backout cset 30f8e29f9cd1 due to orange

browser/app/profile/firefox.js

@@ -578,6 +578,12 @@ pref("network.protocol-handler.expose.news", false);
 pref("network.protocol-handler.expose.snews", false);
 pref("network.protocol-handler.expose.nntp", false);
 
+// Default security warning dialogs to show once.
+pref("security.warn_entering_secure.show_once", false);
+pref("security.warn_leaving_secure.show_once", false);
+pref("security.warn_viewing_mixed.show_once", true);
+pref("security.warn_submit_insecure.show_once", false);
+
 pref("accessibility.typeaheadfind", false);
 pref("accessibility.typeaheadfind.timeout", 5000);
 pref("accessibility.typeaheadfind.linksonly", false);
@@ -996,6 +1002,10 @@ pref("services.sync.prefs.sync.security.OCSP.require", true);
 pref("services.sync.prefs.sync.security.default_personal_cert", true);
 pref("services.sync.prefs.sync.security.enable_ssl3", true);
 pref("services.sync.prefs.sync.security.enable_tls", true);
+pref("services.sync.prefs.sync.security.warn_entering_secure", true);
+pref("services.sync.prefs.sync.security.warn_leaving_secure", true);
+pref("services.sync.prefs.sync.security.warn_submit_insecure", true);
+pref("services.sync.prefs.sync.security.warn_viewing_mixed", true);
 pref("services.sync.prefs.sync.signon.rememberSignons", true);
 pref("services.sync.prefs.sync.spellchecker.dictionary", true);
 pref("services.sync.prefs.sync.xpinstall.whitelist.required", true);

build/automation.py.in

@@ -386,6 +386,7 @@ user_pref("dom.popup_maximum", -1);
 user_pref("dom.send_after_paint_to_content", true);
 user_pref("dom.successive_dialog_time_limit", 0);
 user_pref("signed.applets.codebase_principal_support", true);
+user_pref("security.warn_submit_insecure", false);
 user_pref("browser.shell.checkDefaultBrowser", false);
 user_pref("shell.checkDefaultClient", false);
 user_pref("browser.warnOnQuit", false);

js/src/tests/e4x/Regress/regress-308111.js

@@ -108,6 +108,7 @@ var xml = <prefs>
 <pref><name>browser.tabs.opentabfor.middleclick</name></pref>
 <pref><name>font.size.variable.x-tamil</name></pref>
 <pref><name>layout.word_select.eat_space_to_next_word</name></pref>
+<pref><name>security.warn_submit_insecure</name></pref>
 <pref><name>network.negotiate-auth.gsslib</name></pref>
 <pref><name>mousewheel.withaltkey.action</name></pref>
 <pref><name>capability.policy.default.Window.top</name></pref>
@@ -271,6 +272,7 @@ var xml = <prefs>
 <pref><name>font.name.sans-serif.zh-HK</name></pref>
 <pref><name>dom.disable_window_open_feature.toolbar</name></pref>
 <pref><name>dom.popup_maximum</name></pref>
+<pref><name>security.warn_entering_secure</name></pref>
 <pref><name>mousewheel.horizscroll.withaltkey.numlines</name></pref>
 <pref><name>browser.tabs.warnOnCloseOther</name></pref>
 <pref><name>intl.accept_charsets</name></pref>
@@ -292,6 +294,7 @@ var xml = <prefs>
 <pref><name>font.name-list.serif.x-beng</name></pref>
 <pref><name>dom.event.contextmenu.enabled</name></pref>
 <pref><name>browser.urlbar.clickSelectsAll</name></pref>
+<pref><name>security.warn_entering_secure.show_once</name></pref>
 <pref><name>font.size.fixed.zh-HK</name></pref>
 <pref><name>capability.policy.mailnews.SOAPCall.invoke</name></pref>
 <pref><name>capability.policy.default.SOAPCall.invokeVerifySourceHeader</name></pref>
@@ -536,6 +539,7 @@ var xml = <prefs>
 <pref><name>svg.enabled</name></pref>
 <pref><name>capability.policy.default.Window.location</name></pref>
 <pref><name>dom.disable_window_flip</name></pref>
+<pref><name>security.warn_submit_insecure.show_once</name></pref>
 <pref><name>font.size.variable.x-cyrillic</name></pref>
 <pref><name>font.size.fixed.x-western</name></pref>
 <pref><name>font.size.variable.x-devanagari</name></pref>

js/src/tests/user.js

@@ -16,6 +16,10 @@ user_pref("dom.max_chrome_script_run_time", 0);
 user_pref("javascript.allow.mailnews", true);
 user_pref("javascript.options.showInConsole", true);
 user_pref("layout.css.report_errors", true);
+user_pref("security.warn_entering_secure", false);
+user_pref("security.warn_leaving_secure", false);
+user_pref("security.warn_submit_insecure", false);
+user_pref("security.warn_viewing_mixed", false);
 user_pref("signed.applets.codebase_principal_support", true);
 user_pref("browser.warnOnQuit", false);
 user_pref("browser.cache.check_doc_frequency", 1);

netwerk/base/public/security-prefs.js

@@ -54,6 +54,10 @@ pref("security.default_personal_cert",   "Ask Every Time");
 pref("security.remember_cert_checkbox_default_setting", true);
 pref("security.ask_for_password",        0);
 pref("security.password_lifetime",       30);
+pref("security.warn_entering_secure",    false);
+pref("security.warn_leaving_secure",     false);
+pref("security.warn_viewing_mixed",      true);
+pref("security.warn_submit_insecure",    false);
 
 pref("security.OCSP.enabled", 1);
 pref("security.OCSP.require", false);

security/manager/boot/public/nsISecurityUITelemetry.idl

@@ -6,7 +6,7 @@
 
 #include "nsISupports.idl"
 
-[scriptable, uuid(d5c7d771-53a7-40e5-8247-fb6a8795cae8)]
+[scriptable, uuid(8dad8f23-bdb5-458c-b38c-8eab77578e60)]
 
 interface nsISecurityUITelemetry : nsISupports {
 
@@ -28,18 +28,18 @@ const uint32_t WARNING_CONFIRM_ADDON_INSTALL_CLICK_THROUGH  = 4;
  * modal dialogs/warnings 
  */
 
-//     removed WARNING_ENTERING_SECURE_SITE = 5;
+const uint32_t WARNING_ENTERING_SECURE_SITE = 5;
 //     removed WARNING_ENTERING_WEAK_SITE = 6;
-//     removed WARNING_LEAVING_SECURE_SITE = 7;
-//     removed WARNING_MIXED_CONTENT  = 8;
+const uint32_t WARNING_LEAVING_SECURE_SITE = 7;
+const uint32_t WARNING_MIXED_CONTENT  = 8;
 
 // For confirmation dialogs, the clickthrough constant needs to be 1
 // more than the dialog constant so that
 // WARNING_CONFIRM_<X> + 1 == WARNING_CONFIRM_<X>_CLICK_THROUGH
 const uint32_t WARNING_CONFIRM_POST_TO_INSECURE_FROM_SECURE = 9;
 const uint32_t WARNING_CONFIRM_POST_TO_INSECURE_FROM_SECURE_CLICK_THROUGH = 10;
-//     removed WARNING_CONFIRM_POST_TO_INSECURE_FROM_INSECURE = 11;
-//     removed WARNING_CONFIRM_POST_TO_INSECURE_FROM_INSECURE_CLICK_THROUGH = 12;
+const uint32_t WARNING_CONFIRM_POST_TO_INSECURE_FROM_INSECURE = 11;
+const uint32_t WARNING_CONFIRM_POST_TO_INSECURE_FROM_INSECURE_CLICK_THROUGH = 12;
 
 /*
  * Phishing / Malware page warnings

security/manager/boot/public/nsISecurityWarningDialogs.idl

@@ -11,9 +11,53 @@ interface nsIInterfaceRequestor;
  * Functions that display warnings for transitions between secure
  * and insecure pages, posts to insecure servers etc.
  */
-[scriptable, uuid(a9561631-5964-4d3f-b372-9f23504054b1)]
+[scriptable, uuid(ba1f7293-c633-4e4c-b3e8-ae2feedb3c09)]
 interface nsISecurityWarningDialogs : nsISupports
 {
+  /**
+   *  Inform the user that a transition 
+   *    from an insecure page 
+   *    to a secure page
+   *  is happening.
+   *
+   *  @param ctx A user interface context.
+   *
+   *  @return true if the user confirms to continue
+   */
+  boolean confirmEnteringSecure(in nsIInterfaceRequestor ctx);
+
+  /**
+   *  Inform the user that a transition 
+   *    from a secure page 
+   *    to an insecure page
+   *  is happening.
+   *
+   *  @param ctx A user interface context.
+   *
+   *  @return true if the user confirms to continue
+   */
+  boolean confirmLeavingSecure(in nsIInterfaceRequestor ctx);
+
+  /**
+   *  Inform the user the currently displayed page
+   *  contains some secure and some insecure page components.
+   *
+   *  @param ctx A user interface context.
+   *
+   *  @return true if the user decides to show insecure objects.
+   */
+  boolean confirmMixedMode(in nsIInterfaceRequestor ctx);
+
+  /**
+   *  Inform the user that information is being submitted
+   *  to an insecure page.
+   *
+   *  @param ctx A user interface context.
+   *
+   *  @return true if the user confirms to submit.
+   */
+  boolean confirmPostToInsecure(in nsIInterfaceRequestor ctx);
+
   /**
    *  Inform the user: Although the currently displayed
    *  page was loaded using a secure connection, and the UI probably

security/manager/boot/src/nsSecureBrowserUIImpl.cpp

@@ -1281,13 +1281,14 @@ nsresult nsSecureBrowserUIImpl::UpdateSecurityState(nsIRequest* aRequest,
                                                     bool withUpdateTooltip)
 {
   lockIconState warnSecurityState = lis_no_security;
+  bool showWarning = false;
   nsresult rv = NS_OK;
 
   // both parameters are both input and outout
-  bool flagsChanged = UpdateMyFlags(warnSecurityState);
+  bool flagsChanged = UpdateMyFlags(showWarning, warnSecurityState);
 
   if (flagsChanged || withNewLocation || withUpdateStatus || withUpdateTooltip)
-    rv = TellTheWorld(warnSecurityState, aRequest);
+    rv = TellTheWorld(showWarning, warnSecurityState, aRequest);
 
   return rv;
 }
@@ -1295,7 +1296,7 @@ nsresult nsSecureBrowserUIImpl::UpdateSecurityState(nsIRequest* aRequest,
 // must not fail, by definition, only trivial assignments
 // or string operations are allowed
 // returns true if our overall state has changed and we must send out notifications
-bool nsSecureBrowserUIImpl::UpdateMyFlags(lockIconState &warnSecurityState)
+bool nsSecureBrowserUIImpl::UpdateMyFlags(bool &showWarning, lockIconState &warnSecurityState)
 {
   ReentrantMonitorAutoEnter lock(mReentrantMonitor);
   bool mustTellTheWorld = false;
@@ -1337,8 +1338,23 @@ bool nsSecureBrowserUIImpl::UpdateMyFlags(lockIconState &warnSecurityState)
     mustTellTheWorld = true;
 
     // we'll treat "broken" exactly like "insecure",
+    // i.e. we do not show alerts when switching between broken and insecure
 
     /*
+      from                 to           shows alert
+    ------------------------------     ---------------
+
+    no or broken -> no or broken    => <NOTHING SHOWN>
+
+    no or broken -> mixed           => mixed alert
+    no or broken -> high            => high alert
+    
+    mixed, high  -> no, broken      => leaving secure
+
+    mixed        -> high            => high alert
+
+    high         -> mixed           => mixed
+    
       security    icon
       ----------------
     
@@ -1348,6 +1364,32 @@ bool nsSecureBrowserUIImpl::UpdateMyFlags(lockIconState &warnSecurityState)
       high        high
     */
 
+    showWarning = true;
+    
+    switch (mNotifiedSecurityState)
+    {
+      case lis_no_security:
+      case lis_broken_security:
+        switch (newSecurityState)
+        {
+          case lis_no_security:
+          case lis_broken_security:
+            showWarning = false;
+            break;
+          
+          default:
+            break;
+        }
+      
+      default:
+        break;
+    }
+
+    if (showWarning)
+    {
+      warnSecurityState = newSecurityState;
+    }
+    
     mNotifiedSecurityState = newSecurityState;
 
     if (lis_no_security == newSecurityState)
@@ -1365,7 +1407,8 @@ bool nsSecureBrowserUIImpl::UpdateMyFlags(lockIconState &warnSecurityState)
   return mustTellTheWorld;
 }
 
-nsresult nsSecureBrowserUIImpl::TellTheWorld(lockIconState warnSecurityState, 
+nsresult nsSecureBrowserUIImpl::TellTheWorld(bool showWarning, 
+                                             lockIconState warnSecurityState, 
                                              nsIRequest* aRequest)
 {
   nsCOMPtr<nsISecurityEventSink> temp_ToplevelEventSink;
@@ -1400,6 +1443,25 @@ nsresult nsSecureBrowserUIImpl::TellTheWorld(lockIconState warnSecurityState,
 
   }
 
+  if (showWarning)
+  {
+    switch (warnSecurityState)
+    {
+      case lis_no_security:
+      case lis_broken_security:
+        ConfirmLeavingSecure();
+        break;
+
+      case lis_mixed_security:
+        ConfirmMixedMode();
+        break;
+
+      case lis_high_security:
+        ConfirmEnteringSecure();
+        break;
+    }
+  }
+
   return NS_OK; 
 }
 
@@ -1642,6 +1704,8 @@ nsSecureBrowserUIImpl::CheckPost(nsIURI *formURL, nsIURI *actionURL, bool *okayT
   // posting to insecure webpage from a secure webpage.
   if (formSecure) {
     *okayToPost = ConfirmPostToInsecureFromSecure();
+  } else {
+    *okayToPost = ConfirmPostToInsecure();
   }
 
   return NS_OK;
@@ -1724,6 +1788,77 @@ nsSecureBrowserUIImpl::GetNSSDialogs(nsCOMPtr<nsISecurityWarningDialogs> & dialo
   return true;
 }
 
+bool nsSecureBrowserUIImpl::
+ConfirmEnteringSecure()
+{
+  nsCOMPtr<nsISecurityWarningDialogs> dialogs;
+  nsCOMPtr<nsIInterfaceRequestor> ctx;
+
+  if (!GetNSSDialogs(dialogs, ctx)) {
+    return false; // Should this allow true for unimplemented?
+  }
+
+  bool confirms;
+  dialogs->ConfirmEnteringSecure(ctx, &confirms);
+
+  return confirms;
+}
+
+bool nsSecureBrowserUIImpl::
+ConfirmLeavingSecure()
+{
+  nsCOMPtr<nsISecurityWarningDialogs> dialogs;
+  nsCOMPtr<nsIInterfaceRequestor> ctx;
+
+  if (!GetNSSDialogs(dialogs, ctx)) {
+    return false; // Should this allow true for unimplemented?
+  }
+
+  bool confirms;
+  dialogs->ConfirmLeavingSecure(ctx, &confirms);
+
+  return confirms;
+}
+
+bool nsSecureBrowserUIImpl::
+ConfirmMixedMode()
+{
+  nsCOMPtr<nsISecurityWarningDialogs> dialogs;
+  nsCOMPtr<nsIInterfaceRequestor> ctx;
+
+  if (!GetNSSDialogs(dialogs, ctx)) {
+    return false; // Should this allow true for unimplemented?
+  }
+
+  bool confirms;
+  dialogs->ConfirmMixedMode(ctx, &confirms);
+
+  return confirms;
+}
+
+/**
+ * ConfirmPostToInsecure - returns true if
+ *   the user approves the submit (or doesn't care).
+ *   returns false on errors.
+ */
+bool nsSecureBrowserUIImpl::
+ConfirmPostToInsecure()
+{
+  nsCOMPtr<nsISecurityWarningDialogs> dialogs;
+  nsCOMPtr<nsIInterfaceRequestor> ctx;
+
+  if (!GetNSSDialogs(dialogs, ctx)) {
+    return false; // Should this allow true for unimplemented?
+  }
+
+  bool result;
+
+  nsresult rv = dialogs->ConfirmPostToInsecure(ctx, &result);
+  if (NS_FAILED(rv)) return false;
+
+  return result;
+}
+
 /**
  * ConfirmPostToInsecureFromSecure - returns true if
  *   the user approves the submit (or doesn't care).

security/manager/boot/src/nsSecureBrowserUIImpl.h

@@ -102,8 +102,9 @@ protected:
   static nsresult MapInternalToExternalState(uint32_t* aState, lockIconState lock, bool ev);
   nsresult UpdateSecurityState(nsIRequest* aRequest, bool withNewLocation,
                                bool withUpdateStatus, bool withUpdateTooltip);
-  bool UpdateMyFlags(lockIconState &warnSecurityState);
-  nsresult TellTheWorld(lockIconState warnSecurityState, 
+  bool UpdateMyFlags(bool &showWarning, lockIconState &warnSecurityState);
+  nsresult TellTheWorld(bool showWarning, 
+                        lockIconState warnSecurityState, 
                         nsIRequest* aRequest);
 
   nsresult EvaluateAndUpdateSecurityState(nsIRequest* aRequest, nsISupports *info,

security/manager/boot/src/nsSecurityWarningDialogs.cpp

@@ -23,6 +23,11 @@ NS_IMPL_THREADSAFE_ISUPPORTS1(nsSecurityWarningDialogs, nsISecurityWarningDialog
 
 #define STRING_BUNDLE_URL    "chrome://pipnss/locale/security.properties"
 
+#define ENTER_SITE_PREF      "security.warn_entering_secure"
+#define LEAVE_SITE_PREF      "security.warn_leaving_secure"
+#define MIXEDCONTENT_PREF    "security.warn_viewing_mixed"
+#define INSECURE_SUBMIT_PREF "security.warn_submit_insecure"
+
 nsSecurityWarningDialogs::nsSecurityWarningDialogs()
 {
 }
@@ -48,6 +53,172 @@ nsSecurityWarningDialogs::Init()
   return rv;
 }
 
+NS_IMETHODIMP 
+nsSecurityWarningDialogs::ConfirmEnteringSecure(nsIInterfaceRequestor *ctx, bool *_retval)
+{
+  nsresult rv;
+
+  rv = AlertDialog(ctx, ENTER_SITE_PREF, 
+                   NS_LITERAL_STRING("EnterSecureMessage").get(),
+                   NS_LITERAL_STRING("EnterSecureShowAgain").get(),
+                   false,
+                   nsISecurityUITelemetry::WARNING_ENTERING_SECURE_SITE);
+
+  *_retval = true;
+  return rv;
+}
+
+NS_IMETHODIMP 
+nsSecurityWarningDialogs::ConfirmLeavingSecure(nsIInterfaceRequestor *ctx, bool *_retval)
+{
+  nsresult rv;
+
+  rv = AlertDialog(ctx, LEAVE_SITE_PREF, 
+                   NS_LITERAL_STRING("LeaveSecureMessage").get(),
+                   NS_LITERAL_STRING("LeaveSecureShowAgain").get(),
+                   false,
+                   nsISecurityUITelemetry::WARNING_LEAVING_SECURE_SITE);
+
+  *_retval = true;
+  return rv;
+}
+
+
+NS_IMETHODIMP 
+nsSecurityWarningDialogs::ConfirmMixedMode(nsIInterfaceRequestor *ctx, bool *_retval)
+{
+  nsresult rv;
+
+  rv = AlertDialog(ctx, MIXEDCONTENT_PREF, 
+                   NS_LITERAL_STRING("MixedContentMessage").get(),
+                   NS_LITERAL_STRING("MixedContentShowAgain").get(),
+                   true,
+                   nsISecurityUITelemetry::WARNING_MIXED_CONTENT);
+
+  *_retval = true;
+  return rv;
+}
+
+class nsAsyncAlert : public nsRunnable
+{
+public:
+  nsAsyncAlert(nsIPrompt*       aPrompt,
+               const char*      aPrefName,
+               const PRUnichar* aDialogMessageName,
+               const PRUnichar* aShowAgainName,
+               nsIPrefBranch*   aPrefBranch,
+               nsIStringBundle* aStringBundle,
+               uint32_t         aBucket)
+  : mPrompt(aPrompt), mPrefName(aPrefName),
+    mDialogMessageName(aDialogMessageName),
+    mShowAgainName(aShowAgainName), mPrefBranch(aPrefBranch),
+    mStringBundle(aStringBundle),
+    mBucket(aBucket) {}
+  NS_IMETHOD Run();
+
+protected:
+  nsCOMPtr<nsIPrompt>       mPrompt;
+  nsCString                 mPrefName;
+  nsString                  mDialogMessageName;
+  nsString                  mShowAgainName;
+  nsCOMPtr<nsIPrefBranch>   mPrefBranch;
+  nsCOMPtr<nsIStringBundle> mStringBundle;
+  uint32_t                  mBucket;
+};
+
+NS_IMETHODIMP
+nsAsyncAlert::Run()
+{
+  nsresult rv;
+
+  // Get user's preference for this alert
+  bool prefValue;
+  rv = mPrefBranch->GetBoolPref(mPrefName.get(), &prefValue);
+  if (NS_FAILED(rv)) prefValue = true;
+
+  // Stop if alert is not requested
+  if (!prefValue) return NS_OK;
+
+  mozilla::Telemetry::Accumulate(mozilla::Telemetry::SECURITY_UI, mBucket);
+  // Check for a show-once pref for this dialog.
+  // If the show-once pref is set to true:
+  //   - The default value of the "show every time" checkbox is unchecked
+  //   - If the user checks the checkbox, we clear the show-once pref.
+
+  nsAutoCString showOncePref(mPrefName);
+  showOncePref += ".show_once";
+
+  bool showOnce = false;
+  mPrefBranch->GetBoolPref(showOncePref.get(), &showOnce);
+
+  if (showOnce)
+    prefValue = false;
+
+  // Get messages strings from localization file
+  nsXPIDLString windowTitle, message, dontShowAgain;
+
+  mStringBundle->GetStringFromName(NS_LITERAL_STRING("Title").get(),
+                                   getter_Copies(windowTitle));
+  mStringBundle->GetStringFromName(mDialogMessageName.get(),
+                                   getter_Copies(message));
+  mStringBundle->GetStringFromName(mShowAgainName.get(),
+                                   getter_Copies(dontShowAgain));
+  if (!windowTitle || !message || !dontShowAgain) return NS_ERROR_FAILURE;
+
+  rv = mPrompt->AlertCheck(windowTitle, message, dontShowAgain, &prefValue);
+  if (NS_FAILED(rv)) return rv;
+      
+  if (!prefValue) {
+    mPrefBranch->SetBoolPref(mPrefName.get(), false);
+  } else if (showOnce) {
+    mPrefBranch->SetBoolPref(showOncePref.get(), false);
+  }
+
+  return rv;
+}
+
+
+nsresult
+nsSecurityWarningDialogs::AlertDialog(nsIInterfaceRequestor* aCtx,
+                                      const char* aPrefName,
+                                      const PRUnichar* aDialogMessageName,
+                                      const PRUnichar* aShowAgainName,
+                                      bool aAsync,
+                                      const uint32_t aBucket)
+{
+  // Get Prompt to use
+  nsCOMPtr<nsIPrompt> prompt = do_GetInterface(aCtx);
+  if (!prompt) return NS_ERROR_FAILURE;
+
+  nsRefPtr<nsAsyncAlert> alert = new nsAsyncAlert(prompt,
+                                                  aPrefName,
+                                                  aDialogMessageName,
+                                                  aShowAgainName,
+                                                  mPrefBranch,
+                                                  mStringBundle,
+                                                  aBucket);
+
+  NS_ENSURE_TRUE(alert, NS_ERROR_OUT_OF_MEMORY);
+  return aAsync ? NS_DispatchToCurrentThread(alert) : alert->Run();
+}
+
+
+
+NS_IMETHODIMP 
+nsSecurityWarningDialogs::ConfirmPostToInsecure(nsIInterfaceRequestor *ctx, bool* _result)
+{
+  nsresult rv;
+
+  // The Telemetry clickthrough constant is 1 more than the constant for the dialog.
+  rv = ConfirmDialog(ctx, INSECURE_SUBMIT_PREF,
+                     NS_LITERAL_STRING("PostToInsecureFromInsecureMessage").get(),
+                     NS_LITERAL_STRING("PostToInsecureFromInsecureShowAgain").get(),
+                     nsISecurityUITelemetry::WARNING_CONFIRM_POST_TO_INSECURE_FROM_INSECURE,
+                     _result);
+
+  return rv;
+}
+
 NS_IMETHODIMP 
 nsSecurityWarningDialogs::ConfirmPostToInsecureFromSecure(nsIInterfaceRequestor *ctx, bool* _result)
 {

security/manager/locales/en-US/chrome/pipnss/security.properties

@@ -4,7 +4,15 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 Title=Security Warning
+MixedContentMessage=You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party.
+LeaveSecureMessage=You are about to leave an encrypted page. Information you send or receive from now on could easily be read by a third party.
+EnterSecureMessage=You have requested an encrypted page. The website has identified itself correctly, and information you see or enter on this page can't easily be read by a third party.
 PostToInsecureFromSecureMessage=Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.##Are you sure you want to continue sending this information?##
+PostToInsecureFromInsecureMessage=The information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.##Are you sure you want to continue sending this information?##
+MixedContentShowAgain=Alert me whenever I'm about to view an encrypted page that contains some unencrypted information.
+LeaveSecureShowAgain=Alert me whenever I leave an encrypted page for one that isn't encrypted. 
+EnterSecureShowAgain=Alert me whenever I am about to view an encrypted page.
+PostToInsecureFromInsecureShowAgain=Alert me whenever I submit information that's not encrypted.
 SecurityButtonTooltipText=Displays security information about the current page
 SecurityButtonMixedContentTooltipText=Warning: Contains unauthenticated content
 Continue=Continue

testing/tinderbox-standalone-tests/Tests.pm

@@ -69,6 +69,11 @@ sub global_prefs {
         Prefs::set_pref($pref_file, 'camino.check_default_browser', 'false');
     }
 
+    # Suppress security warnings for QA test.
+    if ($Settings::QATest) {
+        Prefs::set_pref($pref_file, 'security.warn_submit_insecure', 'true');
+    }
+    
     #
     # Assume that we want to test modern skin for all tests.
     #