id="ept_nssBadCert_sts">&certerror.sts.pagetitle;</span>
<span id="ept_captivePortal">&captivePortal.title;</span>
<span id="ept_dnsNotFound">&dnsNotFound.pageTitle;</span>
<span id="ept_malformedURI">&malformedURI.pageTitle;</span>
<span id="ept_blockedByPolicy">&blockedByPolicy.title;</span>
</div>
<div id="errorTitlesContainer">
<h1 id="et_generic">&generic.title;</h1>
<h1 id="et_captivePortal">&captivePortal.title;</h1>
@@ -55,16 +56,17 @@
<h1 id="et_netInterrupt">&netInterrupt.title;</h1>
<h1 id="et_deniedPortAccess">&deniedPortAccess.title;</h1>
<h1 id="et_proxyResolveFailure">&proxyResolveFailure.title;</h1>
<h1 id="et_proxyConnectFailure">&proxyConnectFailure.title;</h1>
<h1 id="et_contentEncodingError">&contentEncodingError.title;</h1>
<h1 id="et_unsafeContentType">&unsafeContentType.title;</h1>
<h1 id="et_nssFailure2">&nssFailure2.title;</h1>
<h1 id="et_nssBadCert">&certerror.longpagetitle2;</h1>
+ <h1 id="et_nssBadCert_sts">&certerror.sts.longpagetitle;</h1>
<h1 id="et_cspBlocked">&cspBlocked.title;</h1>
<h1 id="et_remoteXUL">&remoteXUL.title;</h1>
<h1 id="et_corruptedContentErrorv2">&corruptedContentErrorv2.title;</h1>
<h1 id="et_sslv3Used">&sslv3Used.title;</h1>
<h1 id="et_inadequateSecurityError">&inadequateSecurityError.title;</h1>
<h1 id="et_blockedByPolicy">&blockedByPolicy.title;</h1>
<h1 id="et_clockSkewError">&clockSkewError.title;</h1>
</div>
@@ -86,16 +88,17 @@
<div id="ed_netInterrupt">&netInterrupt.longDesc;</div>
<div id="ed_deniedPortAccess">&deniedPortAccess.longDesc;</div>
<div id="ed_proxyResolveFailure">&proxyResolveFailure.longDesc;</div>
<div id="ed_proxyConnectFailure">&proxyConnectFailure.longDesc;</div>
<div id="ed_contentEncodingError">&contentEncodingError.longDesc;</div>
<div id="ed_unsafeContentType">&unsafeContentType.longDesc;</div>
<div id="ed_nssFailure2">&nssFailure2.longDesc2;</div>
<div id="ed_nssBadCert">&certerror.introPara2;</div>
+ <div id="ed_nssBadCert_sts">&certerror.sts.introPara;</div>
<div id="ed_cspBlocked">&cspBlocked.longDesc;</div>
<div id="ed_remoteXUL">&remoteXUL.longDesc;</div>
<div id="ed_corruptedContentErrorv2">&corruptedContentErrorv2.longDesc;</div>
<div id="ed_sslv3Used">&sslv3Used.longDesc2;</div>
<div id="ed_inadequateSecurityError">&inadequateSecurityError.longDesc;</div>
<div id="ed_blockedByPolicy"></div>
<div id="ed_clockSkewError">&clockSkewError.longDesc;</div>
</div>
@@ -111,16 +114,20 @@
<div id="es_nssBadCert_SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
<div id="es_nssBadCert_SEC_ERROR_OCSP_FUTURE_RESPONSE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
<div id="es_nssBadCert_SEC_ERROR_OCSP_OLD_RESPONSE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
<div id="es_nssBadCert_MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
<div id="es_nssBadCert_MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE">&certerror.expiredCert.whatCanYouDoAboutIt2;</div>
<div id="es_nssBadCert_SSL_ERROR_BAD_CERT_DOMAIN">&certerror.badCertDomain.whatCanYouDoAboutIt;</div>
<div id="es_nssBadCert_SEC_ERROR_OCSP_INVALID_SIGNING_CERT">&certerror.badCertDomain.whatCanYouDoAboutIt;</div>
</div>
+ <!-- Stores an alternative text for when we don't want to add "Recommended" to the
+ return button. This is one of many l10n atrocities in this file and should be
+ removed when we finally switch to Fluent. -->
+ <span id="stsReturnButtonText">&returnToPreviousPage.label;</span>
</div>
<!-- PAGE CONTAINER (for styling purposes only) -->
<div id="errorPageContainer" class="container">
<div id="text-container">
<!-- Error Title -->
<div class="title">
<h1 class="title-text"/>
--- a/browser/base/content/aboutNetError.js
+++ b/browser/base/content/aboutNetError.js
@@ -123,16 +123,20 @@ function disallowCertOverridesIfNeeded()
// Disallow overrides if this is a Strict-Transport-Security
// host and the cert is bad (STS Spec section 7.3) or if the
// certerror is in a frame (bug 633691).
if (cssClass == "badStsCert" || window != top) {
document.getElementById("exceptionDialogButton").setAttribute("hidden", "true");
}
if (cssClass == "badStsCert") {
document.getElementById("badStsCertExplanation").removeAttribute("hidden");
+
+ let stsReturnButtonText = document.getElementById("stsReturnButtonText").textContent;
+ document.getElementById("returnButton").textContent = stsReturnButtonText;
+ document.getElementById("advancedPanelReturnButton").textContent = stsReturnButtonText;
}
}
function initPage() {
var err = getErrorCode();
// List of error pages with an illustration.
let illustratedErrors = [
"malformedURI", "dnsNotFound", "connectionFailure", "netInterrupt",
@@ -147,25 +151,35 @@ function initPage() {
gIsCertError = (err == "nssBadCert");
// Only worry about captive portals if this is a cert error.
let showCaptivePortalUI = isCaptive() && gIsCertError;
if (showCaptivePortalUI) {
err = "captivePortal";
}
- let pageTitle = document.getElementById("ept_" + err);
+ let l10nErrId = err;
+ let className = getCSSClass();
+ if (className) {
+ document.body.classList.add(className);
+ }
+
+ if (gIsCertError && className == "badStsCert") {
+ l10nErrId += "_sts";
+ }
+
+ let pageTitle = document.getElementById("ept_" + l10nErrId);
if (pageTitle) {
document.title = pageTitle.textContent;
}
// if it's an unknown error or there's no title or description
// defined, get the generic message
- var errTitle = document.getElementById("et_" + err);
- var errDesc = document.getElementById("ed_" + err);
+ var errTitle = document.getElementById("et_" + l10nErrId);
+ var errDesc = document.getElementById("ed_" + l10nErrId);
if (!errTitle || !errDesc) {
errTitle = document.getElementById("et_generic");
errDesc = document.getElementById("ed_generic");
}
// eslint-disable-next-line no-unsanitized/property
document.querySelector(".title-text").innerHTML = errTitle.innerHTML;
@@ -203,17 +217,16 @@ function initPage() {
learnMoreLink.href = "https://support.mozilla.org/kb/how-resolve-sslv3-error-messages-firefox";
document.body.className = "certerror";
}
// remove undisplayed errors to avoid bug 39098
var errContainer = document.getElementById("errorContainer");
errContainer.remove();
- var className = getCSSClass();
if (className && className != "expertBadCert") {
// Associate a CSS class with the root of the page, if one was passed in,
// to allow custom styling.
// Not "expertBadCert" though, don't want to deal with the favicon
document.documentElement.className = className;
// Also, if they specified a CSS class, they must supply their own
// favicon. In order to trigger the browser to repaint though, we
@@ -317,17 +330,17 @@ function initPageCaptivePortal() {
// When the portal is freed, an event is generated by the frame script
// that we can pick up and attempt to reload the original page.
window.addEventListener("AboutNetErrorCaptivePortalFreed", () => {
document.location.reload();
});
}
function initPageCertError() {
- document.body.className = "certerror";
+ document.body.classList.add("certerror");
for (let host of document.querySelectorAll(".hostname")) {
host.textContent = document.location.hostname;
}
addAutofocus("returnButton");
setupAdvancedButton();
document.getElementById("learnMoreContainer").style.display = "block";
--- a/browser/base/content/test/static/browser_misused_characters_in_strings.js
+++ b/browser/base/content/test/static/browser_misused_characters_in_strings.js
@@ -13,16 +13,20 @@ let gWhitelist = [{
key: "certerror.introPara",
type: "single-quote",
}, {
file: "netError.dtd",
key: "certerror.introPara2",
type: "single-quote",
}, {
file: "netError.dtd",
+ key: "certerror.sts.introPara",
+ type: "single-quote",
+ }, {
+ file: "netError.dtd",
key: "certerror.expiredCert.whatCanYouDoAboutIt2",
type: "single-quote",
}, {
file: "netError.dtd",
key: "certerror.whatShouldIDo.badStsCertExplanation1",
type: "single-quote",
}, {
file: "netError.dtd",
--- a/browser/locales/en-US/chrome/overrides/netError.dtd
+++ b/browser/locales/en-US/chrome/overrides/netError.dtd
@@ -145,21 +145,23 @@
<ul>
<li>The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.</li>
<li>Please contact the website owners to inform them of this problem.</li>
</ul>
">
<!ENTITY certerror.longpagetitle1 "Your connection is not secure">
<!ENTITY certerror.longpagetitle2 "Warning: Potential Security Risk Ahead">
+<!ENTITY certerror.sts.longpagetitle "Did Not Connect: Potential Security Issue">
<!-- Localization note (certerror.introPara, certerror.introPara2) - The text content of the span tag
will be replaced at runtime with the name of the server to which the user
was trying to connect. -->
<!ENTITY certerror.introPara "The owner of <span class='hostname'/> has configured their website improperly. To protect your information from being stolen, &brandShortName; has not connected to this website.">
<!ENTITY certerror.introPara2 "&brandShortName; detected a potential security threat and did not continue to <span class='hostname'/>. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.">
+<!ENTITY certerror.sts.introPara "&brandShortName; detected a potential security threat and did not continue to <span class='hostname'/> because this website requires a secure connection.">
<!ENTITY certerror.expiredCert.secondPara "This issue is most likely because your computer clock is set to the wrong time, which would prevent &brandShortName; from connecting securely.">
<!ENTITY certerror.whatCanYouDoAboutItTitle "What can you do about it?">
<!ENTITY certerror.unknownIssuer.whatCanYouDoAboutIt "
<p>The issue is most likely with the website, and there is nothing you can do to resolve it.</p>
<p>If you are on a corporate network or using anti-virus software, you can reach out to the support teams for assistance. You can also notify the website’s administrator about the problem.</p>
@@ -209,16 +211,17 @@ was trying to connect. -->
<!-- LOCALIZATION NOTE (certerror.wrongSystemTime2,
certerror.wrongSystemTimeWithoutReference) - The <span id='..' />
tags will be injected with actual values, please leave them unchanged. -->
<!ENTITY certerror.wrongSystemTime2 "<p> &brandShortName; did not connect to <span id='wrongSystemTime_URL'/> because your computer’s clock appears to show the wrong time and this is preventing a secure connection.</p> <p>Your computer is set to <span id='wrongSystemTime_systemDate'/>, when it should be <span id='wrongSystemTime_actualDate'/>. To fix this problem, change your date and time settings to match the correct time.</p>">
<!ENTITY certerror.wrongSystemTimeWithoutReference "<p>&brandShortName; did not connect to <span id='wrongSystemTimeWithoutReference_URL'/> because your computer’s clock appears to show the wrong time and this is preventing a secure connection.</p> <p>Your computer is set to <span id='wrongSystemTimeWithoutReference_systemDate'/>. To fix this problem, change your date and time settings to match the correct time.</p>">
<!ENTITY certerror.pagetitle1 "Insecure Connection">
<!ENTITY certerror.pagetitle2 "Warning: Potential Security Risk Ahead">
+<!ENTITY certerror.sts.pagetitle "Did Not Connect: Potential Security Issue">
<!ENTITY certerror.whatShouldIDo.badStsCertExplanation "This site uses HTTP
Strict Transport Security (HSTS) to specify that &brandShortName; may only connect
to it securely. As a result, it is not possible to add an exception for this
certificate.">
<!ENTITY certerror.whatShouldIDo.badStsCertExplanation1 "<span class='hostname'></span> has a security policy called HTTP Strict Transport Security (HSTS), which means that &brandShortName; can only connect to it securely. You can’t add an exception to visit this site.">
<!ENTITY certerror.copyToClipboard.label "Copy text to clipboard">
<!ENTITY inadequateSecurityError.title "Your connection is not secure">
--- a/browser/themes/shared/aboutNetError-new.css
+++ b/browser/themes/shared/aboutNetError-new.css
@@ -93,25 +93,25 @@ body:not(.captiveportal) #openPortalLogi
body:not(.clockSkewError) #errorTryAgain {
display: none;
}
body:not(.clockSkewError) #advancedPanelErrorTryAgain {
display: none;
}
-body:not(.clockSkewError) #moreInformationButton {
+body:not(:-moz-any(.clockSkewError,.badStsCert)) #moreInformationButton {
display: none;
}
#openPortalLoginPageButton {
margin-inline-start: 0;
}
-body:not(.neterror):not(.clockSkewError) #advancedButton {
+body:not(:-moz-any(.clockSkewError,.badStsCert,.neterror)) #advancedButton {
display: block;
}
#certificateErrorReporting {
display: none;
padding-bottom: 10px;
}
