Bug 875456 - DEVTOOLS patch. Adds logic for logging Mixed Content messages to the security console. r=msucan

browser/devtools/webconsole/test/Makefile.in

@@ -147,6 +147,8 @@ MOCHITEST_BROWSER_FILES = \
 	browser_console_navigation_marker.js \
 	browser_webconsole_bug_762593_insecure_passwords_web_console_warning.js \
 	browser_webconsole_bug_762593_insecure_passwords_about_blank_web_console_warning.js \
+	browser_webconsole_allow_mixedcontent_securityerrors.js \
+	browser_webconsole_block_mixedcontent_securityerrors.js \
 	head.js \
 	$(NULL)
 
@@ -254,6 +256,7 @@ MOCHITEST_BROWSER_FILES += \
 	test-iframe1.html \
 	test-iframe2.html \
 	test-iframe3.html \
+	test-mixedcontent-securityerrors.html \
 	$(NULL)
 
 include $(topsrcdir)/config/rules.mk

browser/devtools/webconsole/test/browser_webconsole_allow_mixedcontent_securityerrors.js

@@ -0,0 +1,69 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// The test loads a web page with mixed active and display content
+// on it while the "block mixed content" settings are _off_.
+// It then checks that the loading mixed content warning messages
+// are logged to the console and have the correct "Learn More"
+// url appended to them.
+// Bug 875456 - Log mixed content messages from the Mixed Content
+// Blocker to the Security Pane in the Web Console
+
+const TEST_URI = "https://example.com/browser/browser/devtools/webconsole/test/test-mixedcontent-securityerrors.html";
+const LEARN_MORE_URI = "https://developer.mozilla.org/en/Security/MixedContent";
+
+function test()
+{
+  SpecialPowers.pushPrefEnv({"set":
+      [["security.mixed_content.block_active_content", false],
+       ["security.mixed_content.block_display_content", false]
+  ]}, loadingMixedContentTest);
+}
+
+function loadingMixedContentTest()
+{
+  addTab(TEST_URI);
+  browser.addEventListener("load", function onLoad(aEvent) {
+    browser.removeEventListener(aEvent.type, onLoad, true);
+    openConsole(null, function testSecurityErrorLogged (hud) {
+      waitForMessages({
+        webconsole: hud,
+        messages: [
+          {
+          name: "Logged mixed active content",
+          text: "Loading mixed (insecure) active content on a secure page \"http://example.com/\"",
+          category: CATEGORY_SECURITY,
+          severity: SEVERITY_WARNING
+        },
+        {
+          name: "Logged mixed passive content - image",
+          text: "Loading mixed (insecure) display content on a secure page \"http://example.com/tests/image/test/mochitest/blue.png\"",
+          category: CATEGORY_SECURITY,
+          severity: SEVERITY_WARNING
+        },
+        ],
+      }).then(() => testClickOpenNewTab(hud));
+    });
+  }, true);
+}
+
+function testClickOpenNewTab(hud) {
+  let warningNode = hud.outputNode.querySelector(".webconsole-learn-more-link");
+
+    // Invoke the click event and check if a new tab would
+    // open to the correct page.
+    let linkOpened = false;
+    let oldOpenUILinkIn = window.openUILinkIn;
+    window.openUILinkIn = function(aLink) {
+      if (aLink == LEARN_MORE_URI) {
+        linkOpened = true;
+      }
+    }
+
+    EventUtils.synthesizeMouse(warningNode, 2, 2, {},
+                               warningNode.ownerDocument.defaultView);
+    ok(linkOpened, "Clicking the Learn More Warning node opens the desired page");
+    window.openUILinkIn = oldOpenUILinkIn;
+
+    finishTest();
+}

browser/devtools/webconsole/test/browser_webconsole_block_mixedcontent_securityerrors.js

@@ -0,0 +1,104 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// The test loads a web page with mixed active and display content
+// on it while the "block mixed content" settings are _on_.
+// It then checks that the blocked mixed content warning messages
+// are logged to the console and have the correct "Learn More"
+// url appended to them. After the first test finishes, it invokes
+// a second test that overrides the mixed content blocker settings
+// by clicking on the doorhanger shield and validates that the
+// appropriate messages are logged to console.
+// Bug 875456 - Log mixed content messages from the Mixed Content
+// Blocker to the Security Pane in the Web Console
+
+const TEST_URI = "https://example.com/browser/browser/devtools/webconsole/test/test-mixedcontent-securityerrors.html";
+const LEARN_MORE_URI = "https://developer.mozilla.org/en/Security/MixedContent";
+
+function test()
+{
+  SpecialPowers.pushPrefEnv({"set": [["security.mixed_content.block_active_content", true],
+                            ["security.mixed_content.block_display_content", true]]}, blockMixedContentTest1);
+}
+
+function blockMixedContentTest1()
+{
+  addTab(TEST_URI);
+  browser.addEventListener("load", function onLoad(aEvent) {
+    browser.removeEventListener(aEvent.type, onLoad, true);
+    openConsole(null, function testSecurityErrorLogged (hud) {
+      waitForMessages({
+        webconsole: hud,
+        messages: [
+          {
+            name: "Logged blocking mixed active content",
+            text: "Blocked loading mixed active content \"http://example.com/\"",
+            category: CATEGORY_SECURITY,
+            severity: SEVERITY_ERROR
+          },
+          {
+            name: "Logged blocking mixed passive content - image",
+            text: "Blocked loading mixed active content \"http://example.com/\"",
+            category: CATEGORY_SECURITY,
+            severity: SEVERITY_ERROR
+          },
+        ],
+      }).then(() => {
+        testClickOpenNewTab(hud);
+        // Call the second (MCB override) test.
+        mixedContentOverrideTest2(hud);
+      });
+    });
+  }, true);
+}
+
+function mixedContentOverrideTest2(hud)
+{
+  var notification = PopupNotifications.getNotification("mixed-content-blocked", browser);
+  ok(notification, "Mixed Content Doorhanger didn't appear");
+  // Click on the doorhanger.
+  notification.secondaryActions[0].callback();
+
+  waitForMessages({
+    webconsole: hud,
+    messages: [
+      {
+      name: "Logged blocking mixed active content",
+      text: "Loading mixed (insecure) active content on a secure"+
+        " page \"http://example.com/\"",
+      category: CATEGORY_SECURITY,
+      severity: SEVERITY_WARNING
+    },
+    {
+      name: "Logged blocking mixed passive content - image",
+      text: "Loading mixed (insecure) display content on a secure page"+
+        " \"http://example.com/tests/image/test/mochitest/blue.png\"",
+      category: CATEGORY_SECURITY,
+      severity: SEVERITY_WARNING
+    },
+    ],
+  }).then(() => {
+    testClickOpenNewTab(hud);
+    finishTest();
+  });
+}
+
+function testClickOpenNewTab(hud) {
+  let warningNode = hud.outputNode.querySelector(".webconsole-learn-more-link");
+
+    // Invoke the click event and check if a new tab would
+    // open to the correct page.
+    let linkOpened = false;
+    let oldOpenUILinkIn = window.openUILinkIn;
+    window.openUILinkIn = function(aLink) {
+      if (aLink == LEARN_MORE_URI) {
+        linkOpened = true;
+      }
+    }
+
+    EventUtils.synthesizeMouse(warningNode, 2, 2, {},
+                               warningNode.ownerDocument.defaultView);
+    ok(linkOpened, "Clicking the Learn More Warning node opens the desired page");
+    window.openUILinkIn = oldOpenUILinkIn;
+
+}

browser/devtools/webconsole/test/head.js

@@ -1087,7 +1087,7 @@ function waitForMessages(aOptions)
     let partialMatch = !!(aRule.consoleTrace || aRule.consoleTime ||
                           aRule.consoleTimeEnd || aRule.type);
 
-    if (aRule.category && aElement.category != aRule.category) {
+    if ("category" in aRule && aElement.category != aRule.category) {
       if (partialMatch) {
         is(aElement.category, aRule.category,
            "message category for rule: " + displayRule(aRule));

browser/devtools/webconsole/test/test-mixedcontent-securityerrors.html

@@ -0,0 +1,21 @@
+<!--
+  Bug 875456 - Log mixed content messages from the Mixed Content Blocker to the
+  Security Pane in the Web Console
+-->
+
+<!DOCTYPE HTML>
+<html dir="ltr" xml:lang="en-US" lang="en-US">
+  <head>
+    <meta charset="utf8">
+    <title>Mixed Content test - http on https</title>
+    <script src="testscript.js"></script>
+    <!--
+      Any copyright is dedicated to the Public Domain.
+      http://creativecommons.org/publicdomain/zero/1.0/
+    -->
+  </head>
+  <body>
+    <iframe src="http://example.com"></iframe>
+    <img src="http://example.com/tests/image/test/mochitest/blue.png"></img>
+  </body>
+</html>

browser/devtools/webconsole/webconsole.js

@@ -1446,21 +1446,36 @@ WebConsoleFrame.prototype = {
    */
   addMoreInfoLink: function WCF_addMoreInfoLink(aNode, aScriptError)
   {
-    // We have a single category for now, but more are to be
+    let url;
-    // expected soon
     if (aScriptError.category == "Insecure Password Field") {
-      this.addInsecurePasswordsWarningNode(aNode);
+      url = INSECURE_PASSWORDS_LEARN_MORE;
     }
+    else if (aScriptError.category == "Mixed Content Message" ||
+               aScriptError.category == "Mixed Content Blocker") {
+      url = MIXED_CONTENT_LEARN_MORE;
+    }
+    else {
+      // Unknown category. Return without adding more info node.
+      return;
+    }
+
+    this.addLearnMoreWarningNode(aNode, url);
   },
 
   /*
-   * Appends a clickable insecure passwords warning node to the node passed
+   * Appends a clickable warning node to the node passed
    * as a parameter to the function. When a user clicks on the appended
-   * warning node, the browser navigates to a page where the user can learn
+   * warning node, the browser navigates to the provided url.
-   * more about security issues associated with insecure passwords.
+   *
+   * @param aNode
+   *        The node to which we will be adding a clickable warning node.
+   * @param aURL
+   *        The url which points to the page where the user can learn more
+   *        about security issues associated with the specific message that's
+   *        being logged.
    */
-  addInsecurePasswordsWarningNode:
+  addLearnMoreWarningNode:
-  function WCF_addInsecurePasswordsWarningNode(aNode)
+  function WCF_addLearnMoreWarningNode(aNode, aURL)
   {
     let moreInfoLabel =
       "[" + l10n.getStr("webConsoleMoreInfoLabel") + "]";
@@ -1472,7 +1487,7 @@ WebConsoleFrame.prototype = {
     linkNode.classList.add("webconsole-msg-link");
     aNode.appendChild(linkNode);
 
-    // Create the actual insecure passwords warning node and make it clickable
+    // Create the actual warning node and make it clickable
     let warningNode = this.document.createElement("label");
     warningNode.setAttribute("value", moreInfoLabel);
     warningNode.setAttribute("title", moreInfoLabel);
@@ -1480,7 +1495,7 @@ WebConsoleFrame.prototype = {
     warningNode.classList.add("webconsole-learn-more-link");
 
     warningNode.addEventListener("click", function(aEvent) {
-      this.owner.openLink(INSECURE_PASSWORDS_LEARN_MORE);
+      this.owner.openLink(aURL);
       aEvent.preventDefault();
       aEvent.stopPropagation();
     }.bind(this));
@@ -4547,6 +4562,7 @@ var Utils = {
         return CATEGORY_CSS;
 
       case "Mixed Content Blocker":
+      case "Mixed Content Message":
       case "CSP":
       case "Invalid HSTS Headers":
       case "Insecure Password Field":