diff options
author | Matt A. Tobin <email@mattatobin.com> | 2019-12-16 13:57:01 -0500 |
---|---|---|
committer | Matt A. Tobin <email@mattatobin.com> | 2019-12-16 13:57:01 -0500 |
commit | 06494f307850c576868831bd28a61464eab1f359 (patch) | |
tree | f281f5c46c3e0b73c7eabe22f02622dc013b0c35 /application/basilisk/base/content/aboutNetError.xhtml | |
parent | e7d4713e0765c79feddf2384d343d10595fa5cb3 (diff) | |
download | UXP-06494f307850c576868831bd28a61464eab1f359.tar UXP-06494f307850c576868831bd28a61464eab1f359.tar.gz UXP-06494f307850c576868831bd28a61464eab1f359.tar.lz UXP-06494f307850c576868831bd28a61464eab1f359.tar.xz UXP-06494f307850c576868831bd28a61464eab1f359.zip |
Remove Basilisk from the Unified XUL Platform repository
Development will proceed at https://github.com/MoonchildProductions/Basilisk
Diffstat (limited to 'application/basilisk/base/content/aboutNetError.xhtml')
-rw-r--r-- | application/basilisk/base/content/aboutNetError.xhtml | 573 |
1 files changed, 0 insertions, 573 deletions
diff --git a/application/basilisk/base/content/aboutNetError.xhtml b/application/basilisk/base/content/aboutNetError.xhtml deleted file mode 100644 index 5ff79ea12..000000000 --- a/application/basilisk/base/content/aboutNetError.xhtml +++ /dev/null @@ -1,573 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<!DOCTYPE html [ - <!ENTITY % htmlDTD - PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" - "DTD/xhtml1-strict.dtd"> - %htmlDTD; - <!ENTITY % netErrorDTD - SYSTEM "chrome://global/locale/netError.dtd"> - %netErrorDTD; - <!ENTITY % globalDTD - SYSTEM "chrome://global/locale/global.dtd"> - %globalDTD; -]> - -<!-- This Source Code Form is subject to the terms of the Mozilla Public - - License, v. 2.0. If a copy of the MPL was not distributed with this - - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <title>&loadError.label;</title> - <link rel="stylesheet" href="chrome://browser/skin/aboutNetError.css" type="text/css" media="all" /> - <!-- If the location of the favicon is changed here, the FAVICON_ERRORPAGE_URL symbol in - toolkit/components/places/src/nsFaviconService.h should be updated. --> - <link rel="icon" type="image/png" id="favicon" href="chrome://global/skin/icons/warning-16.png"/> - - <script type="application/javascript"><![CDATA[ - // The following parameters are parsed from the error URL: - // e - the error code - // s - custom CSS class to allow alternate styling/favicons - // d - error description - // captive - "true" to indicate we're behind a captive portal. - // Any other value is ignored. - - // Note that this file uses document.documentURI to get - // the URL (with the format from above). This is because - // document.location.href gets the current URI off the docshell, - // which is the URL displayed in the location bar, i.e. - // the URI that the user attempted to load. - - let searchParams = new URLSearchParams(document.documentURI.split("?")[1]); - - // Set to true on init if the error code is nssBadCert. - let gIsCertError; - - function getErrorCode() - { - return searchParams.get("e"); - } - - function getCSSClass() - { - return searchParams.get("s"); - } - - function getDescription() - { - return searchParams.get("d"); - } - - function isCaptive() { - return searchParams.get("captive") == "true"; - } - - function retryThis(buttonEl) - { - // Note: The application may wish to handle switching off "offline mode" - // before this event handler runs, but using a capturing event handler. - - // Session history has the URL of the page that failed - // to load, not the one of the error page. So, just call - // reload(), which will also repost POST data correctly. - try { - location.reload(); - } catch (e) { - // We probably tried to reload a URI that caused an exception to - // occur; e.g. a nonexistent file. - } - - buttonEl.disabled = true; - } - - function doOverride(buttonEl) { - var event = new CustomEvent("AboutNetErrorOverride", {bubbles:true}); - document.dispatchEvent(event); - retryThis(buttonEl); - } - - function toggleDisplay(node) { - const toggle = { - "": "block", - "none": "block", - "block": "none" - }; - return (node.style.display = toggle[node.style.display]); - } - - function showPrefChangeContainer() { - const panel = document.getElementById("prefChangeContainer"); - panel.style.display = "block"; - document.getElementById("netErrorButtonContainer").style.display = "none"; - document.getElementById("prefResetButton").addEventListener("click", function resetPreferences(e) { - const event = new CustomEvent("AboutNetErrorResetPreferences", {bubbles:true}); - document.dispatchEvent(event); - }); - addAutofocus("prefResetButton", "beforeend"); - } - - function setupAdvancedButton(allowOverride) { - // Get the hostname and add it to the panel - var panelId = gIsCertError ? "badCertAdvancedPanel" : "weakCryptoAdvancedPanel"; - var panel = document.getElementById(panelId); - for (var span of panel.querySelectorAll("span.hostname")) { - span.textContent = document.location.hostname; - } - if (!gIsCertError) { - panel.replaceChild(document.getElementById("errorLongDesc"), - document.getElementById("advancedLongDesc")); - } - - // Register click handler for the weakCryptoAdvancedPanel - document.getElementById("advancedButton") - .addEventListener("click", function togglePanelVisibility() { - toggleDisplay(panel); - - if (panel.style.display == "block") { - // send event to trigger telemetry ping - var event = new CustomEvent("AboutNetErrorUIExpanded", {bubbles:true}); - document.dispatchEvent(event); - } - }); - - if (allowOverride) { - document.getElementById("overrideWeakCryptoPanel").style.display = "flex"; - var overrideLink = document.getElementById("overrideWeakCrypto"); - overrideLink.addEventListener("click", () => doOverride(overrideLink), false); - } - if (!gIsCertError) { - return; - } - - if (getCSSClass() == "expertBadCert") { - toggleDisplay(document.getElementById("badCertAdvancedPanel")); - } - - disallowCertOverridesIfNeeded(); - - document.getElementById("badCertTechnicalInfo").textContent = getDescription(); - } - - function disallowCertOverridesIfNeeded() { - var cssClass = getCSSClass(); - // Disallow overrides if this is a Strict-Transport-Security - // host and the cert is bad (STS Spec section 7.3) or if the - // certerror is in a frame (bug 633691). - if (cssClass == "badStsCert" || window != top) { - document.getElementById("exceptionDialogButton").setAttribute("hidden", "true"); - } - if (cssClass == "badStsCert") { - document.getElementById("badStsCertExplanation").removeAttribute("hidden"); - } - } - - function initPage() - { - var err = getErrorCode(); - gIsCertError = (err == "nssBadCert"); - // Only worry about captive portals if this is a cert error. - let showCaptivePortalUI = isCaptive() && gIsCertError; - if (showCaptivePortalUI) { - err = "captivePortal"; - } - - // if it's an unknown error or there's no title or description - // defined, get the generic message - var errTitle = document.getElementById("et_" + err); - var errDesc = document.getElementById("ed_" + err); - if (!errTitle || !errDesc) - { - errTitle = document.getElementById("et_generic"); - errDesc = document.getElementById("ed_generic"); - } - - document.querySelector(".title-text").innerHTML = errTitle.innerHTML; - - var sd = document.getElementById("errorShortDescText"); - if (sd) { - if (gIsCertError) { - sd.innerHTML = errDesc.innerHTML; - } - else { - sd.textContent = getDescription(); - } - } - if (showCaptivePortalUI) { - initPageCaptivePortal(); - return; - } - if (gIsCertError) { - initPageCertError(); - return; - } - addAutofocus("errorTryAgain"); - - document.body.className = "neterror"; - - var ld = document.getElementById("errorLongDesc"); - if (ld) - { - ld.innerHTML = errDesc.innerHTML; - } - - if (err == "sslv3Used") { - document.body.className = "certerror"; - } - - if (err == "weakCryptoUsed") { - document.body.className = "certerror"; - } - - // remove undisplayed errors to avoid bug 39098 - var errContainer = document.getElementById("errorContainer"); - errContainer.parentNode.removeChild(errContainer); - - var className = getCSSClass(); - if (className && className != "expertBadCert") { - // Associate a CSS class with the root of the page, if one was passed in, - // to allow custom styling. - // Not "expertBadCert" though, don't want to deal with the favicon - document.documentElement.className = className; - - // Also, if they specified a CSS class, they must supply their own - // favicon. In order to trigger the browser to repaint though, we - // need to remove/add the link element. - var favicon = document.getElementById("favicon"); - var faviconParent = favicon.parentNode; - faviconParent.removeChild(favicon); - favicon.setAttribute("href", "chrome://global/skin/icons/" + className + "_favicon.png"); - faviconParent.appendChild(favicon); - } - - if (err == "remoteXUL") { - // Remove the "Try again" button for remote XUL errors given that - // it is useless. - document.getElementById("netErrorButtonContainer").style.display = "none"; - } - - if (err == "cspBlocked") { - // Remove the "Try again" button for CSP violations, since it's - // almost certainly useless. (Bug 553180) - document.getElementById("netErrorButtonContainer").style.display = "none"; - } - - window.addEventListener("AboutNetErrorOptions", function(evt) { - // Pinning errors are of type nssFailure2 - if (getErrorCode() == "nssFailure2" || getErrorCode() == "weakCryptoUsed") { - const hasPrefStyleError = [ - "interrupted", // This happens with subresources that are above the max tls - "SSL_ERROR_PROTOCOL_VERSION_ALERT", - "SSL_ERROR_UNSUPPORTED_VERSION", - "SSL_ERROR_NO_CYPHER_OVERLAP", - "SSL_ERROR_NO_CIPHERS_SUPPORTED" - ].some((substring) => getDescription().includes(substring)); - // If it looks like an error that is user config based - if (getErrorCode() == "nssFailure2" && hasPrefStyleError && options && options.changedCertPrefs) { - showPrefChangeContainer(); - } - } - if (getErrorCode() == "weakCryptoUsed" || getErrorCode() == "sslv3Used") { - setupAdvancedButton(getErrorCode() == "weakCryptoUsed"); - } - }.bind(this), true, true); - - var event = new CustomEvent("AboutNetErrorLoad", {bubbles:true}); - document.dispatchEvent(event); - - if (err == "inadequateSecurityError") { - // Remove the "Try again" button for HTTP/2 inadequate security as it - // is useless. - document.getElementById("errorTryAgain").style.display = "none"; - - var container = document.getElementById("errorLongDesc"); - for (var span of container.querySelectorAll("span.hostname")) { - span.textContent = document.location.hostname; - } - } - - addDomainErrorLink(); - } - - function initPageCaptivePortal() - { - document.body.className = "captiveportal"; - document.title = document.getElementById("captivePortalPageTitle").textContent; - - document.getElementById("openPortalLoginPageButton") - .addEventListener("click", () => { - let event = new CustomEvent("AboutNetErrorOpenCaptivePortal", {bubbles:true}); - document.dispatchEvent(event); - }); - - addAutofocus("openPortalLoginPageButton"); - setupAdvancedButton(true); - - addDomainErrorLink(); - - // When the portal is freed, an event is generated by the frame script - // that we can pick up and attempt to reload the original page. - window.addEventListener("AboutNetErrorCaptivePortalFreed", () => { - document.location.reload(); - }); - } - - function initPageCertError() { - document.body.className = "certerror"; - document.title = document.getElementById("certErrorPageTitle").textContent; - for (let host of document.querySelectorAll(".hostname")) { - host.textContent = document.location.hostname; - } - - addAutofocus("returnButton"); - setupAdvancedButton(true); - - let event = new CustomEvent("AboutNetErrorLoad", {bubbles:true}); - document.getElementById("advancedButton").dispatchEvent(event); - - addDomainErrorLink(); - } - - /* Only do autofocus if we're the toplevel frame; otherwise we - don't want to call attention to ourselves! The key part is - that autofocus happens on insertion into the tree, so we - can remove the button, add @autofocus, and reinsert the - button. - */ - function addAutofocus(buttonId, position = "afterbegin") { - if (window.top == window) { - var button = document.getElementById(buttonId); - var parent = button.parentNode; - button.remove(); - button.setAttribute("autofocus", "true"); - parent.insertAdjacentElement(position, button); - } - } - - /* In the case of SSL error pages about domain mismatch, see if - we can hyperlink the user to the correct site. We don't want - to do this generically since it allows MitM attacks to redirect - users to a site under attacker control, but in certain cases - it is safe (and helpful!) to do so. Bug 402210 - */ - function addDomainErrorLink() { - // Rather than textContent, we need to treat description as HTML - var sdid = gIsCertError ? "badCertTechnicalInfo" : "errorShortDescText"; - var sd = document.getElementById(sdid); - if (sd) { - var desc = getDescription(); - - // sanitize description text - see bug 441169 - - // First, find the index of the <a> tag we care about, being - // careful not to use an over-greedy regex. - var re = /<a id="cert_domain_link" title="([^"]+)">/; - var result = re.exec(desc); - - if (!result) - return; - // Remove sd's existing children - sd.textContent = ""; - - // Everything up to the link should be text content. - sd.appendChild(document.createTextNode(desc.slice(0, result.index))); - - // Now create the link itself. - var anchorEl = document.createElement("a"); - anchorEl.setAttribute("id", "cert_domain_link"); - anchorEl.setAttribute("title", result[1]); - anchorEl.appendChild(document.createTextNode(result[1])); - sd.appendChild(anchorEl); - - // Finally, append text for anything after the closing </a>. - sd.appendChild(document.createTextNode(desc.slice(desc.indexOf("</a>") + "</a>".length))); - } - - // Initialize the cert domain link. - var link = document.getElementById("cert_domain_link"); - if (!link) - return; - - var okHost = link.getAttribute("title"); - var thisHost = document.location.hostname; - var proto = document.location.protocol; - - // If okHost is a wildcard domain ("*.example.com") let's - // use "www" instead. "*.example.com" isn't going to - // get anyone anywhere useful. bug 432491 - okHost = okHost.replace(/^\*\./, "www."); - - /* case #1: - * example.com uses an invalid security certificate. - * - * The certificate is only valid for www.example.com - * - * Make sure to include the "." ahead of thisHost so that - * a MitM attack on paypal.com doesn't hyperlink to "notpaypal.com" - * - * We'd normally just use a RegExp here except that we lack a - * library function to escape them properly (bug 248062), and - * domain names are famous for having '.' characters in them, - * which would allow spurious and possibly hostile matches. - */ - if (okHost.endsWith("." + thisHost)) - link.href = proto + okHost; - - /* case #2: - * browser.garage.maemo.org uses an invalid security certificate. - * - * The certificate is only valid for garage.maemo.org - */ - if (thisHost.endsWith("." + okHost)) - link.href = proto + okHost; - - // If we set a link, meaning there's something helpful for - // the user here, expand the section by default - if (link.href && getCSSClass() != "expertBadCert") { - var panelId = gIsCertError ? "badCertAdvancedPanel" : "weakCryptoAdvancedPanel" - toggleDisplay(document.getElementById(panelId)); - } - } - ]]></script> - </head> - - <body dir="&locale.dir;"> - <!-- Contains an alternate page title set on page init for cert errors. --> - <div id="certErrorPageTitle" style="display: none;">&certerror.pagetitle1;</div> - <div id="captivePortalPageTitle" style="display: none;">&captivePortal.title;</div> - - <!-- ERROR ITEM CONTAINER (removed during loading to avoid bug 39098) --> - <div id="errorContainer"> - <div id="errorTitlesContainer"> - <h1 id="et_generic">&generic.title;</h1> - <h1 id="et_captivePortal">&captivePortal.title;</h1> - <h1 id="et_dnsNotFound">&dnsNotFound.title;</h1> - <h1 id="et_fileNotFound">&fileNotFound.title;</h1> - <h1 id="et_fileAccessDenied">&fileAccessDenied.title;</h1> - <h1 id="et_malformedURI">&malformedURI.title;</h1> - <h1 id="et_unknownProtocolFound">&unknownProtocolFound.title;</h1> - <h1 id="et_connectionFailure">&connectionFailure.title;</h1> - <h1 id="et_netTimeout">&netTimeout.title;</h1> - <h1 id="et_redirectLoop">&redirectLoop.title;</h1> - <h1 id="et_unknownSocketType">&unknownSocketType.title;</h1> - <h1 id="et_netReset">&netReset.title;</h1> - <h1 id="et_notCached">¬Cached.title;</h1> - <h1 id="et_netOffline">&netOffline.title;</h1> - <h1 id="et_netInterrupt">&netInterrupt.title;</h1> - <h1 id="et_deniedPortAccess">&deniedPortAccess.title;</h1> - <h1 id="et_proxyResolveFailure">&proxyResolveFailure.title;</h1> - <h1 id="et_proxyConnectFailure">&proxyConnectFailure.title;</h1> - <h1 id="et_contentEncodingError">&contentEncodingError.title;</h1> - <h1 id="et_unsafeContentType">&unsafeContentType.title;</h1> - <h1 id="et_nssFailure2">&nssFailure2.title;</h1> - <h1 id="et_nssBadCert">&certerror.longpagetitle1;</h1> - <h1 id="et_cspBlocked">&cspBlocked.title;</h1> - <h1 id="et_remoteXUL">&remoteXUL.title;</h1> - <h1 id="et_corruptedContentErrorv2">&corruptedContentErrorv2.title;</h1> - <h1 id="et_sslv3Used">&sslv3Used.title;</h1> - <h1 id="et_weakCryptoUsed">&weakCryptoUsed.title;</h1> - <h1 id="et_inadequateSecurityError">&inadequateSecurityError.title;</h1> - </div> - <div id="errorDescriptionsContainer"> - <div id="ed_generic">&generic.longDesc;</div> - <div id="ed_captivePortal">&captivePortal.longDesc;</div> - <div id="ed_dnsNotFound">&dnsNotFound.longDesc;</div> - <div id="ed_fileNotFound">&fileNotFound.longDesc;</div> - <div id="ed_fileAccessDenied">&fileAccessDenied.longDesc;</div> - <div id="ed_malformedURI">&malformedURI.longDesc;</div> - <div id="ed_unknownProtocolFound">&unknownProtocolFound.longDesc;</div> - <div id="ed_connectionFailure">&connectionFailure.longDesc;</div> - <div id="ed_netTimeout">&netTimeout.longDesc;</div> - <div id="ed_redirectLoop">&redirectLoop.longDesc;</div> - <div id="ed_unknownSocketType">&unknownSocketType.longDesc;</div> - <div id="ed_netReset">&netReset.longDesc;</div> - <div id="ed_notCached">¬Cached.longDesc;</div> - <div id="ed_netOffline">&netOffline.longDesc2;</div> - <div id="ed_netInterrupt">&netInterrupt.longDesc;</div> - <div id="ed_deniedPortAccess">&deniedPortAccess.longDesc;</div> - <div id="ed_proxyResolveFailure">&proxyResolveFailure.longDesc;</div> - <div id="ed_proxyConnectFailure">&proxyConnectFailure.longDesc;</div> - <div id="ed_contentEncodingError">&contentEncodingError.longDesc;</div> - <div id="ed_unsafeContentType">&unsafeContentType.longDesc;</div> - <div id="ed_nssFailure2">&nssFailure2.longDesc2;</div> - <div id="ed_nssBadCert">&certerror.introPara;</div> - <div id="ed_cspBlocked">&cspBlocked.longDesc;</div> - <div id="ed_remoteXUL">&remoteXUL.longDesc;</div> - <div id="ed_corruptedContentErrorv2">&corruptedContentErrorv2.longDesc;</div> - <div id="ed_sslv3Used">&sslv3Used.longDesc2;</div> - <div id="ed_weakCryptoUsed">&weakCryptoUsed.longDesc2;</div> - <div id="ed_inadequateSecurityError">&inadequateSecurityError.longDesc;</div> - </div> - </div> - - <!-- PAGE CONTAINER (for styling purposes only) --> - <div id="errorPageContainer" class="container"> - - <!-- Error Title --> - <div class="title"> - <h1 class="title-text"/> - </div> - - <!-- LONG CONTENT (the section most likely to require scrolling) --> - <div id="errorLongContent"> - - <!-- Short Description --> - <div id="errorShortDesc"> - <p id="errorShortDescText" /> - </div> - <p id="badStsCertExplanation" hidden="true">&certerror.whatShouldIDo.badStsCertExplanation;</p> - - <div id="wrongSystemTimePanel" style="display: none;"> - &certerror.wrongSystemTime; - </div> - - <!-- Long Description (Note: See netError.dtd for used XHTML tags) --> - <div id="errorLongDesc" /> - - <div id="prefChangeContainer" class="button-container"> - <p>&prefReset.longDesc;</p> - <button id="prefResetButton" class="primary" autocomplete="off">&prefReset.label;</button> - </div> - - <div id="certErrorAndCaptivePortalButtonContainer" class="button-container"> - <button id="returnButton" class="primary" autocomplete="off">&returnToPreviousPage.label;</button> - <button id="openPortalLoginPageButton" class="primary" autocomplete="off">&openPortalLoginPage.label;</button> - <div class="button-spacer"></div> - <button id="advancedButton" autocomplete="off">&advanced.label;</button> - </div> - </div> - - <div id="netErrorButtonContainer" class="button-container"> - <button id="errorTryAgain" class="primary" autocomplete="off" onclick="retryThis(this);">&retry.label;</button> - </div> - - <div id="advancedPanelContainer"> - <div id="weakCryptoAdvancedPanel" class="advanced-panel"> - <div id="weakCryptoAdvancedDescription"> - <p>&weakCryptoAdvanced.longDesc;</p> - </div> - <div id="advancedLongDesc" /> - <div id="overrideWeakCryptoPanel"> - <a id="overrideWeakCrypto" href="#">&weakCryptoAdvanced.override;</a> - </div> - </div> - - <div id="badCertAdvancedPanel" class="advanced-panel"> - <p id="badCertTechnicalInfo"/> - <button id="exceptionDialogButton">&securityOverride.exceptionButtonLabel;</button> - </div> - </div> - - </div> - - <!-- - - Note: It is important to run the script this way, instead of using - - an onload handler. This is because error pages are loaded as - - LOAD_BACKGROUND, which means that onload handlers will not be executed. - --> - <script type="application/javascript"> - initPage(); - </script> - - </body> -</html> |