mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 769178 - Add error page for about:certerror. r=fabrice
This commit is contained in:
parent
05a0fd7371
commit
7dfc147c18
233
b2g/chrome/content/aboutCertError.xhtml
Normal file
233
b2g/chrome/content/aboutCertError.xhtml
Normal file
@ -0,0 +1,233 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<!DOCTYPE html [
|
||||
<!ENTITY % htmlDTD
|
||||
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"DTD/xhtml1-strict.dtd">
|
||||
%htmlDTD;
|
||||
<!ENTITY % globalDTD
|
||||
SYSTEM "chrome://global/locale/global.dtd">
|
||||
%globalDTD;
|
||||
<!ENTITY % certerrorDTD
|
||||
SYSTEM "chrome://b2g-l10n/locale/aboutCertError.dtd">
|
||||
%certerrorDTD;
|
||||
]>
|
||||
|
||||
<!-- This Source Code Form is subject to the terms of the Mozilla Public
|
||||
- License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
- file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<title>&certerror.pagetitle;</title>
|
||||
<meta name="viewport" content="width=device-width; user-scalable=false" />
|
||||
<link rel="stylesheet" href="chrome://global/skin/netError.css" type="text/css" media="all" />
|
||||
<!-- This page currently uses the same favicon as neterror.xhtml.
|
||||
If the location of the favicon is changed for both pages, the
|
||||
FAVICON_ERRORPAGE_URL symbol in toolkit/components/places/src/nsFaviconService.h
|
||||
should be updated. If this page starts using a different favicon
|
||||
than neterrorm nsFaviconService->SetAndLoadFaviconForPage
|
||||
should be updated to ignore this one as well. -->
|
||||
<link rel="icon" type="image/png" id="favicon" sizes="64x64" href="chrome://global/skin/icons/warning-64.png"/>
|
||||
|
||||
<script type="application/javascript"><![CDATA[
|
||||
// Error url MUST be formatted like this:
|
||||
// about:certerror?e=error&u=url&d=desc
|
||||
|
||||
// Note that this file uses document.documentURI to get
|
||||
// the URL (with the format from above). This is because
|
||||
// document.location.href gets the current URI off the docshell,
|
||||
// which is the URL displayed in the location bar, i.e.
|
||||
// the URI that the user attempted to load.
|
||||
|
||||
function getCSSClass()
|
||||
{
|
||||
var url = document.documentURI;
|
||||
var matches = url.match(/s\=([^&]+)\&/);
|
||||
// s is optional, if no match just return nothing
|
||||
if (!matches || matches.length < 2)
|
||||
return "";
|
||||
|
||||
// parenthetical match is the second entry
|
||||
return decodeURIComponent(matches[1]);
|
||||
}
|
||||
|
||||
function getDescription()
|
||||
{
|
||||
var url = document.documentURI;
|
||||
var desc = url.search(/d\=/);
|
||||
|
||||
// desc == -1 if not found; if so, return an empty string
|
||||
// instead of what would turn out to be portions of the URI
|
||||
if (desc == -1)
|
||||
return "";
|
||||
|
||||
return decodeURIComponent(url.slice(desc + 2));
|
||||
}
|
||||
|
||||
function initPage()
|
||||
{
|
||||
// Replace the "#1" string in the intro with the hostname. Trickier
|
||||
// than it might seem since we want to preserve the <b> tags, but
|
||||
// not allow for any injection by just using innerHTML. Instead,
|
||||
// just find the right target text node.
|
||||
var intro = document.getElementById('introContentP1');
|
||||
function replaceWithHost(node) {
|
||||
if (node.textContent == "#1")
|
||||
node.textContent = location.host;
|
||||
else
|
||||
for(var i = 0; i < node.childNodes.length; i++)
|
||||
replaceWithHost(node.childNodes[i]);
|
||||
};
|
||||
replaceWithHost(intro);
|
||||
|
||||
if (getCSSClass() == "expertBadCert") {
|
||||
toggle('technicalContent');
|
||||
toggle('expertContent');
|
||||
}
|
||||
|
||||
var tech = document.getElementById("technicalContentText");
|
||||
if (tech)
|
||||
tech.textContent = getDescription();
|
||||
|
||||
addDomainErrorLink();
|
||||
}
|
||||
|
||||
/* In the case of SSL error pages about domain mismatch, see if
|
||||
we can hyperlink the user to the correct site. We don't want
|
||||
to do this generically since it allows MitM attacks to redirect
|
||||
users to a site under attacker control, but in certain cases
|
||||
it is safe (and helpful!) to do so. Bug 402210
|
||||
*/
|
||||
function addDomainErrorLink() {
|
||||
// Rather than textContent, we need to treat description as HTML
|
||||
var sd = document.getElementById("technicalContentText");
|
||||
if (sd) {
|
||||
var desc = getDescription();
|
||||
|
||||
// sanitize description text - see bug 441169
|
||||
|
||||
// First, find the index of the <a> tag we care about, being careful not to
|
||||
// use an over-greedy regex
|
||||
var re = /<a id="cert_domain_link" title="([^"]+)">/;
|
||||
var result = re.exec(desc);
|
||||
if(!result)
|
||||
return;
|
||||
|
||||
// Remove sd's existing children
|
||||
sd.textContent = "";
|
||||
|
||||
// Everything up to the link should be text content
|
||||
sd.appendChild(document.createTextNode(desc.slice(0, result.index)));
|
||||
|
||||
// Now create the link itself
|
||||
var anchorEl = document.createElement("a");
|
||||
anchorEl.setAttribute("id", "cert_domain_link");
|
||||
anchorEl.setAttribute("title", result[1]);
|
||||
anchorEl.appendChild(document.createTextNode(result[1]));
|
||||
sd.appendChild(anchorEl);
|
||||
|
||||
// Finally, append text for anything after the closing </a>
|
||||
sd.appendChild(document.createTextNode(desc.slice(desc.indexOf("</a>") + "</a>".length)));
|
||||
}
|
||||
|
||||
var link = document.getElementById('cert_domain_link');
|
||||
if (!link)
|
||||
return;
|
||||
|
||||
var okHost = link.getAttribute("title");
|
||||
var thisHost = document.location.hostname;
|
||||
var proto = document.location.protocol;
|
||||
|
||||
// If okHost is a wildcard domain ("*.example.com") let's
|
||||
// use "www" instead. "*.example.com" isn't going to
|
||||
// get anyone anywhere useful. bug 432491
|
||||
okHost = okHost.replace(/^\*\./, "www.");
|
||||
|
||||
/* case #1:
|
||||
* example.com uses an invalid security certificate.
|
||||
*
|
||||
* The certificate is only valid for www.example.com
|
||||
*
|
||||
* Make sure to include the "." ahead of thisHost so that
|
||||
* a MitM attack on paypal.com doesn't hyperlink to "notpaypal.com"
|
||||
*
|
||||
* We'd normally just use a RegExp here except that we lack a
|
||||
* library function to escape them properly (bug 248062), and
|
||||
* domain names are famous for having '.' characters in them,
|
||||
* which would allow spurious and possibly hostile matches.
|
||||
*/
|
||||
if (endsWith(okHost, "." + thisHost))
|
||||
link.href = proto + okHost;
|
||||
|
||||
/* case #2:
|
||||
* browser.garage.maemo.org uses an invalid security certificate.
|
||||
*
|
||||
* The certificate is only valid for garage.maemo.org
|
||||
*/
|
||||
if (endsWith(thisHost, "." + okHost))
|
||||
link.href = proto + okHost;
|
||||
|
||||
// If we set a link, meaning there's something helpful for
|
||||
// the user here, expand the section by default
|
||||
if (link.href && getCSSClass() != "expertBadCert")
|
||||
toggle("technicalContent");
|
||||
}
|
||||
|
||||
function endsWith(haystack, needle) {
|
||||
return haystack.slice(-needle.length) == needle;
|
||||
}
|
||||
|
||||
function toggle(id) {
|
||||
var el = document.getElementById(id);
|
||||
if (el.getAttribute("collapsed"))
|
||||
el.setAttribute("collapsed", false);
|
||||
else
|
||||
el.setAttribute("collapsed", true);
|
||||
}
|
||||
]]></script>
|
||||
</head>
|
||||
|
||||
<body id="errorPage" class="certerror" dir="&locale.dir;">
|
||||
|
||||
<!-- Error Title -->
|
||||
<div id="errorTitle">
|
||||
<h1 class="errorTitleText">&certerror.longpagetitle;</h1>
|
||||
</div>
|
||||
|
||||
<!-- PAGE CONTAINER (for styling purposes only) -->
|
||||
<div id="errorPageContainer">
|
||||
|
||||
<!-- LONG CONTENT (the section most likely to require scrolling) -->
|
||||
<div id="errorLongContent">
|
||||
<div id="introContent">
|
||||
<p id="introContentP1">&certerror.introPara1;</p>
|
||||
</div>
|
||||
|
||||
<!-- The following sections can be unhidden by default by setting the
|
||||
"browser.xul.error_pages.expert_bad_cert" pref to true -->
|
||||
<div id="technicalContent" collapsed="true">
|
||||
<h2 onclick="toggle('technicalContent');" id="technicalContentHeading">&certerror.technical.heading;</h2>
|
||||
<p id="technicalContentText"/>
|
||||
</div>
|
||||
|
||||
<div id="expertContent" collapsed="true">
|
||||
<h2 onclick="toggle('expertContent');" id="expertContentHeading">&certerror.expert.heading;</h2>
|
||||
<div>
|
||||
<p>&certerror.expert.content;</p>
|
||||
<p>&certerror.expert.contentPara2;</p>
|
||||
<button id="temporaryExceptionButton">&certerror.addTemporaryException.label;</button>
|
||||
<button id="permanentExceptionButton">&certerror.addPermanentException.label;</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!--
|
||||
- Note: It is important to run the script this way, instead of using
|
||||
- an onload handler. This is because error pages are loaded as
|
||||
- LOAD_BACKGROUND, which means that onload handlers will not be executed.
|
||||
-->
|
||||
<script type="application/javascript">initPage();</script>
|
||||
|
||||
</body>
|
||||
</html>
|
@ -28,9 +28,11 @@ chrome.jar:
|
||||
% override chrome://global/content/netError.xhtml chrome://browser/content/netError.xhtml
|
||||
% override chrome://global/skin/netError.css chrome://browser/content/netError.css
|
||||
% override chrome://global/skin/media/videocontrols.css chrome://browser/content/touchcontrols.css
|
||||
% override chrome://global/content/aboutCertError.xhtml chrome://browser/content/aboutCertError.xhtml
|
||||
|
||||
content/netError.xhtml (content/netError.xhtml)
|
||||
content/netError.css (content/netError.css)
|
||||
content/aboutCertError.xhtml (content/aboutCertError.xhtml)
|
||||
content/images/errorpage-larry-black.png (content/images/errorpage-larry-black.png)
|
||||
content/images/errorpage-larry-white.png (content/images/errorpage-larry-white.png)
|
||||
content/images/errorpage-warning.png (content/images/errorpage-warning.png)
|
||||
|
62
b2g/components/B2GAboutRedirector.js
Normal file
62
b2g/components/B2GAboutRedirector.js
Normal file
@ -0,0 +1,62 @@
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
const Cc = Components.classes;
|
||||
const Ci = Components.interfaces;
|
||||
|
||||
Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
|
||||
|
||||
function debug(msg) {
|
||||
//dump("B2GAboutRedirector: " + msg + "\n");
|
||||
}
|
||||
|
||||
let modules = {
|
||||
certerror: {
|
||||
uri: "chrome://browser/content/aboutCertError.xhtml",
|
||||
privileged: false,
|
||||
hide: true
|
||||
}
|
||||
};
|
||||
|
||||
function B2GAboutRedirector() {}
|
||||
B2GAboutRedirector.prototype = {
|
||||
QueryInterface: XPCOMUtils.generateQI([Ci.nsIAboutModule]),
|
||||
classID: Components.ID("{920400b1-cf8f-4760-a9c4-441417b15134}"),
|
||||
|
||||
_getModuleInfo: function (aURI) {
|
||||
let moduleName = aURI.path.replace(/[?#].*/, "").toLowerCase();
|
||||
return modules[moduleName];
|
||||
},
|
||||
|
||||
// nsIAboutModule
|
||||
getURIFlags: function(aURI) {
|
||||
let flags;
|
||||
let moduleInfo = this._getModuleInfo(aURI);
|
||||
if (moduleInfo.hide)
|
||||
flags = Ci.nsIAboutModule.HIDE_FROM_ABOUTABOUT;
|
||||
|
||||
return flags | Ci.nsIAboutModule.ALLOW_SCRIPT;
|
||||
},
|
||||
|
||||
newChannel: function(aURI) {
|
||||
let moduleInfo = this._getModuleInfo(aURI);
|
||||
|
||||
var ios = Cc["@mozilla.org/network/io-service;1"].
|
||||
getService(Ci.nsIIOService);
|
||||
|
||||
var channel = ios.newChannel(moduleInfo.uri, null, null);
|
||||
|
||||
if (!moduleInfo.privileged) {
|
||||
// Setting the owner to null means that we'll go through the normal
|
||||
// path in GetChannelPrincipal and create a codebase principal based
|
||||
// on the channel's originalURI
|
||||
channel.owner = null;
|
||||
}
|
||||
|
||||
channel.originalURI = aURI;
|
||||
|
||||
return channel;
|
||||
}
|
||||
};
|
||||
|
||||
this.NSGetFactory = XPCOMUtils.generateNSGetFactory([B2GAboutRedirector]);
|
@ -61,3 +61,7 @@ contract @mozilla.org/network/protocol;1?name=vnd.youtube {c3f1b945-7e71-49c8-95
|
||||
# RecoveryService.js
|
||||
component {b3caca5d-0bb0-48c6-912b-6be6cbf08832} RecoveryService.js
|
||||
contract @mozilla.org/recovery-service;1 {b3caca5d-0bb0-48c6-912b-6be6cbf08832}
|
||||
|
||||
# B2GAboutRedirector
|
||||
component {920400b1-cf8f-4760-a9c4-441417b15134} B2GAboutRedirector.js
|
||||
contract @mozilla.org/network/protocol/about;1?what=certerror {920400b1-cf8f-4760-a9c4-441417b15134}
|
||||
|
@ -19,6 +19,7 @@ XPIDLSRCS = \
|
||||
EXTRA_PP_COMPONENTS = \
|
||||
ActivitiesGlue.js \
|
||||
AlertsService.js \
|
||||
B2GAboutRedirector.js \
|
||||
B2GComponents.manifest \
|
||||
ContentHandler.js \
|
||||
ContentPermissionPrompt.js \
|
||||
|
@ -745,6 +745,7 @@ bin/components/@DLL_PREFIX@nkgnomevfs@DLL_SUFFIX@
|
||||
@BINPATH@/components/MailtoProtocolHandler.js
|
||||
@BINPATH@/components/SmsProtocolHandler.js
|
||||
@BINPATH@/components/TelProtocolHandler.js
|
||||
@BINPATH@/components/B2GAboutRedirector.js
|
||||
|
||||
#ifdef XP_MACOSX
|
||||
@BINPATH@/@DLL_PREFIX@plugin_child_interpose@DLL_SUFFIX@
|
||||
|
38
b2g/locales/en-US/chrome/overrides/aboutCertError.dtd
Normal file
38
b2g/locales/en-US/chrome/overrides/aboutCertError.dtd
Normal file
@ -0,0 +1,38 @@
|
||||
<!-- This Source Code Form is subject to the terms of the Mozilla Public
|
||||
- License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
- file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
|
||||
|
||||
<!ENTITY % brandDTD
|
||||
SYSTEM "chrome://branding/locale/brand.dtd">
|
||||
%brandDTD;
|
||||
|
||||
<!-- These strings are used by Firefox's custom about:certerror page,
|
||||
a replacement for the standard security certificate errors produced
|
||||
by NSS/PSM via netError.xhtml. -->
|
||||
|
||||
<!ENTITY certerror.pagetitle "Untrusted Connection">
|
||||
<!ENTITY certerror.longpagetitle "This Connection is Untrusted">
|
||||
|
||||
<!-- Localization note (certerror.introPara1) - The string "#1" will
|
||||
be replaced at runtime with the name of the server to which the user
|
||||
was trying to connect. -->
|
||||
<!ENTITY certerror.introPara1 "You have asked &brandShortName; to connect
|
||||
securely to <b>#1</b>, but we can't confirm that your connection is secure.">
|
||||
|
||||
<!ENTITY certerror.whatShouldIDo.heading "What Should I Do?">
|
||||
<!ENTITY certerror.whatShouldIDo.content "If you usually connect to
|
||||
this site without problems, this error could mean that someone is
|
||||
trying to impersonate the site, and you shouldn't continue.">
|
||||
<!ENTITY certerror.getMeOutOfHere.label "Get me out of here!">
|
||||
|
||||
<!ENTITY certerror.expert.heading "I Understand the Risks">
|
||||
<!ENTITY certerror.expert.content "If you understand what's going on, you
|
||||
can tell &brandShortName; to start trusting this site's identification.
|
||||
<b>Even if you trust the site, this error could mean that someone is
|
||||
tampering with your connection.</b>">
|
||||
<!ENTITY certerror.expert.contentPara2 "Don't add an exception unless
|
||||
you know there's a good reason why this site doesn't use trusted identification.">
|
||||
<!ENTITY certerror.addTemporaryException.label "Visit site">
|
||||
<!ENTITY certerror.addPermanentException.label "Add permanent exception">
|
||||
|
||||
<!ENTITY certerror.technical.heading "Technical Details">
|
@ -8,6 +8,8 @@
|
||||
% locale b2g-l10n @AB_CD@ %locale/@AB_CD@/b2g-l10n/
|
||||
|
||||
% override chrome://global/locale/netError.dtd chrome://b2g-l10n/locale/netError.dtd
|
||||
% override chrome://global/locale/aboutCertError.dtd chrome://b2g-l10n/locale/aboutCertError.dtd
|
||||
% override chrome://global/locale/appstrings.properties chrome://b2g-l10n/locale/appstrings.properties
|
||||
* locale/@AB_CD@/b2g-l10n/netError.dtd (%chrome/overrides/netError.dtd)
|
||||
* locale/@AB_CD@/b2g-l10n/aboutCertError.dtd (%chrome/overrides/aboutCertError.dtd)
|
||||
* locale/@AB_CD@/b2g-l10n/appstrings.properties (%chrome/overrides/appstrings.properties)
|
||||
|
Loading…
Reference in New Issue
Block a user