Merge m-c to inbound.

browser/base/content/content.js

@@ -11,6 +11,8 @@ Cu.import("resource://gre/modules/XPCOMUtils.jsm");
 
 XPCOMUtils.defineLazyModuleGetter(this,
   "LoginManagerContent", "resource://gre/modules/LoginManagerContent.jsm");
+XPCOMUtils.defineLazyModuleGetter(this,
+  "InsecurePasswordUtils", "resource://gre/modules/InsecurePasswordUtils.jsm");
 
 // Bug 671101 - directly using webNavigation in this context
 // causes docshells to leak
@@ -38,6 +40,9 @@ if (!Services.prefs.getBoolPref("browser.tabs.remote")) {
   addEventListener("DOMContentLoaded", function(event) {
     LoginManagerContent.onContentLoaded(event);
   });
+  addEventListener("DOMFormHasPassword", function(event) {
+    InsecurePasswordUtils.checkForInsecurePasswords(event.target);
+  });
   addEventListener("DOMAutoComplete", function(event) {
     LoginManagerContent.onUsernameInput(event);
   });

browser/base/content/tabbrowser.xml

@@ -174,6 +174,10 @@
 
           aTab._findBar = findBar;
 
+          let event = document.createEvent("Events");
+          event.initEvent("TabFindInitialized", true, false);
+          aTab.dispatchEvent(event);
+
           return findBar;
         ]]></body>
       </method>

browser/base/content/test/browser_bug537013.js

@@ -44,6 +44,14 @@ function test() {
 
   // Make sure the second tab is correct, then set it up
   gBrowser.selectedTab = tabs[1];
+  gBrowser.selectedTab.addEventListener("TabFindInitialized", continueTests1);
+  // Initialize the findbar
+  gFindBar;
+}
+function continueTests1() {
+  gBrowser.selectedTab.removeEventListener("TabFindInitialized",
+                                           continueTests1);
+  ok(true, "'TabFindInitialized' event properly dispatched!");
   ok(gFindBar.hidden, "Second tab doesn't show find bar!");
   gFindBar.open();
   is(gFindBar._findField.value, texts[0],
@@ -59,11 +67,11 @@ function test() {
 
   // While we're here, let's test bug 253793
   gBrowser.reload();
-  gBrowser.addEventListener("DOMContentLoaded", continueTests, true);
+  gBrowser.addEventListener("DOMContentLoaded", continueTests2, true);
 }
 
-function continueTests() {
-  gBrowser.removeEventListener("DOMContentLoaded", continueTests, true);
+function continueTests2() {
+  gBrowser.removeEventListener("DOMContentLoaded", continueTests2, true);
   ok(!gFindBar.getElement("highlight").checked, "Highlight button reset!");
   gFindBar.close();
   ok(gFindBar.hidden, "First tab doesn't show find bar!");

browser/devtools/styleeditor/StyleEditorDebuggee.jsm

@@ -123,7 +123,7 @@ StyleEditorDebuggee.prototype = {
   _getBaseURI: function() {
     let message = { type: "getBaseURI" };
     this._sendRequest(message, (response) => {
-      this.baseURI = response.baseURI;
+      this.baseURI = Services.io.newURI(response.baseURI, null, null);
     });
   },
 

browser/devtools/webconsole/test/Makefile.in

@@ -145,6 +145,8 @@ MOCHITEST_BROWSER_FILES = \
 	browser_webconsole_bug_686937_autocomplete_JSTerm_helpers.js \
 	browser_webconsole_cached_autocomplete.js \
 	browser_console_navigation_marker.js \
+	browser_webconsole_bug_762593_insecure_passwords_web_console_warning.js \
+	browser_webconsole_bug_762593_insecure_passwords_about_blank_web_console_warning.js \
 	head.js \
 	$(NULL)
 
@@ -244,6 +246,10 @@ MOCHITEST_BROWSER_FILES += \
 	test-bug-837351-security-errors.html \
 	test-bug-869003-top-window.html \
 	test-bug-869003-iframe.html \
+	test-iframe-762593-insecure-form-action.html \
+	test-iframe-762593-insecure-frame.html \
+	test-bug-762593-insecure-passwords-web-console-warning.html \
+	test-bug-762593-insecure-passwords-about-blank-web-console-warning.html \
 	test-consoleiframes.html \
 	test-iframe1.html \
 	test-iframe2.html \

browser/devtools/webconsole/test/browser_webconsole_bug_762593_insecure_passwords_about_blank_web_console_warning.js

@@ -0,0 +1,29 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+/*
+ * Tests that errors about insecure passwords are logged
+ * to the web console
+ */
+
+const TEST_URI = "http://example.com/browser/browser/devtools/webconsole/test/test-bug-762593-insecure-passwords-about-blank-web-console-warning.html";
+const INSECURE_PASSWORD_MSG = "Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.";
+
+function test() {
+  addTab(TEST_URI);
+  browser.addEventListener("load", function onLoad(aEvent) {
+    browser.removeEventListener(aEvent.type, onLoad, true);
+    openConsole(null, function testInsecurePasswordErrorLogged (hud) {
+      waitForMessages({
+        webconsole: hud,
+        messages: [
+          {
+            name: "Insecure password error displayed successfully",
+            text: INSECURE_PASSWORD_MSG,
+            category: CATEGORY_SECURITY,
+            severity: SEVERITY_WARNING
+          },
+        ],
+      }).then(finishTest);
+    });
+  }, true);
+}

browser/devtools/webconsole/test/browser_webconsole_bug_762593_insecure_passwords_web_console_warning.js

@@ -0,0 +1,68 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+/*
+ * Tests that errors about insecure passwords are logged
+ * to the web console
+ */
+
+const TEST_URI = "http://example.com/browser/browser/devtools/webconsole/test/test-bug-762593-insecure-passwords-web-console-warning.html";
+const INSECURE_PASSWORD_MSG = "Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.";
+const INSECURE_FORM_ACTION_MSG = "Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen.";
+const INSECURE_IFRAME_MSG = "Password fields present on an insecure (http://) iframe. This is a security risk that allows user login credentials to be stolen.";
+const INSECURE_PASSWORDS_URI = "https://developer.mozilla.org/en-US/docs/Security/InsecurePasswords";
+
+function test() {
+  addTab(TEST_URI);
+  browser.addEventListener("load", function onLoad(aEvent) {
+    browser.removeEventListener(aEvent.type, onLoad, true);
+    openConsole(null, function testInsecurePasswordErrorLogged (hud) {
+      waitForMessages({
+        webconsole: hud,
+        messages: [
+          {
+            name: "Insecure password error displayed successfully",
+            text: INSECURE_PASSWORD_MSG,
+            category: CATEGORY_SECURITY,
+            severity: SEVERITY_WARNING
+          },
+          {
+            name: "Insecure iframe error displayed successfully",
+            text: INSECURE_IFRAME_MSG,
+            category: CATEGORY_SECURITY,
+            severity: SEVERITY_WARNING
+          },
+          {
+            name: "Insecure form action error displayed successfully",
+            text: INSECURE_FORM_ACTION_MSG,
+            category: CATEGORY_SECURITY,
+            severity: SEVERITY_WARNING
+          },
+        ],
+      }).then( () => testClickOpenNewTab(hud));
+    });
+  }, true);
+}
+
+function testClickOpenNewTab(hud) {
+  let warningNode = hud.outputNode.querySelector(
+    ".webconsole-msg-body .webconsole-learn-more-link");
+
+  /*
+   * Invoke the click event and check if a new tab would open to the correct
+   * page
+   */
+  let linkOpened = false;
+  let oldOpenUILinkIn = window.openUILinkIn;
+  window.openUILinkIn = function(aLink) {
+    if (aLink == INSECURE_PASSWORDS_URI) {
+      linkOpened = true;
+    }
+  }
+
+  EventUtils.synthesizeMouse(warningNode, 2, 2, {},
+                             warningNode.ownerDocument.defaultView);
+  ok(linkOpened, "Clicking the Insecure Passwords Warning node opens the desired page");
+  window.openUILinkIn = oldOpenUILinkIn;
+
+  finishTest();
+}

browser/devtools/webconsole/test/test-bug-762593-insecure-passwords-about-blank-web-console-warning.html

@@ -0,0 +1,28 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf8">
+    <title>Bug 762593 - Add warning/error Message to Web Console when the
+      page includes Insecure Password fields</title>
+    <!-- Any copyright is dedicated to the Public Domain.
+    http://creativecommons.org/publicdomain/zero/1.0/ -->
+
+    <!-- This test tests the scenario where a javascript adds password fields to
+     an about:blank iframe inside an insecure web page. It ensures that
+     insecure password fields like those are detected and a warning is sent to
+     the web console. -->
+  </head>
+  <body>
+    <p>This insecure page is served with an about:blank iframe. A script then adds a
+    password field to it.</p>
+    <iframe id = "myiframe" width = "300" height="300" >
+    </iframe>
+    <script>
+      var doc = window.document;
+      var myIframe = doc.getElementById("myiframe");
+      myIframe.contentDocument.open();
+      myIframe.contentDocument.write("<form><input type = 'password' name='pwd' value='test'> </form>");
+      myIframe.contentDocument.close();
+    </script>
+  </body>
+</html>

browser/devtools/webconsole/test/test-bug-762593-insecure-passwords-web-console-warning.html

@@ -0,0 +1,16 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf8">
+    <title>Bug 762593 - Add warning/error Message to Web Console when the
+      page includes Insecure Password fields</title>
+    <!-- Any copyright is dedicated to the Public Domain.
+    http://creativecommons.org/publicdomain/zero/1.0/ -->
+  </head>
+  <body>
+    <p>This page is served with an iframe with insecure password field.</p>
+    <iframe src
+      ="http://example.com/browser/browser/devtools/webconsole/test/test-iframe-762593-insecure-frame.html">
+    </iframe>
+  </body>
+</html>

browser/devtools/webconsole/test/test-iframe-762593-insecure-form-action.html

@@ -0,0 +1,15 @@
+<!doctype html>
+<html>
+  <head>
+    <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+    <!-- Any copyright is dedicated to the Public Domain.
+    http://creativecommons.org/publicdomain/zero/1.0/ -->
+  </head>
+  <body>
+    <h1>iframe 2</h1>
+    <p>This frame contains a password field inside a form with insecure action.</p>
+    <form action="http://test">
+      <input type="password" name="pwd">
+    </form>
+  </body>
+</html>

browser/devtools/webconsole/test/test-iframe-762593-insecure-frame.html

@@ -0,0 +1,15 @@
+<!doctype html>
+<html>
+  <head>
+    <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+    <!-- Any copyright is dedicated to the Public Domain.
+    http://creativecommons.org/publicdomain/zero/1.0/ -->
+  </head>
+  <body>
+    <h1>iframe 1</h1>
+    <p>This frame is served with an insecure password field.</p>
+    <iframe src=
+      "http://example.com/browser/browser/devtools/webconsole/test/test-iframe-762593-insecure-form-action.html">
+    </iframe>
+  </body>
+</html>

browser/devtools/webconsole/webconsole.js

@@ -39,6 +39,8 @@ const XUL_NS = "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul";
 
 const MIXED_CONTENT_LEARN_MORE = "https://developer.mozilla.org/en/Security/MixedContent";
 
+const INSECURE_PASSWORDS_LEARN_MORE = "https://developer.mozilla.org/en-US/docs/Security/InsecurePasswords";
+
 const HELP_URL = "https://developer.mozilla.org/docs/Tools/Web_Console/Helpers";
 
 const VARIABLES_VIEW_URL = "chrome://browser/content/devtools/widgets/VariablesView.xul";
@@ -1241,6 +1243,12 @@ WebConsoleFrame.prototype = {
                                       aScriptError.sourceName,
                                       aScriptError.lineNumber, null, null,
                                       aScriptError.timeStamp);
+
+    // Select the body of the message node that is displayed in the console
+    let msgBody = node.querySelector(".webconsole-msg-body");
+    // Add the more info link node to messages that belong to certain categories
+    this.addMoreInfoLink(msgBody, aScriptError);
+
     if (aScriptError.private) {
       node.setAttribute("private", true);
     }
@@ -1411,6 +1419,59 @@ WebConsoleFrame.prototype = {
     }.bind(this));
   },
 
+  /**
+   * Adds a more info link node to messages based on the nsIScriptError object
+   * that we need to report to the console
+   *
+   * @param aNode
+   *        The node to which we will be adding the more info link node
+   * @param aScriptError
+   *        The script error object that we are reporting to the console
+   */
+  addMoreInfoLink: function WCF_addMoreInfoLink(aNode, aScriptError)
+  {
+    // We have a single category for now, but more are to be
+    // expected soon
+    if (aScriptError.category == "Insecure Password Field") {
+      this.addInsecurePasswordsWarningNode(aNode);
+    }
+  },
+
+  /*
+   * Appends a clickable insecure passwords warning node to the node passed
+   * as a parameter to the function. When a user clicks on the appended
+   * warning node, the browser navigates to a page where the user can learn
+   * more about security issues associated with insecure passwords.
+   */
+  addInsecurePasswordsWarningNode:
+  function WCF_addInsecurePasswordsWarningNode(aNode)
+  {
+    let moreInfoLabel =
+      "[" + l10n.getStr("webConsoleMoreInfoLabel") + "]";
+
+    // The node that holds the clickable warning node.
+    let linkNode = this.document.createElementNS(XUL_NS, "hbox");
+    linkNode.flex = 1;
+    linkNode.classList.add("webconsole-msg-body-piece");
+    linkNode.classList.add("webconsole-msg-link");
+    aNode.appendChild(linkNode);
+
+    // Create the actual insecure passwords warning node and make it clickable
+    let warningNode = this.document.createElement("label");
+    warningNode.setAttribute("value", moreInfoLabel);
+    warningNode.setAttribute("title", moreInfoLabel);
+    warningNode.classList.add("hud-clickable");
+    warningNode.classList.add("webconsole-learn-more-link");
+
+    warningNode.addEventListener("click", function(aEvent) {
+      this.owner.openLink(INSECURE_PASSWORDS_LEARN_MORE);
+      aEvent.preventDefault();
+      aEvent.stopPropagation();
+    }.bind(this));
+
+    linkNode.appendChild(warningNode);
+  },
+
   /**
    * Log file activity.
    *
@@ -4472,6 +4533,7 @@ var Utils = {
       case "Mixed Content Blocker":
       case "CSP":
       case "Invalid HSTS Headers":
+      case "Insecure Password Field":
         return CATEGORY_SECURITY;
 
       default:

browser/locales/en-US/chrome/browser/devtools/webconsole.properties

@@ -75,6 +75,10 @@ webConsoleWindowTitleAndURL=Web Console - %S
 # http content in an https page).
 webConsoleMixedContentWarning=Mixed Content
 
+# LOCALIZATION NOTE (webConsoleMoreInfoLabel): the more info tag displayed
+# after security related web console messages.
+webConsoleMoreInfoLabel=Learn More
+
 # LOCALIZATION NOTE (scratchpad.linkText): the text used in the right hand
 # side of the Web Console command line when JavaScript is being entered, to
 # indicate how to jump into scratchpad mode.

browser/metro/base/content/browser.xul

@@ -291,15 +291,13 @@
                            command="cmd_stop"/>
           </hbox>
 
-          <circularprogressindicator id="download-progress"
-                                     oncommand="Appbar.onDownloadButton()"/>
           <stack id="toolbar-contextual">
             <observes element="bcast_windowState" attribute="*"/>
             <observes element="bcast_urlbarState" attribute="*"/>
 
             <hbox id="toolbar-context-page" pack="end">
-              <toolbarbutton id="download-button" class="appbar-secondary"
-                             oncommand="Appbar.onDownloadButton()"/>
+              <circularprogressindicator id="download-progress"
+                                     oncommand="Appbar.onDownloadButton()"/>
               <toolbarbutton id="star-button" class="appbar-primary"
                              type="checkbox"
                              oncommand="Appbar.onStarButton()"/>
@@ -721,11 +719,11 @@
         <setting pref="app.crashreporter.autosubmit" type="bool" title="&optionsHeader.reporting.crashes.label;" oncommand="BrowserUI.crashReportingPrefChanged(this.value);"/>
       </settings>
       <settings id="prefs-telemetry" label="&optionsHeader.telemetry.title;">
-        <setting pref="toolkit.telemetry.enabled" type="bool" title="&optionsHeader.telemetry.label;" oncommand="FlyoutPanelsUI.PrefsFlyoutPanel.onTelemetryPreferenceChanged(this.value);"/>
+        <setting pref="toolkit.telemetry.enabled" type="bool" title="&optionsHeader.telemetry.label;"/>
       </settings>
       <settings id="prefs-dnt" label="&doNotTrack.title;">
         <description>&doNotTrack.desc;</description>
-        <setting id="prefs-dnt-value" pref="privacy.donottrackheader.value" onpreferencechanged="FlyoutPanelsUI.PrefsFlyoutPanel.onDNTPreferenceChanged();" type="radio" >
+        <setting id="prefs-dnt-value" pref="privacy.donottrackheader.value" type="radio" >
           <radiogroup id="prefs-dnt-options">
             <radio id="prefs-dnt-notrack" label="&doNotTrack.options.trackingNotOkay;" value="1"/>
             <radio id="prefs-dnt-nopref" label="&doNotTrack.options.noPreference;" value="-1"/>

browser/metro/base/content/flyoutpanels/FlyoutPanelsUI.js

@@ -52,7 +52,7 @@ let FlyoutPanelsUI = {
     }
 
     this._currentFlyout = this[aToShow];
-    if (this._currentFlyout.show) {
+    if (this._currentFlyout._show) {
       this._currentFlyout._show();
     } else {
       this._currentFlyout._topmostElement.show();

browser/metro/base/content/flyoutpanels/PrefsFlyoutPanel.js

@@ -22,8 +22,6 @@ let PrefsFlyoutPanel = {
     this._elements = {};
     [
       ['PrefsFlyoutPanel',  'prefs-flyoutpanel'],
-      ['dntNoPref',    'prefs-dnt-nopref'],
-      ['telemetryPref','prefs-telemetry'],
     ].forEach(function(aElement) {
       let [name, id] = aElement;
       XPCOMUtils.defineLazyGetter(self._elements, name, function() {
@@ -31,6 +29,7 @@ let PrefsFlyoutPanel = {
       });
     });
 
+    this._prefObserver(null, null, "privacy.donottrackheader.value");
     this._topmostElement = this._elements.PrefsFlyoutPanel;
   },
 
@@ -38,19 +37,50 @@ let PrefsFlyoutPanel = {
     if (!this._hasShown) {
       SanitizeUI.init();
       this._hasShown = true;
+
+      Services.prefs.addObserver("privacy.donottrackheader.value",
+                                 this._prefObserver,
+                                 false);
+      Services.prefs.addObserver("privacy.donottrackheader.enabled",
+                                 this._prefObserver,
+                                 false);
     }
 
-    this._elements.PrefsFlyoutPanel.show();
+    this._topmostElement.show();
   },
 
-  onDNTPreferenceChanged: function onDNTPreferenceChanged() {
-    let selected = this._elements.dntNoPref.selected;
+  _prefObserver: function(subject, topic, data) {
+    let value = -1;
+    try {
+      value = Services.prefs.getIntPref("privacy.donottrackheader.value");
+    } catch(e) {
+    }
 
-    // When "tell sites nothing about my preferences" is selected, disable do not track.
-    Services.prefs.setBoolPref("privacy.donottrackheader.enabled", !selected);
+    let isEnabled = Services.prefs.getBoolPref("privacy.donottrackheader.enabled");
+
+    switch (data) {
+      case "privacy.donottrackheader.value":
+        // If the user has selected to explicitly tell sites that tracking
+        // is OK, or if the user has selected to explicitly tell sites that
+        // tracking is NOT OK, we must enable sending the dnt header
+        if (((1 == value) || (0 == value)) && !isEnabled) {
+          Services.prefs.setBoolPref('privacy.donottrackheader.enabled', true);
+        }
+
+        // If the user has made no selection about whether tracking
+        // is OK or not, we must diable the dnt header
+        if (((1 != value) && (0 != value)) && isEnabled) {
+          Services.prefs.setBoolPref('privacy.donottrackheader.enabled', false);
+        }
+        break;
+
+      case "privacy.donottrackheader.enabled":
+        // If someone or something modifies this pref, we should update the
+        // other pref as well so our UI doesn't give false information
+        if (((1 == value) || (0 == value)) && !isEnabled) {
+          Services.prefs.setIntPref('privacy.donottrackheader.value', -1);
+        }
+        break;
+    }
   },
-
-  onTelemetryPreferenceChanged: function onTelemetryPreferenceChanged(aBool) {
-    Services.prefs.setBoolPref("toolkit.telemetry.enabled", aBool);
-  }
 };

browser/themes/linux/devtools/debugger.css

@@ -57,15 +57,17 @@
 /* Black box message */
 
 #black-boxed-message {
-  padding: 100px 50px;
-  background-color: rgb(61, 69, 76);
+  /* Prevent the container deck from aquiring the height from this message. */
+  min-height: 1px;
+  background-color: rgb(61,69,76);
+  padding: 25vh 0;
   color: white;
 }
 
 #black-boxed-message-label,
 #black-boxed-message-button {
   text-align: center;
-  font-size: 150%;
+  font-size: 120%;
 }
 
 #black-boxed-message-button {

browser/themes/osx/devtools/debugger.css

@@ -59,15 +59,17 @@
 /* Black box message */
 
 #black-boxed-message {
-  padding: 100px 50px;
-  background-color: rgb(61, 69, 76);
+  /* Prevent the container deck from aquiring the height from this message. */
+  min-height: 1px;
+  background-color: rgb(61,69,76);
+  padding: 25vh 0;
   color: white;
 }
 
 #black-boxed-message-label,
 #black-boxed-message-button {
   text-align: center;
-  font-size: 150%;
+  font-size: 120%;
 }
 
 #black-boxed-message-button {

browser/themes/shared/devtools/webconsole.inc.css

@@ -79,6 +79,11 @@
   margin: 0;
 }
 
+.webconsole-learn-more-link {
+  color: #0000EE;
+  margin: 0 0 0 4px;
+}
+
 .hud-msg-node[selected="true"] > .webconsole-timestamp,
 .hud-msg-node[selected="true"] > .webconsole-location {
   color: inherit;

browser/themes/windows/devtools/debugger.css

@@ -57,15 +57,17 @@
 /* Black box message */
 
 #black-boxed-message {
-  padding: 100px 50px;
-  background-color: rgb(61, 69, 76);
+  /* Prevent the container deck from aquiring the height from this message. */
+  min-height: 1px;
+  background-color: rgb(61,69,76);
+  padding: 25vh 0;
   color: white;
 }
 
 #black-boxed-message-label,
 #black-boxed-message-button {
   text-align: center;
-  font-size: 150%;
+  font-size: 120%;
 }
 
 #black-boxed-message-button {

dom/locales/en-US/chrome/security/security.properties

@@ -11,3 +11,6 @@ OldCSPHeaderDeprecated=The X-Content-Security-Policy and X-Content-Security-Repo
 BothCSPHeadersPresent=This site specified both an X-Content-Security-Policy/Report-Only header and a Content-Security-Policy/Report-Only header. The X-Content-Security-Policy/Report-Only header(s) will be ignored.
 # LOCALIZATION NOTE: Do not translate "Strict-Transport-Security" or "HSTS"
 InvalidSTSHeaders=The site specified an invalid Strict-Transport-Security header.
+InsecurePasswordsPresentOnPage=Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.
+InsecureFormActionPasswordsPresent=Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen.
+InsecurePasswordsPresentOnIframe=Password fields present on an insecure (http://) iframe. This is a security risk that allows user login credentials to be stolen.

layout/base/nsDocumentViewer.cpp

@@ -428,6 +428,7 @@ protected:
   //   may consider splitting these out into a subclass
   unsigned      mIsSticky : 1;
   unsigned      mInPermitUnload : 1;
+  unsigned      mInPermitUnloadPrompt: 1;
 
 #ifdef NS_PRINTING
   unsigned      mClosingWhilePrinting : 1;
@@ -1090,7 +1091,10 @@ nsDocumentViewer::PermitUnload(bool aCallerClosesWindow, bool *aPermitUnload)
 {
   *aPermitUnload = true;
 
-  if (!mDocument || mInPermitUnload || mCallerIsClosingWindow) {
+  if (!mDocument
+   || mInPermitUnload
+   || mCallerIsClosingWindow
+   || mInPermitUnloadPrompt) {
     return NS_OK;
   }
 
@@ -1183,9 +1187,11 @@ nsDocumentViewer::PermitUnload(bool aCallerClosesWindow, bool *aPermitUnload)
                              (nsIPrompt::BUTTON_TITLE_IS_STRING * nsIPrompt::BUTTON_POS_1));
 
       nsAutoSyncOperation sync(mDocument);
+      mInPermitUnloadPrompt = true;
       rv = prompt->ConfirmEx(title, message, buttonFlags,
                              leaveLabel, stayLabel, nullptr, nullptr,
                              &dummy, &buttonPressed);
+      mInPermitUnloadPrompt = false;
       NS_ENSURE_SUCCESS(rv, rv);
 
       // Button 0 == leave, button 1 == stay

mobile/android/base/GeckoApp.java

@@ -691,7 +691,7 @@ abstract public class GeckoApp
                 String src = message.getString("url");
                 String type = message.getString("mime");
                 GeckoAppShell.shareImage(src, type);
-            } else if (event.equals("Wallpaper:Set")) {
+            } else if (event.equals("Image:SetAs")) {
                 String src = message.getString("url");
                 setImageAs(src);
             } else if (event.equals("Sanitize:ClearHistory")) {
@@ -1499,7 +1499,7 @@ abstract public class GeckoApp
         registerEventListener("WebApps:Uninstall");
         registerEventListener("Share:Text");
         registerEventListener("Share:Image");
-        registerEventListener("Wallpaper:Set");
+        registerEventListener("Image:SetAs");
         registerEventListener("Sanitize:ClearHistory");
         registerEventListener("Update:Check");
         registerEventListener("Update:Download");
@@ -2053,7 +2053,7 @@ abstract public class GeckoApp
         unregisterEventListener("WebApps:Uninstall");
         unregisterEventListener("Share:Text");
         unregisterEventListener("Share:Image");
-        unregisterEventListener("Wallpaper:Set");
+        unregisterEventListener("Image:SetAs");
         unregisterEventListener("Sanitize:ClearHistory");
         unregisterEventListener("Update:Check");
         unregisterEventListener("Update:Download");

mobile/android/chrome/content/browser.js

@@ -600,7 +600,7 @@ var BrowserApp = {
       function(aTarget) {
         let src = aTarget.src;
         sendMessageToJava({
-          type: "Wallpaper:Set",
+          type: "Image:SetAs",
           url: src
         });
       });

toolkit/components/passwordmgr/InsecurePasswordUtils.jsm

@@ -0,0 +1,146 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+this.EXPORTED_SYMBOLS = [ "InsecurePasswordUtils" ];
+
+const Ci = Components.interfaces;
+const Cu = Components.utils;
+const Cc = Components.classes;
+
+Cu.import("resource://gre/modules/Services.jsm");
+Cu.import("resource://gre/modules/XPCOMUtils.jsm");
+
+XPCOMUtils.defineLazyModuleGetter(this, "devtools",
+                                  "resource://gre/modules/devtools/Loader.jsm");
+
+Object.defineProperty(this, "WebConsoleUtils", {
+  get: function() {
+    return devtools.require("devtools/toolkit/webconsole/utils").Utils;
+  },
+  configurable: true,
+  enumerable: true
+});
+
+const STRINGS_URI = "chrome://global/locale/security/security.properties";
+let l10n = new WebConsoleUtils.l10n(STRINGS_URI);
+
+this.InsecurePasswordUtils = {
+
+  _sendWebConsoleMessage : function (messageTag, domDoc) {
+    /*
+     * All web console messages are warnings for now so I decided to set the
+     * flag here and save a bit of the flag creation in the callers.
+     * It's easy to expose this later if needed
+     */
+
+    let  windowId = WebConsoleUtils.getInnerWindowId(domDoc.defaultView);
+    let category = "Insecure Password Field";
+    let flag = Ci.nsIScriptError.warningFlag;
+    let message = l10n.getStr(messageTag);
+    let consoleMsg = Cc["@mozilla.org/scripterror;1"]
+      .createInstance(Ci.nsIScriptError);
+
+    consoleMsg.initWithWindowID(
+      message, "", 0, 0, 0, flag, category, windowId);
+
+    Services.console.logMessage(consoleMsg);
+  },
+
+  /*
+   * Checks whether the passed uri is secure
+   * Check Protocol Flags to determine if scheme is secure:
+   * URI_DOES_NOT_RETURN_DATA - e.g.
+   *   "mailto"
+   * URI_IS_LOCAL_RESOURCE - e.g.
+   *   "data",
+   *   "resource",
+   *   "moz-icon"
+   * URI_INHERITS_SECURITY_CONTEXT - e.g.
+   *   "javascript"
+   * URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT - e.g.
+   *   "https",
+   *   "moz-safe-about"
+   *
+   *   The use of this logic comes directly from nsMixedContentBlocker.cpp
+   *   At the time it was decided to include these protocols since a secure
+   *   uri for mixed content blocker means that the resource can't be
+   *   easily tampered with because 1) it is sent over an encrypted channel or
+   *   2) it is a local resource that never hits the network
+   *   or 3) it is a request sent without any response that could alter
+   *   the behavior of the page. It was decided to include the same logic
+   *   here both to be consistent with MCB and to make sure we cover all
+   *   "safe" protocols. Eventually, the code here and the code in MCB
+   *   will be moved to a common location that will be referenced from
+   *   both places. Look at
+   *   https://bugzilla.mozilla.org/show_bug.cgi?id=899099 for more info.
+   */
+  _checkIfURIisSecure : function(uri) {
+    let isSafe = false;
+    let netutil = Cc["@mozilla.org/network/util;1"].getService(Ci.nsINetUtil);
+    let ph = Ci.nsIProtocolHandler;
+
+    if (netutil.URIChainHasFlags(uri, ph.URI_IS_LOCAL_RESOURCE) ||
+        netutil.URIChainHasFlags(uri, ph.URI_DOES_NOT_RETURN_DATA) ||
+        netutil.URIChainHasFlags(uri, ph.URI_INHERITS_SECURITY_CONTEXT) ||
+        netutil.URIChainHasFlags(uri, ph.URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT)) {
+
+      isSafe = true;
+    }
+
+    return isSafe;
+  },
+
+  /*
+   * Checks whether the passed nested document is insecure
+   * or is inside an insecure parent document.
+   *
+   * We check the chain of frame ancestors all the way until the top document
+   * because MITM attackers could replace https:// iframes if they are nested inside
+   * http:// documents with their own content, thus creating a security risk
+   * and potentially stealing user data. Under such scenario, a user might not
+   * get a Mixed Content Blocker message, if the main document is served over HTTP
+   * and framing an HTTPS page as it would under the reverse scenario (http
+   * inside https).
+   */
+  _checkForInsecureNestedDocuments : function(domDoc) {
+    let uri = domDoc.documentURIObject;
+    if (domDoc.defaultView == domDoc.defaultView.parent) {
+      // We are at the top, nothing to check here
+      return false;
+    }
+    if (!this._checkIfURIisSecure(uri)) {
+      // We are insecure
+      return true;
+    }
+    // I am secure, but check my parent
+    return this._checkForInsecureNestedDocuments(domDoc.defaultView.parent.document);
+  },
+
+
+  /*
+   * Checks if there are insecure password fields present on the form's document
+   * i.e. passwords inside forms with http action, inside iframes with http src,
+   * or on insecure web pages. If insecure password fields are present,
+   * a log message is sent to the web console to warn developers.
+   */
+  checkForInsecurePasswords : function (aForm) {
+    var domDoc = aForm.ownerDocument;
+    let pageURI = domDoc.defaultView.top.document.documentURIObject;
+    let isSafePage = this._checkIfURIisSecure(pageURI);
+
+    if (!isSafePage) {
+      this._sendWebConsoleMessage("InsecurePasswordsPresentOnPage", domDoc);
+    }
+
+    // Check if we are on an iframe with insecure src, or inside another
+    // insecure iframe or document.
+    if (this._checkForInsecureNestedDocuments(domDoc)) {
+      this._sendWebConsoleMessage("InsecurePasswordsPresentOnIframe", domDoc);
+    }
+
+    if (aForm.action.match(/^http:\/\//)) {
+      this._sendWebConsoleMessage("InsecureFormActionPasswordsPresent", domDoc);
+    }
+  },
+};

toolkit/components/passwordmgr/moz.build

@@ -32,5 +32,6 @@ EXTRA_PP_COMPONENTS += [
 ]
 
 EXTRA_JS_MODULES += [
+    'InsecurePasswordUtils.jsm',
     'LoginManagerContent.jsm',
 ]

toolkit/components/printing/content/printUtils.js

@@ -216,6 +216,13 @@ var PrintUtils = {
       return;
     }
 
+    // Set the original window as an active window so any mozPrintCallbacks can
+    // run without delayed setTimeouts.
+    var docShell = originalWindow.QueryInterface(Ci.nsIInterfaceRequestor)
+                                 .getInterface(Ci.nsIWebNavigation)
+                                 .QueryInterface(Ci.nsIDocShell);
+    docShell.isActive = true;
+
     // show the toolbar after we go into print preview mode so
     // that we can initialize the toolbar with total num pages
     var XUL_NS =

toolkit/devtools/Loader.jsm

@@ -51,6 +51,7 @@ var BuiltinProvider = {
         "devtools": "resource:///modules/devtools",
         "devtools/server": "resource://gre/modules/devtools/server",
         "devtools/toolkit/webconsole": "resource://gre/modules/devtools/toolkit/webconsole",
+        "devtools/styleinspector/css-logic": "resource://gre/modules/devtools/styleinspector/css-logic",
 
         // Allow access to xpcshell test items from the loader.
         "xpcshell-test": "resource://test"
@@ -85,6 +86,8 @@ var SrcdirProvider = {
     let toolkitURI = this.fileURI(OS.Path.join(srcdir, "toolkit", "devtools"));
     let serverURI = this.fileURI(OS.Path.join(srcdir, "toolkit", "devtools", "server"));
     let webconsoleURI = this.fileURI(OS.Path.join(srcdir, "toolkit", "devtools", "webconsole"));
+    let cssLogicURI = this.fileURI(OS.Path.join(toolkitURI, "styleinspector", "css-logic"));
+
     let mainURI = this.fileURI(OS.Path.join(srcdir, "browser", "devtools", "main.js"));
     this.loader = new loader.Loader({
       modules: {
@@ -95,6 +98,7 @@ var SrcdirProvider = {
         "devtools/server": serverURI,
         "devtools/toolkit/webconsole": webconsoleURI,
         "devtools": devtoolsURI,
+        "devtools/styleinspector/css-logic": cssLogicURI,
         "main": mainURI
       },
       globals: loaderGlobals

toolkit/devtools/moz.build

@@ -10,5 +10,6 @@ PARALLEL_DIRS += [
     'gcli',
     'sourcemap',
     'webconsole',
-    'apps'
+    'apps',
+    'styleinspector'
 ]

toolkit/devtools/server/actors/inspector.js

@@ -138,6 +138,10 @@ var NodeActor = protocol.ActorClass({
 
   // Returns the JSON representation of this object over the wire.
   form: function(detail) {
+    if (detail === "actorid") {
+      return this.actorID;
+    }
+
     let parentNode = this.walker.parentNode(this);
 
     // Estimate the number of children.
@@ -152,7 +156,7 @@ var NodeActor = protocol.ActorClass({
       actor: this.actorID,
       parent: parentNode ? parentNode.actorID : undefined,
       nodeType: this.rawNode.nodeType,
-      namespaceURI: this.namespaceURI,
+      namespaceURI: this.rawNode.namespaceURI,
       nodeName: this.rawNode.nodeName,
       numChildren: numChildren,
 
@@ -308,6 +312,10 @@ let NodeFront = protocol.FrontClass(NodeActor, {
 
   // Update the object given a form representation off the wire.
   form: function(form, detail, ctx) {
+    if (detail === "actorid") {
+      this.actorID = form;
+      return;
+    }
     // Shallow copy of the form.  We could just store a reference, but
     // eventually we'll want to update some of the data.
     this._form = object.merge(form);

toolkit/devtools/server/actors/styleeditor.js

@@ -104,7 +104,7 @@ StyleEditorActor.prototype = {
    * @return {object} JSON message to with BaseURI
    */
   onGetBaseURI: function() {
-    return { baseURI: this.document.baseURIObject };
+    return { baseURI: this.document.baseURIObject.spec };
   },
 
   /**

toolkit/devtools/styleinspector/Makefile.in

@@ -0,0 +1,15 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DEPTH = ../../..
+topsrcdir = @top_srcdir@
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+include $(topsrcdir)/config/rules.mk
+
+libs::
+	$(INSTALL) $(IFLAGS1) $(srcdir)/*.js $(FINAL_TARGET)/modules/devtools/styleinspector

toolkit/devtools/styleinspector/moz.build

@@ -0,0 +1,5 @@
+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.

toolkit/mozapps/extensions/content/setting.xml

@@ -463,11 +463,15 @@
               return;
           }
 
-          for (let i = 0; i < this.control.itemCount; i++) {
-            if (this.control.getItemAtIndex(i).value == val) {
-              this.control.selectedIndex = i;
-              break;
+          if ("itemCount" in this.control) {
+            for (let i = 0; i < this.control.itemCount; i++) {
+              if (this.control.getItemAtIndex(i).value == val) {
+                this.control.selectedIndex = i;
+                break;
+              }
             }
+          } else {
+            this.control.setAttribute("value", val);
           }
         ]]>
         </body>

toolkit/mozapps/extensions/test/browser/browser_inlinesettings.js

@@ -139,7 +139,7 @@ function end_test() {
   MockFilePicker.cleanup();
 
   close_manager(gManagerWindow, function() {
-    observer.checkHidden("inlinesettings2@tests.mozilla.org");
+    observer.checkHidden("inlinesettings3@tests.mozilla.org");
     Services.obs.removeObserver(observer,
                                 AddonManager.OPTIONS_NOTIFICATION_HIDDEN);
 
@@ -575,3 +575,101 @@ add_test(function() {
     gCategoryUtilities.openType("extension", run_next_test);
   });
 });
+
+// Tests bindings with existing prefs.
+add_test(function() {
+  observer.checkHidden("inlinesettings2@tests.mozilla.org");
+
+  // Ensure these prefs are set. They should be set above, but somebody might
+  // change the tests above.
+  var profD = Services.dirsvc.get("ProfD", Ci.nsIFile);
+  Services.prefs.setBoolPref("extensions.inlinesettings1.bool", false);
+  Services.prefs.setIntPref("extensions.inlinesettings1.boolint", 1);
+  Services.prefs.setIntPref("extensions.inlinesettings1.integer", 12);
+  Services.prefs.setCharPref("extensions.inlinesettings1.string", "bar/");
+  Services.prefs.setCharPref("extensions.inlinesettings1.color", "#FF9900");
+  Services.prefs.setCharPref("extensions.inlinesettings1.file", profD.path);
+  Services.prefs.setCharPref("extensions.inlinesettings1.directory", profD.path);
+
+  var addon = get_addon_element(gManagerWindow, "inlinesettings1@tests.mozilla.org");
+  addon.parentNode.ensureElementIsVisible(addon);
+
+  var button = gManagerWindow.document.getAnonymousElementByAttribute(addon, "anonid", "preferences-btn");
+  EventUtils.synthesizeMouseAtCenter(button, { clickCount: 1 }, gManagerWindow);
+
+  wait_for_view_load(gManagerWindow, function() {
+    observer.checkDisplayed("inlinesettings1@tests.mozilla.org");
+
+    var grid = gManagerWindow.document.getElementById("detail-grid");
+    var settings = grid.querySelectorAll("rows > setting");
+
+    var input = gManagerWindow.document.getAnonymousElementByAttribute(settings[0], "anonid", "input");
+    is(input.checked, false, "Checkbox should have initial value");
+
+    var input = gManagerWindow.document.getAnonymousElementByAttribute(settings[1], "anonid", "input");
+    is(input.checked, true, "Checkbox should have initial value");
+
+    var input = gManagerWindow.document.getAnonymousElementByAttribute(settings[2], "anonid", "input");
+    is(input.value, "12", "Number box should have initial value");
+
+    var input = gManagerWindow.document.getAnonymousElementByAttribute(settings[3], "anonid", "input");
+    is(input.value, "bar/", "Text box should have initial value");
+
+    input = gManagerWindow.document.getAnonymousElementByAttribute(settings[5], "anonid", "input");
+    is(input.color, "#FF9900", "Color picker should have initial value");
+
+    input = gManagerWindow.document.getAnonymousElementByAttribute(settings[6], "anonid", "input");
+    is(input.value, profD.path, "Label should have initial value");
+    is(input.tooltipText, profD.path, "Label tooltip should have initial value");
+
+    input = gManagerWindow.document.getAnonymousElementByAttribute(settings[7], "anonid", "input");
+    is(input.value, profD.path, "Label value should have initial value");
+    is(input.tooltipText, profD.path, "Label tooltip should have initial value");
+
+    gCategoryUtilities.openType("extension", run_next_test);
+  });
+});
+
+// Tests bindings with existing prefs.
+add_test(function() {
+  observer.checkHidden("inlinesettings1@tests.mozilla.org");
+
+  // Ensure these prefs are set. They should be set above, but somebody might
+  // change the tests above.
+  Services.prefs.setBoolPref("extensions.inlinesettings3.radioBool", false);
+  Services.prefs.setIntPref("extensions.inlinesettings3.radioInt", 6);
+  Services.prefs.setCharPref("extensions.inlinesettings3.radioString", "kilo");
+  Services.prefs.setIntPref("extensions.inlinesettings3.menulist", 9);
+
+  var addon = get_addon_element(gManagerWindow, "inlinesettings3@tests.mozilla.org");
+  addon.parentNode.ensureElementIsVisible(addon);
+
+  var button = gManagerWindow.document.getAnonymousElementByAttribute(addon, "anonid", "preferences-btn");
+  EventUtils.synthesizeMouseAtCenter(button, { clickCount: 1 }, gManagerWindow);
+
+  wait_for_view_load(gManagerWindow, function() {
+    observer.checkDisplayed("inlinesettings3@tests.mozilla.org");
+
+    var grid = gManagerWindow.document.getElementById("detail-grid");
+    var settings = grid.querySelectorAll("rows > setting");
+
+    var radios = settings[0].getElementsByTagName("radio");
+    isnot(radios[0].selected, true, "Correct radio button should be selected");
+    is(radios[1].selected, true, "Correct radio button should be selected");
+
+    var radios = settings[1].getElementsByTagName("radio");
+    isnot(radios[0].selected, true, "Correct radio button should be selected");
+    isnot(radios[1].selected, true, "Correct radio button should be selected");
+    is(radios[2].selected, true, "Correct radio button should be selected");
+
+    var radios = settings[2].getElementsByTagName("radio");
+    isnot(radios[0].selected, true, "Correct radio button should be selected");
+    isnot(radios[1].selected, true, "Correct radio button should be selected");
+    is(radios[2].selected, true, "Correct radio button should be selected");
+
+    var input = settings[3].firstElementChild;
+    is(input.value, "9", "Menulist should have initial value");
+
+    gCategoryUtilities.openType("extension", run_next_test);
+  });
+});

widget/gtk2/nsWindow.cpp

@@ -135,6 +135,7 @@ const gint kEvents = GDK_EXPOSURE_MASK | GDK_STRUCTURE_MASK |
                      GDK_VISIBILITY_NOTIFY_MASK |
                      GDK_ENTER_NOTIFY_MASK | GDK_LEAVE_NOTIFY_MASK |
                      GDK_BUTTON_PRESS_MASK | GDK_BUTTON_RELEASE_MASK |
+                     GDK_SCROLL_MASK |
 #ifdef MOZ_PLATFORM_MAEMO
                      GDK_POINTER_MOTION_HINT_MASK |
 #endif