Redesign certificate error page for Firefox as about:certerror. b=431826, r=gavin, ui-r=beltzner
authorJohnathan Nightingale <johnath@mozilla.com>
Wed, 29 Oct 2008 11:54:51 -0400
changeset 21051 ab6c401333dca32f138981edfff361e894cdb59b
parent 21050 3dbb3095c8a901fdcc2e9a5976e5757a2bb75ef0
child 21052 84a9e53373c72d2ee0f6fc41eecc14813376b84c
push idunknown
push userunknown
push dateunknown
reviewersgavin, beltzner
bugs431826
milestone1.9.1b2pre
Redesign certificate error page for Firefox as about:certerror. b=431826, r=gavin, ui-r=beltzner
browser/app/profile/firefox.js
browser/base/content/browser.js
browser/components/Makefile.in
browser/components/certerror/Makefile.in
browser/components/certerror/aboutCertError.js
browser/components/certerror/content/aboutCertError.css
browser/components/certerror/content/aboutCertError.xhtml
browser/components/certerror/jar.mn
browser/components/certerror/test/Makefile.in
browser/components/certerror/test/browser_bug431826.js
browser/installer/unix/packages-static
browser/installer/windows/packages-static
browser/locales/en-US/chrome/browser/aboutCertError.dtd
browser/locales/jar.mn
browser/themes/gnomestripe/browser/aboutCertError.css
browser/themes/gnomestripe/browser/jar.mn
browser/themes/gnomestripe/browser/section_collapsed.png
browser/themes/gnomestripe/browser/section_expanded.png
browser/themes/pinstripe/browser/aboutCertError.css
browser/themes/pinstripe/browser/jar.mn
browser/themes/pinstripe/browser/section_collapsed.png
browser/themes/pinstripe/browser/section_expanded.png
browser/themes/winstripe/browser/aboutCertError.css
browser/themes/winstripe/browser/jar.mn
browser/themes/winstripe/browser/section_collapsed.png
browser/themes/winstripe/browser/section_expanded.png
docshell/base/nsDocShell.cpp
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -742,17 +742,17 @@ pref("places.frecency.defaultVisitBonus"
 // bonus (in percent) for place types for frecency calculations
 pref("places.frecency.unvisitedBookmarkBonus", 140);
 pref("places.frecency.unvisitedTypedBonus", 200);
 
 // Controls behavior of the "Add Exception" dialog launched from SSL error pages
 // 0 - don't pre-populate anything
 // 1 - pre-populate site URL, but don't fetch certificate
 // 2 - pre-populate site URL and pre-fetch certificate
-pref("browser.ssl_override_behavior", 1);
+pref("browser.ssl_override_behavior", 2);
 
 // Controls the display of domain in the identity box for SSL connections.
 // 0 - do not show domain
 // 1 - show effectiveTLD + 1 (e.g. mozilla.org)
 // 2 - show full domain (e.g. bugzilla.mozilla.org)
 pref("browser.identity.ssl_domain_display", 0);
 
 // True if the user should be prompted when a web application supports
@@ -768,8 +768,11 @@ pref("browser.zoom.siteSpecific", true);
 // replace newlines with spaces when pasting into <input type="text"> fields
 pref("editor.singleLine.pasteNewlines", 2);
 
 // The breakpad report server to link to in about:crashes
 pref("breakpad.reportURL", "http://crash-stats.mozilla.com/report/index/");
 
 // base URL for web-based support pages
 pref("app.support.baseURL", "http://support.mozilla.com/1/%APP%/%VERSION%/%OS%/%LOCALE%/");
+
+// Name of alternate about: page for certificate errors (when undefined, defaults to about:neterror)
+pref("security.alternate_certificate_error_page", "certerror");
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -2179,17 +2179,17 @@ function BrowserOnCommand(event) {
     if (!event.isTrusted)
       return;
 
     var ot = event.originalTarget;
     var errorDoc = ot.ownerDocument;
 
     // If the event came from an ssl error page, it is probably either the "Add
     // Exception…" or "Get me out of here!" button
-    if (/^about:neterror\?e=nssBadCert/.test(errorDoc.documentURI)) {
+    if (/^about:certerror/.test(errorDoc.documentURI)) {
       if (ot == errorDoc.getElementById('exceptionDialogButton')) {
         var params = { exceptionAdded : false };
         
         try {
           switch (gPrefService.getIntPref("browser.ssl_override_behavior")) {
             case 2 : // Pre-fetch & pre-populate
               params.prefetchCert = true;
             case 1 : // Pre-populate
@@ -2728,18 +2728,20 @@ const DOMLinkHandler = {
             if (gBrowser.isFailedIcon(uri))
               break;
 
             // Verify that the load of this icon is legal.
             // error pages can load their favicon, to be on the safe side,
             // only allow chrome:// favicons
             const aboutNeterr = /^about:neterror\?/;
             const aboutBlocked = /^about:blocked\?/;
+            const aboutCert = /^about:certerror\?/;
             if (!(aboutNeterr.test(targetDoc.documentURI) ||
-                  aboutBlocked.test(targetDoc.documentURI)) ||
+                  aboutBlocked.test(targetDoc.documentURI) ||
+                  aboutCert.test(targetDoc.documentURI)) ||
                 !uri.schemeIs("chrome")) {
               var ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].
                         getService(Ci.nsIScriptSecurityManager);
               try {
                 ssm.checkLoadURIWithPrincipal(targetDoc.nodePrincipal, uri,
                                               Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT);
               } catch(e) {
                 break;
--- a/browser/components/Makefile.in
+++ b/browser/components/Makefile.in
@@ -54,16 +54,17 @@ EXTRA_PP_COMPONENTS = \
 	nsBrowserContentHandler.js \
 	nsBrowserGlue.js \
 	aboutRobots.js \
 	$(NULL)
 
 EXTRA_JS_MODULES = distribution.js
 
 DIRS = \
+	certerror \
 	dirprovider \
 	microsummaries \
 	migration \
 	preferences \
 	search \
 	sessionstore \
 	shell \
 	sidebar \
new file mode 100644
--- /dev/null
+++ b/browser/components/certerror/Makefile.in
@@ -0,0 +1,55 @@
+#
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is
+# Netscape Communications Corporation.
+# Portions created by the Initial Developer are Copyright (C) 1998
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+
+DEPTH     = ../../..
+topsrcdir = @top_srcdir@
+srcdir    = @srcdir@
+VPATH     = @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+ifdef ENABLE_TESTS
+DIRS += test
+endif
+
+# EXTRA_COMPONENTS installs components written in JS to dist/bin/components
+EXTRA_PP_COMPONENTS = \
+         aboutCertError.js \
+         $(NULL)
+
+include $(topsrcdir)/config/rules.mk
new file mode 100644
--- /dev/null
+++ b/browser/components/certerror/aboutCertError.js
@@ -0,0 +1,75 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is about:robots
+ *
+ * The Initial Developer of the Original Code is Mozilla Foundation.
+ * Portions created by the Initial Developer are Copyright (C) 2008
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Ryan Flint <rflint@mozilla.com>
+ *   Justin Dolske <dolske@mozilla.com>
+ *   Johnathan Nightingale <johnath@mozilla.com>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+const Cc = Components.classes;
+const Ci = Components.interfaces;
+
+Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
+
+function AboutCertError() {}
+AboutCertError.prototype = {
+  classDescription: "About Cert Error",
+  contractID: "@mozilla.org/network/protocol/about;1?what=certerror",
+  classID: Components.ID("{78d2286f-de9d-47ac-9c26-e8675aedf3be}"),
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIAboutModule]),
+ 
+  getURIFlags: function(aURI) {
+    return (Ci.nsIAboutModule.ALLOW_SCRIPT |
+            Ci.nsIAboutModule.URI_SAFE_FOR_UNTRUSTED_CONTENT);
+  },
+
+  newChannel: function(aURI) {
+    var ios = Cc["@mozilla.org/network/io-service;1"].
+              getService(Ci.nsIIOService);
+
+    var secMan = Cc["@mozilla.org/scriptsecuritymanager;1"].
+                 getService(Ci.nsIScriptSecurityManager);
+
+    var channel = ios.newChannel("chrome://browser/content/certerror/aboutCertError.xhtml",
+                                 null, null);
+    var principal = secMan.getCodebasePrincipal(aURI);
+
+    channel.originalURI = aURI;
+    channel.owner = principal;
+
+    return channel;
+  }
+};
+
+function NSGetModule(compMgr, fileSpec) {
+  return XPCOMUtils.generateModule([AboutCertError]);
+}
new file mode 100644
--- /dev/null
+++ b/browser/components/certerror/content/aboutCertError.css
@@ -0,0 +1,59 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is
+ * Mozilla Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2008
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   William Price <bugzilla@mob.rice.edu>
+ *   Steven Garrity <steven@silverorange.com>
+ *   Henrik Skupin  <mozilla@hskupin.info>
+ *   Johnathan Nightingale <johnath@mozilla.com>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+/* Logical CSS rules belong here, but presentation & theming rules
+   should live in the CSS of the appropriate theme */
+
+#technicalContentText {
+  overflow: auto;
+  white-space: pre-wrap;
+}
+
+#technicalContent > h2, #expertContent > h2 {
+  cursor: pointer;
+  padding-left: 20px;
+  position: relative;
+  left: -20px;
+}
+
+div[collapsed] > p,
+div[collapsed] > div {
+  display: none;
+}
new file mode 100644
--- /dev/null
+++ b/browser/components/certerror/content/aboutCertError.xhtml
@@ -0,0 +1,278 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE html [
+  <!ENTITY % htmlDTD
+    PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "DTD/xhtml1-strict.dtd">
+  %htmlDTD;
+  <!ENTITY % globalDTD
+    SYSTEM "chrome://global/locale/global.dtd">
+  %globalDTD;
+  <!ENTITY % certerrorDTD
+    SYSTEM "chrome://browser/locale/aboutCertError.dtd">
+  %certerrorDTD;
+]>
+
+<!-- ***** BEGIN LICENSE BLOCK *****
+   - Version: MPL 1.1/GPL 2.0/LGPL 2.1
+   -
+   - The contents of this file are subject to the Mozilla Public License Version
+   - 1.1 (the "License"); you may not use this file except in compliance with
+   - the License. You may obtain a copy of the License at
+   - http://www.mozilla.org/MPL/
+   -
+   - Software distributed under the License is distributed on an "AS IS" basis,
+   - WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+   - for the specific language governing rights and limitations under the
+   - License.
+   -
+   - The Original Code is netError.xhtml.
+   -
+   - The Initial Developer of the Original Code is
+   - Netscape Communications Corporation.
+   - Portions created by the Initial Developer are Copyright (C) 1998
+   - the Initial Developer. All Rights Reserved.
+   -
+   - Contributor(s):
+   -   Adam Lock <adamlock@netscape.com>
+   -   William R. Price <wrprice@alumni.rice.edu>
+   -   Henrik Skupin <mozilla@hskupin.info>
+   -   Jeff Walden <jwalden+code@mit.edu>
+   -   Johnathan Nightingale <johnath@mozilla.com>
+   -   Ehsan Akhgari <ehsan.akhgari@gmail.com>
+   -
+   - Alternatively, the contents of this file may be used under the terms of
+   - either the GNU General Public License Version 2 or later (the "GPL"), or
+   - the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+   - in which case the provisions of the GPL or the LGPL are applicable instead
+   - of those above. If you wish to allow use of your version of this file only
+   - under the terms of either the GPL or the LGPL, and not to allow others to
+   - use your version of this file under the terms of the MPL, indicate your
+   - decision by deleting the provisions above and replace them with the notice
+   - and other provisions required by the LGPL or the GPL. If you do not delete
+   - the provisions above, a recipient may use your version of this file under
+   - the terms of any one of the MPL, the GPL or the LGPL.
+   -
+   - ***** END LICENSE BLOCK ***** -->
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <title>&certerror.pagetitle;</title>
+    <link rel="stylesheet" href="chrome://browser/skin/aboutCertError.css" type="text/css" media="all" />
+    <link rel="stylesheet" href="chrome://browser/content/certerror/aboutCertError.css" type="text/css" media="all" />
+    <!-- This page currently uses the same favicon as neterror.xhtml.
+         If the location of the favicon is changed for both pages, the
+         FAVICON_ERRORPAGE_URL symbol in toolkit/components/places/src/nsFaviconService.h
+         should be updated. If this page starts using a different favicon
+         than neterrorm nsFaviconService->DoSetAndLoadFaviconForPage
+         should be updated to ignore this one as well. -->
+    <link rel="icon" type="image/png" id="favicon" href="chrome://global/skin/icons/warning-16.png"/>
+
+    <script type="application/x-javascript"><![CDATA[
+      // Error url MUST be formatted like this:
+      //   about:certerror?e=error&u=url&d=desc
+
+      // Note that this file uses document.documentURI to get
+      // the URL (with the format from above). This is because
+      // document.location.href gets the current URI off the docshell,
+      // which is the URL displayed in the location bar, i.e.
+      // the URI that the user attempted to load.
+
+      function getCSSClass()
+      {
+        var url = document.documentURI;
+        var matches = url.match(/s\=([^&]+)\&/);
+        // s is optional, if no match just return nothing
+        if (!matches || matches.length < 2)
+          return "";
+
+        // parenthetical match is the second entry
+        return decodeURIComponent(matches[1]);
+      }
+
+      function getDescription()
+      {
+        var url = document.documentURI;
+        var desc = url.search(/d\=/);
+
+        // desc == -1 if not found; if so, return an empty string
+        // instead of what would turn out to be portions of the URI
+        if (desc == -1)
+          return "";
+
+        return decodeURIComponent(url.slice(desc + 2));
+      }
+
+      function initPage()
+      {
+        // Replace the "#1" string in the intro with the hostname.  Trickier
+        // than it might seem since we want to preserve the <b> tags, but
+        // not allow for any injection by just using innerHTML.  Instead,
+        // just find the right target text node.
+        var intro = document.getElementById('introContentP1');
+        function replaceWithHost(node) {
+          if (node.textContent == "#1")
+            node.textContent = location.host;
+          else
+            for(var i = 0; i < node.childNodes.length; i++)
+              replaceWithHost(node.childNodes[i]);
+        };
+        replaceWithHost(intro);
+        
+        if (getCSSClass() == "expertBadCert") {
+          toggle('expertContent');
+        }
+        
+        var tech = document.getElementById("technicalContentText");
+        if (tech)
+          tech.textContent = getDescription();
+        
+        addDomainErrorLink();
+      }
+      
+      /* In the case of SSL error pages about domain mismatch, see if
+         we can hyperlink the user to the correct site.  We don't want
+         to do this generically since it allows MitM attacks to redirect
+         users to a site under attacker control, but in certain cases
+         it is safe (and helpful!) to do so.  Bug 402210
+      */
+      function addDomainErrorLink() {
+        // Rather than textContent, we need to treat description as HTML
+        var sd = document.getElementById("technicalContentText");
+        if (sd) {
+          var desc = getDescription();
+          
+          // sanitize description text - see bug 441169
+          
+          // First, find the index of the <a> tag we care about, being careful not to
+          // use an over-greedy regex
+          var re = /<a id="cert_domain_link" title="([^"]+)">/;
+          var result = re.exec(desc);
+          if(!result)
+            return;
+          
+          // Remove sd's existing children
+          sd.textContent = "";
+
+          // Everything up to the link should be text content
+          sd.appendChild(document.createTextNode(desc.slice(0, result.index)));
+          
+          // Now create the link itself
+          var anchorEl = document.createElement("a");
+          anchorEl.setAttribute("id", "cert_domain_link");
+          anchorEl.setAttribute("title", result[1]);
+          anchorEl.appendChild(document.createTextNode(result[1]));
+          sd.appendChild(anchorEl);
+          
+          // Finally, append text for anything after the closing </a>
+          sd.appendChild(document.createTextNode(desc.slice(desc.indexOf("</a>") + "</a>".length)));
+        }
+
+        var link = document.getElementById('cert_domain_link');
+        if (!link)
+          return;
+        
+        var okHost = link.getAttribute("title");
+        var thisHost = document.location.hostname;
+        var proto = document.location.protocol;
+
+        // If okHost is a wildcard domain ("*.example.com") let's
+        // use "www" instead.  "*.example.com" isn't going to
+        // get anyone anywhere useful. bug 432491
+        okHost = okHost.replace(/^\*\./, "www.");
+
+        /* case #1: 
+         * example.com uses an invalid security certificate.
+         *
+         * The certificate is only valid for www.example.com
+         *
+         * Make sure to include the "." ahead of thisHost so that
+         * a MitM attack on paypal.com doesn't hyperlink to "notpaypal.com"
+         *
+         * We'd normally just use a RegExp here except that we lack a
+         * library function to escape them properly (bug 248062), and
+         * domain names are famous for having '.' characters in them,
+         * which would allow spurious and possibly hostile matches.
+         */
+        if (endsWith(okHost, "." + thisHost))
+          link.href = proto + okHost;
+
+        /* case #2:
+         * browser.garage.maemo.org uses an invalid security certificate.
+         *
+         * The certificate is only valid for garage.maemo.org
+         */
+        if (endsWith(thisHost, "." + okHost))
+          link.href = proto + okHost;
+          
+        // If we set a link, meaning there's something helpful for
+        // the user here, expand the section by default
+        if (link.href)
+          toggle("technicalContent");
+      }
+      
+      function endsWith(haystack, needle) {
+        return haystack.slice(-needle.length) == needle;
+      }
+
+      function toggle(id) {
+        var el = document.getElementById(id);
+        if (el.getAttribute("collapsed"))
+          el.removeAttribute("collapsed");
+        else
+          el.setAttribute("collapsed", true);
+      }
+    ]]></script>
+  </head>
+
+  <body dir="&locale.dir;">
+
+    <!-- PAGE CONTAINER (for styling purposes only) -->
+    <div id="errorPageContainer">
+    
+      <!-- Error Title -->
+      <div id="errorTitle">
+        <h1 id="errorTitleText">&certerror.longpagetitle;</h1>
+      </div>
+      
+      <!-- LONG CONTENT (the section most likely to require scrolling) -->
+      <div id="errorLongContent">
+        <div id="introContent">
+          <p id="introContentP1">&certerror.introPara1;</p>
+          <p>&certerror.introPara2;</p>
+        </div>
+        
+        <div id="whatShouldIDoContent">
+          <h2>&certerror.whatShouldIDo.heading;</h2>
+          <div id="whatShouldIDoContentText">
+            <p>&certerror.whatShouldIDo.content;</p>
+            <xul:button xmlns:xul='http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul' id='getMeOutOfHereButton' label='&certerror.getMeOutOfHere.label;'/>
+          </div>
+        </div>
+        
+        <div id="technicalContent" collapsed="true">
+          <h2 onclick="toggle('technicalContent');" id="technicalContentHeading">&certerror.technical.heading;</h2>
+          <p id="technicalContentText"/>
+        </div>
+        
+        <!-- This section can be unhidden by default by setting the
+        "browser.xul.error_pages.expert_bad_cert" pref to true -->
+        <div id="expertContent" collapsed="true">
+          <h2 onclick="toggle('expertContent');" id="expertContentHeading">&certerror.expert.heading;</h2>
+          <div>
+            <p>&certerror.expert.content;</p>
+            <p>&certerror.expert.contentPara2;</p>
+            <xul:button xmlns:xul='http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul' id='exceptionDialogButton' label='&certerror.addException.label;'/>
+          </div>
+        </div>
+      </div>
+    </div>
+
+    <!--
+    - Note: It is important to run the script this way, instead of using
+    - an onload handler. This is because error pages are loaded as
+    - LOAD_BACKGROUND, which means that onload handlers will not be executed.
+    -->
+    <script type="application/x-javascript">initPage();</script>
+
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/browser/components/certerror/jar.mn
@@ -0,0 +1,3 @@
+browser.jar:
+  content/browser/certerror/aboutCertError.xhtml               (content/aboutCertError.xhtml)
+  content/browser/certerror/aboutCertError.css                 (content/aboutCertError.css)
new file mode 100644
--- /dev/null
+++ b/browser/components/certerror/test/Makefile.in
@@ -0,0 +1,53 @@
+#
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is
+#    Mozilla Corporation.
+# Portions created by the Initial Developer are Copyright (C) 2008
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#   Johnathan Nightingale <johnath@mozilla.com>
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either of the GNU General Public License Version 2 or later (the "GPL"),
+# or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+DEPTH		= ../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+relativesrcdir  = browser/components/certerror/test
+
+include $(DEPTH)/config/autoconf.mk
+include $(topsrcdir)/config/rules.mk
+
+_BROWSER_FILES = browser_bug431826.js \
+    $(NULL)
+
+libs::	$(_BROWSER_FILES)
+	$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/browser/$(relativesrcdir)
+
new file mode 100644
--- /dev/null
+++ b/browser/components/certerror/test/browser_bug431826.js
@@ -0,0 +1,43 @@
+var newBrowser
+
+function test() {
+  waitForExplicitFinish();
+  
+  var newTab = gBrowser.addTab();
+  gBrowser.selectedTab = newTab;
+  newBrowser = gBrowser.getBrowserForTab(newTab);
+  
+  // Navigate to a site with a broken cert
+  newBrowser.contentWindow.location = 'https://nocert.example.com/';
+  // XXX - This timer and the next should be replaced with an event
+  // handler when bug 425001 is fixed.
+  window.setTimeout(testBrokenCert, 2000);
+}
+
+function testBrokenCert() {
+  
+  // Confirm that we are displaying the contributed error page, not the default
+  ok(/^about:certerror/.test(gBrowser.contentWindow.document.documentURI), "Broken page should go to about:certerror, not about:neterror");
+  
+  // Confirm that the expert section is collapsed
+  var expertDiv = gBrowser.contentWindow.document.getElementById("expertContent");
+  ok(expertDiv, "Expert content div should exist");
+  ok(expertDiv.hasAttribute("collapsed"), "Expert content should be collapsed by default");
+  
+  // Tweak the expert mode pref
+  Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch)
+                                          .setBoolPref("browser.xul.error_pages.expert_bad_cert", true);
+  
+  newBrowser.reload();
+  window.setTimeout(testExpertPref, 2000);
+}
+
+function testExpertPref() {
+  
+  var expertDiv = gBrowser.contentWindow.document.getElementById("expertContent");
+  ok(!expertDiv.hasAttribute("collapsed"), "Expert content should not be collapsed with the expert mode pref set");
+  
+  // Clean up
+  gBrowser.removeCurrentTab();
+  finish();
+}
--- a/browser/installer/unix/packages-static
+++ b/browser/installer/unix/packages-static
@@ -239,16 +239,17 @@ bin/components/nsTaggingService.js
 bin/components/nsPlacesDBFlush.js
 bin/components/nsDefaultCLH.js
 bin/components/nsContentPrefService.js
 bin/components/nsContentDispatchChooser.js
 bin/components/nsHandlerService.js
 bin/components/nsWebHandlerApp.js
 bin/components/libdbusservice.so
 bin/components/aboutRobots.js
+bin/components/aboutCertError.js
 bin/components/nsBadCertHandler.js
 
 ; Modules
 bin/modules/*
 
 ; Safe Browsing
 bin/components/nsSafebrowsingApplication.js
 bin/components/nsUrlClassifierListManager.js
--- a/browser/installer/windows/packages-static
+++ b/browser/installer/windows/packages-static
@@ -245,16 +245,17 @@ bin\components\nsLivemarkService.js
 bin\components\nsTaggingService.js
 bin\components\nsPlacesDBFlush.js
 bin\components\nsDefaultCLH.js
 bin\components\nsContentPrefService.js
 bin\components\nsContentDispatchChooser.js
 bin\components\nsHandlerService.js
 bin\components\nsWebHandlerApp.js
 bin\components\aboutRobots.js
+bin\components\aboutCertError.js
 bin\components\nsBadCertHandler.js
 
 ; Modules
 bin\modules\*
 
 ; Safe Browsing
 bin\components\nsSafebrowsingApplication.js
 bin\components\nsUrlClassifierListManager.js
new file mode 100644
--- /dev/null
+++ b/browser/locales/en-US/chrome/browser/aboutCertError.dtd
@@ -0,0 +1,36 @@
+<!ENTITY % brandDTD
+    SYSTEM "chrome://branding/locale/brand.dtd">
+  %brandDTD;
+
+<!-- These strings are used by Firefox's custom about:certerror page,
+a replacement for the standard security certificate errors produced
+by NSS/PSM via netError.xhtml. -->
+
+<!ENTITY certerror.pagetitle  "Untrusted Connection">
+<!ENTITY certerror.longpagetitle "This Connection is Untrusted">
+
+<!-- Localization note (certerror.introPara1) - The string "#1" will
+be replaced at runtime with the name of the server to which the user
+was trying to connect. -->
+<!ENTITY certerror.introPara1 "You have asked &brandShortName; to connect
+securely to <b>#1</b>, but we can't confirm that your connection is secure.">
+<!ENTITY certerror.introPara2 "Normally, when you try to connect securely,
+sites will present trusted identification to prove that you are
+going to the right place. However, this site's identity can't be verified.">
+
+<!ENTITY certerror.whatShouldIDo.heading "What Should I Do?">
+<!ENTITY certerror.whatShouldIDo.content "If you usually connect to
+this site without problems, this error could mean that someone is
+trying to impersonate the site, and you shouldn't continue.">
+<!ENTITY certerror.getMeOutOfHere.label "Get me out of here!">
+
+<!ENTITY certerror.expert.heading "I Understand the Risks">
+<!ENTITY certerror.expert.content "If you understand what's going on, you
+can tell &brandShortName; to start trusting this site's identification.
+<b>Even if you trust the site, this error could mean that someone is
+tampering with your connection.</b>">
+<!ENTITY certerror.expert.contentPara2 "Don't add an exception unless
+you know there's a good reason why this site doesn't use trusted identification.">
+<!ENTITY certerror.addException.label "Add Exception…">
+
+<!ENTITY certerror.technical.heading "Technical Details">
--- a/browser/locales/jar.mn
+++ b/browser/locales/jar.mn
@@ -1,12 +1,13 @@
 #filter substitution
 
 @AB_CD@.jar:
 % locale browser @AB_CD@ %locale/browser/
+    locale/browser/aboutCertError.dtd              (%chrome/browser/aboutCertError.dtd)
     locale/browser/aboutDialog.dtd                 (%chrome/browser/aboutDialog.dtd)
     locale/browser/aboutRobots.dtd                 (%chrome/browser/aboutRobots.dtd)
     locale/browser/aboutSessionRestore.dtd         (%chrome/browser/aboutSessionRestore.dtd)
     locale/browser/credits.dtd                     (%chrome/browser/credits.dtd)
 *   locale/browser/browser.dtd                     (%chrome/browser/browser.dtd)
     locale/browser/baseMenuOverlay.dtd             (%chrome/browser/baseMenuOverlay.dtd)
     locale/browser/browser.properties              (%chrome/browser/browser.properties)
     locale/browser/metaData.dtd                    (%chrome/browser/metaData.dtd)
new file mode 100644
--- /dev/null
+++ b/browser/themes/gnomestripe/browser/aboutCertError.css
@@ -0,0 +1,95 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is
+ * Mozilla Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2008
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   William Price <bugzilla@mob.rice.edu>
+ *   Steven Garrity <steven@silverorange.com>
+ *   Henrik Skupin  <mozilla@hskupin.info>
+ *   Johnathan Nightingale <johnath@mozilla.com>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+
+html {
+  background: -moz-Dialog;
+}
+
+body {
+  margin: 0;
+  padding: 0 1em;
+  color: -moz-FieldText;
+  font: message-box;
+}
+
+h1 {
+  margin: 0 0 .6em 0;
+  border-bottom: 1px solid ThreeDLightShadow;
+  font-size: 160%;
+}
+
+h2 {
+  font-size: 130%;
+}
+
+#errorPageContainer {
+  position: relative;
+  min-width: 13em;
+  max-width: 52em;
+  margin: 4em auto;
+  border: 1px solid #FFBD09; /* pale yellow extracted from yellow passport icon */
+  -moz-border-radius: 10px;
+  padding: 3em;
+  -moz-padding-start: 30px;
+  background: url("chrome://global/skin/icons/sslWarning.png") left 0 no-repeat -moz-Field;
+  -moz-background-origin: content;
+}
+
+body[dir="rtl"] #errorPageContainer {
+  background-position: right 0;
+}
+
+#errorTitle {
+  -moz-margin-start: 80px;
+}
+
+#errorLongContent {
+  -moz-margin-start: 80px;
+}
+
+#technicalContent > h2, #expertContent > h2 {
+  background : url("chrome://browser/skin/section_expanded.png") left 0 no-repeat;
+}
+
+#technicalContent[collapsed] > h2,
+#expertContent[collapsed] > h2{
+  background-image: url("chrome://browser/skin/section_collapsed.png");
+}
--- a/browser/themes/gnomestripe/browser/jar.mn
+++ b/browser/themes/gnomestripe/browser/jar.mn
@@ -1,26 +1,29 @@
 classic.jar:
 % skin browser classic/1.0 %skin/classic/browser/
 * skin/classic/browser/aboutSessionRestore.css        (aboutSessionRestore.css)
+  skin/classic/browser/aboutCertError.css             (aboutCertError.css)
 * skin/classic/browser/browser.css                    (browser.css)
   skin/classic/browser/browser.xml
 * skin/classic/browser/engineManager.css              (engineManager.css)
   skin/classic/browser/Go-arrow.png
   skin/classic/browser/Go-arrow-rtl.png
   skin/classic/browser/identity.png
   skin/classic/browser/Info.png
   skin/classic/browser/monitor.png
   skin/classic/browser/monitor_16-10.png
 * skin/classic/browser/pageInfo.css
   skin/classic/browser/pageInfo.png
   skin/classic/browser/page-livemarks.png
   skin/classic/browser/searchbar.css                  (searchbar.css)
   skin/classic/browser/Search-glass.png
   skin/classic/browser/Search-glass-rtl.png
+  skin/classic/browser/section_collapsed.png
+  skin/classic/browser/section_expanded.png
   skin/classic/browser/Secure.png
   skin/classic/browser/Security-broken.png
   skin/classic/browser/setDesktopBackground.css
   skin/classic/browser/Throbber.gif
   skin/classic/browser/Throbber.png
   skin/classic/browser/Throbber-small.png
   skin/classic/browser/Toolbar.png
   skin/classic/browser/Toolbar-small.png
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..c9805f654c79b22ce0d8435d030e775f3b7492ac
GIT binary patch
literal 776
zc$@(U1NZ!iP)<h;3K|Lk000e1NJLTq000mG000mO1^@s6AM^iV0006&X+uL$Nkc;*
zP;zf(X>4Tx0C)kdlTT>Va1_VCZIM-!Qt%JxDF>MfRbpG%E`x6U<J#34+K#Fx+azr|
z+cYL=)!{)wym%7)a~OgL6)U3P!3ho=p1cUkK#T0)S&xHVWW@K&kF*F5FTRlcKKbUo
z_xt_c%MS>AuNp?n51_5vX7S{VaOUheVQhe%@FR!=2v=pxn3kkGxol&bU*Kb(){e1U
zk8dyCe7D}u-8%p5#@)5Zt8IcjIb_m=fG<MA-UjCc;~M8O<4d+-laIz&)~X8eRpN+Q
zE+&be5{DX`-!QIm{=m2=H(2a|Sk#rK4)}w_lZtA|#0g?evE()}%k!h%?oj@~9pWRh
zVNz^hh4>Jw3yow;KY>#RDQA47#a;priom{$Bkk}Mz4w8Y>mzMr;MU5wKWNosQ8%4$
z*D|o<p5ts(fU%>%)>p^*wd^=sPiXFM!0M*lHG8fvP3rpy{Og_XnP&$+(;mp&9{rtp
zU0g2_=wAcM2_R16i&bF!KCtI4AdyD8KNj<DUPCYorPBF)G%ik5GSVzH<-c0H)ump!
z7N+NJy;e9)BlQ5EtX?VYalM(zdaP7aa~>~h$%4mqGedpiu?y9l<gu#HmpnG?nW2wr
zrHA^WR;C{DShHK4_xM6*Zs@P5so{F`R)L)xcb!c;TlN?!q>-m9ia10}pn?n}%z_HX
z|3C6X_&M-!{6wx;djIG(6aFw;z3lci*)gt|&4y+R({%dOh>+Fg;}Ib$ij(*aV&<+&
z9Cuc%0001kNkl<ZI1yuD7zNZ1fp-UF|9`%m{Qvi-%m0Znoe^CT$N-oatFRjbhkOA8
zE1xcgI+z*^31kCcitri41XF~M{{40r!{>8e4Bzhe!CePa&jMrMqnUZM!Cqk(^}uj3
zUIS1y?!adULJkxLAJ2IF|M_|chI0|B@UY0%h{w!9E(HMplqvO5LNk{D0000<MNUMn
GLSTZQ-geIb
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..128cef90af66bdf67d9d88d3b161fca8f6fe3788
GIT binary patch
literal 767
zc$@+M0s#GqP)<h;3K|Lk000e1NJLTq000mG000mO1^@s6AM^iV0006&X+uL$Nkc;*
zP;zf(X>4Tx0C)kdlTT>Va1_VCZIM-!Qt%JxDF>MfRbpG%E`x6U<J#34+K#Fx+azr|
z+cYL=)!{)wym%7)a~OgL6)U3P!3ho=p1cUkK#T0)S&xHVWW@K&kF*F5FTRlcKKbUo
z_xt_c%MS>AuNp?n51_5vX7S{VaOUheVQhe%@FR!=2v=pxn3kkGxol&bU*Kb(){e1U
zk8dyCe7D}u-8%p5#@)5Zt8IcjIb_m=fG<MA-UjCc;~M8O<4d+-laIz&)~X8eRpN+Q
zE+&be5{DX`-!QIm{=m2=H(2a|Sk#rK4)}w_lZtA|#0g?evE()}%k!h%?oj@~9pWRh
zVNz^hh4>Jw3yow;KY>#RDQA47#a;priom{$Bkk}Mz4w8Y>mzMr;MU5wKWNosQ8%4$
z*D|o<p5ts(fU%>%)>p^*wd^=sPiXFM!0M*lHG8fvP3rpy{Og_XnP&$+(;mp&9{rtp
zU0g2_=wAcM2_R16i&bF!KCtI4AdyD8KNj<DUPCYorPBF)G%ik5GSVzH<-c0H)ump!
z7N+NJy;e9)BlQ5EtX?VYalM(zdaP7aa~>~h$%4mqGedpiu?y9l<gu#HmpnG?nW2wr
zrHA^WR;C{DShHK4_xM6*Zs@P5so{F`R)L)xcb!c;TlN?!q>-m9ia10}pn?n}%z_HX
z|3C6X_&M-!{6wx;djIG(6aFw;z3lci*)gt|&4y+R({%dOh>+Fg;}Ib$ij(*aV&<+&
z9Cuc%0001bNkl<ZI1yuD7zK>zLGbhSj{je;rlJeO`9cnlQS>muWuOdpQ4dCD9&L1C
zFrQV}4MQBm0FVj}`2q}uxWus<fXx*k+gbT^QJfDl6srN)Y{TU$oCYAf0+;O|i|_(a
xjJ!J_`~UZ+%m48z#3%XfejoXo@fkdf<NzN)8fS+Bze4~3002ovPDHLkV1lz8b0Yu%
new file mode 100644
--- /dev/null
+++ b/browser/themes/pinstripe/browser/aboutCertError.css
@@ -0,0 +1,95 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is
+ * Mozilla Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2008
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   William Price <bugzilla@mob.rice.edu>
+ *   Steven Garrity <steven@silverorange.com>
+ *   Henrik Skupin  <mozilla@hskupin.info>
+ *   Johnathan Nightingale <johnath@mozilla.com>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+
+html {
+  background: -moz-Dialog;
+}
+
+body {
+  margin: 0;
+  padding: 0 1em;
+  color: -moz-FieldText;
+  font: message-box;
+}
+
+h1 {
+  margin: 0 0 .6em 0;
+  border-bottom: 1px solid ThreeDLightShadow;
+  font-size: 160%;
+}
+
+h2 {
+  font-size: 130%;
+}
+
+#errorPageContainer {
+  position: relative;
+  min-width: 13em;
+  max-width: 52em;
+  margin: 4em auto;
+  border: 1px solid #FFBD09; /* pale yellow extracted from yellow passport icon */
+  -moz-border-radius: 10px;
+  padding: 3em;
+  -moz-padding-start: 30px;
+  background: url("chrome://global/skin/icons/sslWarning.png") left 0 no-repeat -moz-Field;
+  -moz-background-origin: content;
+}
+
+body[dir="rtl"] #errorPageContainer {
+  background-position: right 0;
+}
+
+#errorTitle {
+  -moz-margin-start: 80px;
+}
+
+#errorLongContent {
+  -moz-margin-start: 80px;
+}
+
+#technicalContent > h2, #expertContent > h2 {
+  background : url("chrome://browser/skin/section_expanded.png") left 0 no-repeat;
+}
+
+#technicalContent[collapsed] > h2,
+#expertContent[collapsed] > h2{
+  background-image: url("chrome://browser/skin/section_collapsed.png");
+}
--- a/browser/themes/pinstripe/browser/jar.mn
+++ b/browser/themes/pinstripe/browser/jar.mn
@@ -1,11 +1,12 @@
 classic.jar:
 % skin browser classic/1.0 %skin/classic/browser/
 * skin/classic/browser/aboutSessionRestore.css              (aboutSessionRestore.css)
+  skin/classic/browser/aboutCertError.css                   (aboutCertError.css)
   skin/classic/browser/bookmark_toolbar_background.png
   skin/classic/browser/bookmark-open-left.png
   skin/classic/browser/bookmark-open-mid.png
   skin/classic/browser/bookmark-open-right.png
 * skin/classic/browser/browser.css                          (browser.css)
   skin/classic/browser/contextDialogBackground.png
 * skin/classic/browser/engineManager.css                    (engineManager.css)
   skin/classic/browser/expander-round.png 
@@ -37,16 +38,18 @@ classic.jar:
   skin/classic/browser/Popup-blocked.png
   skin/classic/browser/searchbar.css
   skin/classic/browser/Search.png
   skin/classic/browser/Search-addengines.png
   skin/classic/browser/Search-bar.png
   skin/classic/browser/search-bar-background-left.png
   skin/classic/browser/search-bar-background-mid.png
   skin/classic/browser/search-bar-background-right.png
+  skin/classic/browser/section_collapsed.png
+  skin/classic/browser/section_expanded.png
   skin/classic/browser/Secure-Glyph-White.png
   skin/classic/browser/Secure.png
   skin/classic/browser/Security-broken.png
   skin/classic/browser/Secure-statusbar.png
   skin/classic/browser/Secure-statusbar-broken.png
   skin/classic/browser/Secure-background.gif
   skin/classic/browser/Toolbar.png
   skin/classic/browser/Toolbar-rtl.png
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..c9805f654c79b22ce0d8435d030e775f3b7492ac
GIT binary patch
literal 776
zc$@(U1NZ!iP)<h;3K|Lk000e1NJLTq000mG000mO1^@s6AM^iV0006&X+uL$Nkc;*
zP;zf(X>4Tx0C)kdlTT>Va1_VCZIM-!Qt%JxDF>MfRbpG%E`x6U<J#34+K#Fx+azr|
z+cYL=)!{)wym%7)a~OgL6)U3P!3ho=p1cUkK#T0)S&xHVWW@K&kF*F5FTRlcKKbUo
z_xt_c%MS>AuNp?n51_5vX7S{VaOUheVQhe%@FR!=2v=pxn3kkGxol&bU*Kb(){e1U
zk8dyCe7D}u-8%p5#@)5Zt8IcjIb_m=fG<MA-UjCc;~M8O<4d+-laIz&)~X8eRpN+Q
zE+&be5{DX`-!QIm{=m2=H(2a|Sk#rK4)}w_lZtA|#0g?evE()}%k!h%?oj@~9pWRh
zVNz^hh4>Jw3yow;KY>#RDQA47#a;priom{$Bkk}Mz4w8Y>mzMr;MU5wKWNosQ8%4$
z*D|o<p5ts(fU%>%)>p^*wd^=sPiXFM!0M*lHG8fvP3rpy{Og_XnP&$+(;mp&9{rtp
zU0g2_=wAcM2_R16i&bF!KCtI4AdyD8KNj<DUPCYorPBF)G%ik5GSVzH<-c0H)ump!
z7N+NJy;e9)BlQ5EtX?VYalM(zdaP7aa~>~h$%4mqGedpiu?y9l<gu#HmpnG?nW2wr
zrHA^WR;C{DShHK4_xM6*Zs@P5so{F`R)L)xcb!c;TlN?!q>-m9ia10}pn?n}%z_HX
z|3C6X_&M-!{6wx;djIG(6aFw;z3lci*)gt|&4y+R({%dOh>+Fg;}Ib$ij(*aV&<+&
z9Cuc%0001kNkl<ZI1yuD7zNZ1fp-UF|9`%m{Qvi-%m0Znoe^CT$N-oatFRjbhkOA8
zE1xcgI+z*^31kCcitri41XF~M{{40r!{>8e4Bzhe!CePa&jMrMqnUZM!Cqk(^}uj3
zUIS1y?!adULJkxLAJ2IF|M_|chI0|B@UY0%h{w!9E(HMplqvO5LNk{D0000<MNUMn
GLSTZQ-geIb
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..128cef90af66bdf67d9d88d3b161fca8f6fe3788
GIT binary patch
literal 767
zc$@+M0s#GqP)<h;3K|Lk000e1NJLTq000mG000mO1^@s6AM^iV0006&X+uL$Nkc;*
zP;zf(X>4Tx0C)kdlTT>Va1_VCZIM-!Qt%JxDF>MfRbpG%E`x6U<J#34+K#Fx+azr|
z+cYL=)!{)wym%7)a~OgL6)U3P!3ho=p1cUkK#T0)S&xHVWW@K&kF*F5FTRlcKKbUo
z_xt_c%MS>AuNp?n51_5vX7S{VaOUheVQhe%@FR!=2v=pxn3kkGxol&bU*Kb(){e1U
zk8dyCe7D}u-8%p5#@)5Zt8IcjIb_m=fG<MA-UjCc;~M8O<4d+-laIz&)~X8eRpN+Q
zE+&be5{DX`-!QIm{=m2=H(2a|Sk#rK4)}w_lZtA|#0g?evE()}%k!h%?oj@~9pWRh
zVNz^hh4>Jw3yow;KY>#RDQA47#a;priom{$Bkk}Mz4w8Y>mzMr;MU5wKWNosQ8%4$
z*D|o<p5ts(fU%>%)>p^*wd^=sPiXFM!0M*lHG8fvP3rpy{Og_XnP&$+(;mp&9{rtp
zU0g2_=wAcM2_R16i&bF!KCtI4AdyD8KNj<DUPCYorPBF)G%ik5GSVzH<-c0H)ump!
z7N+NJy;e9)BlQ5EtX?VYalM(zdaP7aa~>~h$%4mqGedpiu?y9l<gu#HmpnG?nW2wr
zrHA^WR;C{DShHK4_xM6*Zs@P5so{F`R)L)xcb!c;TlN?!q>-m9ia10}pn?n}%z_HX
z|3C6X_&M-!{6wx;djIG(6aFw;z3lci*)gt|&4y+R({%dOh>+Fg;}Ib$ij(*aV&<+&
z9Cuc%0001bNkl<ZI1yuD7zK>zLGbhSj{je;rlJeO`9cnlQS>muWuOdpQ4dCD9&L1C
zFrQV}4MQBm0FVj}`2q}uxWus<fXx*k+gbT^QJfDl6srN)Y{TU$oCYAf0+;O|i|_(a
xjJ!J_`~UZ+%m48z#3%XfejoXo@fkdf<NzN)8fS+Bze4~3002ovPDHLkV1lz8b0Yu%
new file mode 100644
--- /dev/null
+++ b/browser/themes/winstripe/browser/aboutCertError.css
@@ -0,0 +1,95 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is
+ * Mozilla Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2008
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   William Price <bugzilla@mob.rice.edu>
+ *   Steven Garrity <steven@silverorange.com>
+ *   Henrik Skupin  <mozilla@hskupin.info>
+ *   Johnathan Nightingale <johnath@mozilla.com>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+
+html {
+  background: -moz-Dialog;
+}
+
+body {
+  margin: 0;
+  padding: 0 1em;
+  color: -moz-FieldText;
+  font: message-box;
+}
+
+h1 {
+  margin: 0 0 .6em 0;
+  border-bottom: 1px solid ThreeDLightShadow;
+  font-size: 160%;
+}
+
+h2 {
+  font-size: 130%;
+}
+
+#errorPageContainer {
+  position: relative;
+  min-width: 13em;
+  max-width: 52em;
+  margin: 4em auto;
+  border: 1px solid #FFBD09; /* pale yellow extracted from yellow passport icon */
+  -moz-border-radius: 10px;
+  padding: 3em;
+  -moz-padding-start: 30px;
+  background: url("chrome://global/skin/icons/sslWarning.png") left 0 no-repeat -moz-Field;
+  -moz-background-origin: content;
+}
+
+body[dir="rtl"] #errorPageContainer {
+  background-position: right 0;
+}
+
+#errorTitle {
+  -moz-margin-start: 80px;
+}
+
+#errorLongContent {
+  -moz-margin-start: 80px;
+}
+
+#technicalContent > h2, #expertContent > h2 {
+  background : url("chrome://browser/skin/section_expanded.png") left 0 no-repeat;
+}
+
+#technicalContent[collapsed] > h2,
+#expertContent[collapsed] > h2{
+  background-image: url("chrome://browser/skin/section_collapsed.png");
+}
--- a/browser/themes/winstripe/browser/jar.mn
+++ b/browser/themes/winstripe/browser/jar.mn
@@ -1,14 +1,15 @@
 classic.jar:
 % skin browser classic/1.0 %skin/classic/browser/ os=WINNT osversion<6
 % skin browser classic/1.0 %skin/classic/browser/ os!=WINNT
 # NOTE: If you add a new file here, you'll need to add it to the aero
 # section at the bottom of this file
 *       skin/classic/browser/aboutSessionRestore.css                 (aboutSessionRestore.css)
+        skin/classic/browser/aboutCertError.css                      (aboutCertError.css)
 *       skin/classic/browser/browser.css                             (browser.css)
 *       skin/classic/browser/engineManager.css                       (engineManager.css)
         skin/classic/browser/Info.png                                (Info.png)
         skin/classic/browser/identity.png                            (identity.png)
         skin/classic/browser/KUI-background.png
         skin/classic/browser/pageInfo.css
         skin/classic/browser/pageInfo.png                            (pageInfo.png)
         skin/classic/browser/page-livemarks.png                      (feeds/feedIcon16.png)
@@ -24,16 +25,18 @@ classic.jar:
         skin/classic/browser/Toolbar.png                             (Toolbar.png)
         skin/classic/browser/Toolbar-small.png                       (Toolbar-small.png)
         skin/classic/browser/Go-arrow.png                            (Go-arrow.png)
         skin/classic/browser/Go-arrow-rtl.png                        (Go-arrow-rtl.png)
 *       skin/classic/browser/searchbar.css                           (searchbar.css)
         skin/classic/browser/Search-glass.png                        (Search-glass.png)
         skin/classic/browser/Search-glass-rtl.png                    (Search-glass-rtl.png)
         skin/classic/browser/Search-addengines.png
+        skin/classic/browser/section_collapsed.png
+        skin/classic/browser/section_expanded.png
         skin/classic/browser/setDesktopBackground.css
         skin/classic/browser/menu-back.png                           (menu-back.png)
         skin/classic/browser/menu-forward.png                        (menu-forward.png)
         skin/classic/browser/monitor.png
         skin/classic/browser/monitor_16-10.png
         skin/classic/browser/navbar-textbox-buttons.png
         skin/classic/browser/urlbar-favicon-glow.png
         skin/classic/browser/feeds/feed-icons-16.png                 (feeds/feed-icons-16.png)
@@ -87,16 +90,17 @@ classic.jar:
         skin/classic/browser/tabbrowser/tabstrip-bottom.png                     (tabbrowser/tabstrip-bottom.png)
         icon.png
         preview.png
 
 #ifdef XP_WIN
 classic.jar:
 % skin browser classic/1.0 %skin/classic/aero/browser/ os=WINNT osversion>=6
 *       skin/classic/aero/browser/aboutSessionRestore.css            (aboutSessionRestore.css)
+        skin/classic/aero/browser/aboutCertError.css                 (aboutCertError.css)
 *       skin/classic/aero/browser/browser.css                        (browser-aero.css)
 *       skin/classic/aero/browser/engineManager.css                  (engineManager.css)
         skin/classic/aero/browser/Info.png                           (Info-aero.png)
         skin/classic/aero/browser/identity.png                       (identity-aero.png)
         skin/classic/aero/browser/KUI-background.png
         skin/classic/aero/browser/pageInfo.css
         skin/classic/aero/browser/pageInfo.png                       (pageInfo-aero.png)
         skin/classic/aero/browser/page-livemarks.png                 (feeds/feedIcon16-aero.png)
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..c9805f654c79b22ce0d8435d030e775f3b7492ac
GIT binary patch
literal 776
zc$@(U1NZ!iP)<h;3K|Lk000e1NJLTq000mG000mO1^@s6AM^iV0006&X+uL$Nkc;*
zP;zf(X>4Tx0C)kdlTT>Va1_VCZIM-!Qt%JxDF>MfRbpG%E`x6U<J#34+K#Fx+azr|
z+cYL=)!{)wym%7)a~OgL6)U3P!3ho=p1cUkK#T0)S&xHVWW@K&kF*F5FTRlcKKbUo
z_xt_c%MS>AuNp?n51_5vX7S{VaOUheVQhe%@FR!=2v=pxn3kkGxol&bU*Kb(){e1U
zk8dyCe7D}u-8%p5#@)5Zt8IcjIb_m=fG<MA-UjCc;~M8O<4d+-laIz&)~X8eRpN+Q
zE+&be5{DX`-!QIm{=m2=H(2a|Sk#rK4)}w_lZtA|#0g?evE()}%k!h%?oj@~9pWRh
zVNz^hh4>Jw3yow;KY>#RDQA47#a;priom{$Bkk}Mz4w8Y>mzMr;MU5wKWNosQ8%4$
z*D|o<p5ts(fU%>%)>p^*wd^=sPiXFM!0M*lHG8fvP3rpy{Og_XnP&$+(;mp&9{rtp
zU0g2_=wAcM2_R16i&bF!KCtI4AdyD8KNj<DUPCYorPBF)G%ik5GSVzH<-c0H)ump!
z7N+NJy;e9)BlQ5EtX?VYalM(zdaP7aa~>~h$%4mqGedpiu?y9l<gu#HmpnG?nW2wr
zrHA^WR;C{DShHK4_xM6*Zs@P5so{F`R)L)xcb!c;TlN?!q>-m9ia10}pn?n}%z_HX
z|3C6X_&M-!{6wx;djIG(6aFw;z3lci*)gt|&4y+R({%dOh>+Fg;}Ib$ij(*aV&<+&
z9Cuc%0001kNkl<ZI1yuD7zNZ1fp-UF|9`%m{Qvi-%m0Znoe^CT$N-oatFRjbhkOA8
zE1xcgI+z*^31kCcitri41XF~M{{40r!{>8e4Bzhe!CePa&jMrMqnUZM!Cqk(^}uj3
zUIS1y?!adULJkxLAJ2IF|M_|chI0|B@UY0%h{w!9E(HMplqvO5LNk{D0000<MNUMn
GLSTZQ-geIb
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..128cef90af66bdf67d9d88d3b161fca8f6fe3788
GIT binary patch
literal 767
zc$@+M0s#GqP)<h;3K|Lk000e1NJLTq000mG000mO1^@s6AM^iV0006&X+uL$Nkc;*
zP;zf(X>4Tx0C)kdlTT>Va1_VCZIM-!Qt%JxDF>MfRbpG%E`x6U<J#34+K#Fx+azr|
z+cYL=)!{)wym%7)a~OgL6)U3P!3ho=p1cUkK#T0)S&xHVWW@K&kF*F5FTRlcKKbUo
z_xt_c%MS>AuNp?n51_5vX7S{VaOUheVQhe%@FR!=2v=pxn3kkGxol&bU*Kb(){e1U
zk8dyCe7D}u-8%p5#@)5Zt8IcjIb_m=fG<MA-UjCc;~M8O<4d+-laIz&)~X8eRpN+Q
zE+&be5{DX`-!QIm{=m2=H(2a|Sk#rK4)}w_lZtA|#0g?evE()}%k!h%?oj@~9pWRh
zVNz^hh4>Jw3yow;KY>#RDQA47#a;priom{$Bkk}Mz4w8Y>mzMr;MU5wKWNosQ8%4$
z*D|o<p5ts(fU%>%)>p^*wd^=sPiXFM!0M*lHG8fvP3rpy{Og_XnP&$+(;mp&9{rtp
zU0g2_=wAcM2_R16i&bF!KCtI4AdyD8KNj<DUPCYorPBF)G%ik5GSVzH<-c0H)ump!
z7N+NJy;e9)BlQ5EtX?VYalM(zdaP7aa~>~h$%4mqGedpiu?y9l<gu#HmpnG?nW2wr
zrHA^WR;C{DShHK4_xM6*Zs@P5so{F`R)L)xcb!c;TlN?!q>-m9ia10}pn?n}%z_HX
z|3C6X_&M-!{6wx;djIG(6aFw;z3lci*)gt|&4y+R({%dOh>+Fg;}Ib$ij(*aV&<+&
z9Cuc%0001bNkl<ZI1yuD7zK>zLGbhSj{je;rlJeO`9cnlQS>muWuOdpQ4dCD9&L1C
zFrQV}4MQBm0FVj}`2q}uxWus<fXx*k+gbT^QJfDl6srN)Y{TU$oCYAf0+;O|i|_(a
xjJ!J_`~UZ+%m48z#3%XfejoXo@fkdf<NzN)8fS+Bze4~3002ovPDHLkV1lz8b0Yu%
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -3062,16 +3062,23 @@ nsDocShell::DisplayLoadError(nsresult aE
             if (errorClass == nsINSSErrorsService::ERROR_CLASS_BAD_CERT) {
                 error.AssignLiteral("nssBadCert");
                 PRBool expert = PR_FALSE;
                 mPrefs->GetBoolPref("browser.xul.error_pages.expert_bad_cert",
                                     &expert);
                 if (expert) {
                     cssClass.AssignLiteral("expertBadCert");
                 }
+                
+                // See if an alternate cert error page is registered
+                nsXPIDLCString alternateErrorPage;
+                mPrefs->GetCharPref("security.alternate_certificate_error_page",
+                                    getter_Copies(alternateErrorPage));
+                if (alternateErrorPage)
+                    errorPage.Assign(alternateErrorPage);
             } else {
                 error.AssignLiteral("nssFailure2");
             }
         }
     } else if (NS_ERROR_PHISHING_URI == aError || NS_ERROR_MALWARE_URI == aError) {
         nsCAutoString host;
         aURI->GetHost(host);
         CopyUTF8toUTF16(host, formatStrs[0]);