diff options
Diffstat (limited to 'application/basilisk/base/content/aboutNetError.xhtml')
-rw-r--r-- | application/basilisk/base/content/aboutNetError.xhtml | 647 |
1 files changed, 647 insertions, 0 deletions
diff --git a/application/basilisk/base/content/aboutNetError.xhtml b/application/basilisk/base/content/aboutNetError.xhtml new file mode 100644 index 000000000..609725c9e --- /dev/null +++ b/application/basilisk/base/content/aboutNetError.xhtml @@ -0,0 +1,647 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<!DOCTYPE html [ + <!ENTITY % htmlDTD + PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" + "DTD/xhtml1-strict.dtd"> + %htmlDTD; + <!ENTITY % netErrorDTD + SYSTEM "chrome://global/locale/netError.dtd"> + %netErrorDTD; + <!ENTITY % globalDTD + SYSTEM "chrome://global/locale/global.dtd"> + %globalDTD; +]> + +<!-- This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <title>&loadError.label;</title> + <link rel="stylesheet" href="chrome://browser/skin/aboutNetError.css" type="text/css" media="all" /> + <!-- If the location of the favicon is changed here, the FAVICON_ERRORPAGE_URL symbol in + toolkit/components/places/src/nsFaviconService.h should be updated. --> + <link rel="icon" type="image/png" id="favicon" href="chrome://global/skin/icons/warning-16.png"/> + + <script type="application/javascript"><![CDATA[ + // The following parameters are parsed from the error URL: + // e - the error code + // s - custom CSS class to allow alternate styling/favicons + // d - error description + // captive - "true" to indicate we're behind a captive portal. + // Any other value is ignored. + + // Note that this file uses document.documentURI to get + // the URL (with the format from above). This is because + // document.location.href gets the current URI off the docshell, + // which is the URL displayed in the location bar, i.e. + // the URI that the user attempted to load. + + let searchParams = new URLSearchParams(document.documentURI.split("?")[1]); + + // Set to true on init if the error code is nssBadCert. + let gIsCertError; + + function getErrorCode() + { + return searchParams.get("e"); + } + + function getCSSClass() + { + return searchParams.get("s"); + } + + function getDescription() + { + return searchParams.get("d"); + } + + function isCaptive() { + return searchParams.get("captive") == "true"; + } + + function retryThis(buttonEl) + { + // Note: The application may wish to handle switching off "offline mode" + // before this event handler runs, but using a capturing event handler. + + // Session history has the URL of the page that failed + // to load, not the one of the error page. So, just call + // reload(), which will also repost POST data correctly. + try { + location.reload(); + } catch (e) { + // We probably tried to reload a URI that caused an exception to + // occur; e.g. a nonexistent file. + } + + buttonEl.disabled = true; + } + + function doOverride(buttonEl) { + var event = new CustomEvent("AboutNetErrorOverride", {bubbles:true}); + document.dispatchEvent(event); + retryThis(buttonEl); + } + + function toggleDisplay(node) { + const toggle = { + "": "block", + "none": "block", + "block": "none" + }; + return (node.style.display = toggle[node.style.display]); + } + + function showPrefChangeContainer() { + const panel = document.getElementById("prefChangeContainer"); + panel.style.display = "block"; + document.getElementById("netErrorButtonContainer").style.display = "none"; + document.getElementById("prefResetButton").addEventListener("click", function resetPreferences(e) { + const event = new CustomEvent("AboutNetErrorResetPreferences", {bubbles:true}); + document.dispatchEvent(event); + }); + addAutofocus("prefResetButton", "beforeend"); + } + + function setupAdvancedButton(allowOverride) { + // Get the hostname and add it to the panel + var panelId = gIsCertError ? "badCertAdvancedPanel" : "weakCryptoAdvancedPanel"; + var panel = document.getElementById(panelId); + for (var span of panel.querySelectorAll("span.hostname")) { + span.textContent = document.location.hostname; + } + if (!gIsCertError) { + panel.replaceChild(document.getElementById("errorLongDesc"), + document.getElementById("advancedLongDesc")); + } + + // Register click handler for the weakCryptoAdvancedPanel + document.getElementById("advancedButton") + .addEventListener("click", function togglePanelVisibility() { + toggleDisplay(panel); + if (gIsCertError) { + // Toggling the advanced panel must ensure that the debugging + // information panel is hidden as well, since it's opened by the + // error code link in the advanced panel. + var div = document.getElementById("certificateErrorDebugInformation"); + div.style.display = "none"; + } + + if (panel.style.display == "block") { + // send event to trigger telemetry ping + var event = new CustomEvent("AboutNetErrorUIExpanded", {bubbles:true}); + document.dispatchEvent(event); + } + }); + + if (allowOverride) { + document.getElementById("overrideWeakCryptoPanel").style.display = "flex"; + var overrideLink = document.getElementById("overrideWeakCrypto"); + overrideLink.addEventListener("click", () => doOverride(overrideLink), false); + } + if (!gIsCertError) { + return; + } + + if (getCSSClass() == "expertBadCert") { + toggleDisplay(document.getElementById("badCertAdvancedPanel")); + // Toggling the advanced panel must ensure that the debugging + // information panel is hidden as well, since it's opened by the + // error code link in the advanced panel. + var div = document.getElementById("certificateErrorDebugInformation"); + div.style.display = "none"; + } + + disallowCertOverridesIfNeeded(); + + document.getElementById("badCertTechnicalInfo").textContent = getDescription(); + } + + function disallowCertOverridesIfNeeded() { + var cssClass = getCSSClass(); + // Disallow overrides if this is a Strict-Transport-Security + // host and the cert is bad (STS Spec section 7.3) or if the + // certerror is in a frame (bug 633691). + if (cssClass == "badStsCert" || window != top) { + document.getElementById("exceptionDialogButton").setAttribute("hidden", "true"); + } + if (cssClass == "badStsCert") { + document.getElementById("badStsCertExplanation").removeAttribute("hidden"); + } + } + + function initPage() + { + var err = getErrorCode(); + gIsCertError = (err == "nssBadCert"); + // Only worry about captive portals if this is a cert error. + let showCaptivePortalUI = isCaptive() && gIsCertError; + if (showCaptivePortalUI) { + err = "captivePortal"; + } + + // if it's an unknown error or there's no title or description + // defined, get the generic message + var errTitle = document.getElementById("et_" + err); + var errDesc = document.getElementById("ed_" + err); + if (!errTitle || !errDesc) + { + errTitle = document.getElementById("et_generic"); + errDesc = document.getElementById("ed_generic"); + } + + document.querySelector(".title-text").innerHTML = errTitle.innerHTML; + + var sd = document.getElementById("errorShortDescText"); + if (sd) { + if (gIsCertError) { + sd.innerHTML = errDesc.innerHTML; + } + else { + sd.textContent = getDescription(); + } + } + if (showCaptivePortalUI) { + initPageCaptivePortal(); + return; + } + if (gIsCertError) { + initPageCertError(); + return; + } + addAutofocus("errorTryAgain"); + + document.body.className = "neterror"; + + var ld = document.getElementById("errorLongDesc"); + if (ld) + { + ld.innerHTML = errDesc.innerHTML; + } + + if (err == "sslv3Used") { + document.getElementById("learnMoreContainer").style.display = "block"; + var learnMoreLink = document.getElementById("learnMoreLink"); + learnMoreLink.href = "https://support.mozilla.org/kb/how-resolve-sslv3-error-messages-firefox"; + document.body.className = "certerror"; + } + + if (err == "weakCryptoUsed") { + document.body.className = "certerror"; + } + + // remove undisplayed errors to avoid bug 39098 + var errContainer = document.getElementById("errorContainer"); + errContainer.parentNode.removeChild(errContainer); + + var className = getCSSClass(); + if (className && className != "expertBadCert") { + // Associate a CSS class with the root of the page, if one was passed in, + // to allow custom styling. + // Not "expertBadCert" though, don't want to deal with the favicon + document.documentElement.className = className; + + // Also, if they specified a CSS class, they must supply their own + // favicon. In order to trigger the browser to repaint though, we + // need to remove/add the link element. + var favicon = document.getElementById("favicon"); + var faviconParent = favicon.parentNode; + faviconParent.removeChild(favicon); + favicon.setAttribute("href", "chrome://global/skin/icons/" + className + "_favicon.png"); + faviconParent.appendChild(favicon); + } + + if (err == "remoteXUL") { + // Remove the "Try again" button for remote XUL errors given that + // it is useless. + document.getElementById("netErrorButtonContainer").style.display = "none"; + } + + if (err == "cspBlocked") { + // Remove the "Try again" button for CSP violations, since it's + // almost certainly useless. (Bug 553180) + document.getElementById("netErrorButtonContainer").style.display = "none"; + } + + window.addEventListener("AboutNetErrorOptions", function(evt) { + // Pinning errors are of type nssFailure2 + if (getErrorCode() == "nssFailure2" || getErrorCode() == "weakCryptoUsed") { + document.getElementById("learnMoreContainer").style.display = "block"; + var learnMoreLink = document.getElementById("learnMoreLink"); + // nssFailure2 also gets us other non-overrideable errors. Choose + // a "learn more" link based on description: + if (getDescription().includes("mozilla_pkix_error_key_pinning_failure")) { + learnMoreLink.href = "https://support.mozilla.org/kb/certificate-pinning-reports"; + } + if (getErrorCode() == "weakCryptoUsed") { + learnMoreLink.href = "https://support.mozilla.org/kb/how-resolve-weak-crypto-error-messages-firefox"; + } + + const hasPrefStyleError = [ + "interrupted", // This happens with subresources that are above the max tls + "SSL_ERROR_PROTOCOL_VERSION_ALERT", + "SSL_ERROR_UNSUPPORTED_VERSION", + "SSL_ERROR_NO_CYPHER_OVERLAP", + "SSL_ERROR_NO_CIPHERS_SUPPORTED" + ].some((substring) => getDescription().includes(substring)); + // If it looks like an error that is user config based + if (getErrorCode() == "nssFailure2" && hasPrefStyleError && options && options.changedCertPrefs) { + showPrefChangeContainer(); + } + } + if (getErrorCode() == "weakCryptoUsed" || getErrorCode() == "sslv3Used") { + setupAdvancedButton(getErrorCode() == "weakCryptoUsed"); + } + }.bind(this), true, true); + + var event = new CustomEvent("AboutNetErrorLoad", {bubbles:true}); + document.dispatchEvent(event); + + if (err == "inadequateSecurityError") { + // Remove the "Try again" button for HTTP/2 inadequate security as it + // is useless. + document.getElementById("errorTryAgain").style.display = "none"; + + var container = document.getElementById("errorLongDesc"); + for (var span of container.querySelectorAll("span.hostname")) { + span.textContent = document.location.hostname; + } + } + + addDomainErrorLinks(); + } + + function initPageCaptivePortal() + { + document.body.className = "captiveportal"; + document.title = document.getElementById("captivePortalPageTitle").textContent; + + document.getElementById("openPortalLoginPageButton") + .addEventListener("click", () => { + let event = new CustomEvent("AboutNetErrorOpenCaptivePortal", {bubbles:true}); + document.dispatchEvent(event); + }); + + addAutofocus("openPortalLoginPageButton"); + setupAdvancedButton(true); + + addDomainErrorLinks(); + + // When the portal is freed, an event is generated by the frame script + // that we can pick up and attempt to reload the original page. + window.addEventListener("AboutNetErrorCaptivePortalFreed", () => { + document.location.reload(); + }); + } + + function initPageCertError() { + document.body.className = "certerror"; + document.title = document.getElementById("certErrorPageTitle").textContent; + for (let host of document.querySelectorAll(".hostname")) { + host.textContent = document.location.hostname; + } + + addAutofocus("returnButton"); + setupAdvancedButton(true); + + document.getElementById("learnMoreContainer").style.display = "block"; + + let event = new CustomEvent("AboutNetErrorLoad", {bubbles:true}); + document.getElementById("advancedButton").dispatchEvent(event); + + addDomainErrorLinks(); + } + + /* Only do autofocus if we're the toplevel frame; otherwise we + don't want to call attention to ourselves! The key part is + that autofocus happens on insertion into the tree, so we + can remove the button, add @autofocus, and reinsert the + button. + */ + function addAutofocus(buttonId, position = "afterbegin") { + if (window.top == window) { + var button = document.getElementById(buttonId); + var parent = button.parentNode; + button.remove(); + button.setAttribute("autofocus", "true"); + parent.insertAdjacentElement(position, button); + } + } + + /* Try to preserve the links contained in the error description, like + the error code. + + Also, in the case of SSL error pages about domain mismatch, see if + we can hyperlink the user to the correct site. We don't want + to do this generically since it allows MitM attacks to redirect + users to a site under attacker control, but in certain cases + it is safe (and helpful!) to do so. Bug 402210 + */ + function addDomainErrorLinks() { + // Rather than textContent, we need to treat description as HTML + var sdid = gIsCertError ? "badCertTechnicalInfo" : "errorShortDescText"; + var sd = document.getElementById(sdid); + if (sd) { + var desc = getDescription(); + + // sanitize description text - see bug 441169 + + // First, find the index of the <a> tags we care about, being + // careful not to use an over-greedy regex. + var codeRe = /<a id="errorCode" title="([^"]+)">/; + var codeResult = codeRe.exec(desc); + var domainRe = /<a id="cert_domain_link" title="([^"]+)">/; + var domainResult = domainRe.exec(desc); + + // The order of these links in the description is fixed in + // TransportSecurityInfo.cpp:formatOverridableCertErrorMessage. + var firstResult = domainResult; + if (!domainResult) + firstResult = codeResult; + if (!firstResult) + return; + // Remove sd's existing children + sd.textContent = ""; + + // Everything up to the first link should be text content. + sd.appendChild(document.createTextNode(desc.slice(0, firstResult.index))); + + // Now create the actual links. + if (domainResult) { + createLink(sd, "cert_domain_link", domainResult[1]) + // Append text for anything between the two links. + sd.appendChild(document.createTextNode(desc.slice(desc.indexOf("</a>") + "</a>".length, codeResult.index))); + } + createLink(sd, "errorCode", codeResult[1]) + + // Finally, append text for anything after the last closing </a>. + sd.appendChild(document.createTextNode(desc.slice(desc.lastIndexOf("</a>") + "</a>".length))); + } + + if (gIsCertError) { + // Initialize the error code link embedded in the error message to + // display debug information about the cert error. + var errorCode = document.getElementById("errorCode"); + if (errorCode) { + errorCode.href = "javascript:void(0)"; + errorCode.addEventListener("click", () => { + let debugInfo = document.getElementById("certificateErrorDebugInformation"); + debugInfo.style.display = "block"; + debugInfo.scrollIntoView({block: "start", behavior: "smooth"}); + }, false); + } + } + + // Initialize the cert domain link. + var link = document.getElementById("cert_domain_link"); + if (!link) + return; + + var okHost = link.getAttribute("title"); + var thisHost = document.location.hostname; + var proto = document.location.protocol; + + // If okHost is a wildcard domain ("*.example.com") let's + // use "www" instead. "*.example.com" isn't going to + // get anyone anywhere useful. bug 432491 + okHost = okHost.replace(/^\*\./, "www."); + + /* case #1: + * example.com uses an invalid security certificate. + * + * The certificate is only valid for www.example.com + * + * Make sure to include the "." ahead of thisHost so that + * a MitM attack on paypal.com doesn't hyperlink to "notpaypal.com" + * + * We'd normally just use a RegExp here except that we lack a + * library function to escape them properly (bug 248062), and + * domain names are famous for having '.' characters in them, + * which would allow spurious and possibly hostile matches. + */ + if (okHost.endsWith("." + thisHost)) + link.href = proto + okHost; + + /* case #2: + * browser.garage.maemo.org uses an invalid security certificate. + * + * The certificate is only valid for garage.maemo.org + */ + if (thisHost.endsWith("." + okHost)) + link.href = proto + okHost; + + // If we set a link, meaning there's something helpful for + // the user here, expand the section by default + if (link.href && getCSSClass() != "expertBadCert") { + var panelId = gIsCertError ? "badCertAdvancedPanel" : "weakCryptoAdvancedPanel" + toggleDisplay(document.getElementById(panelId)); + if (gIsCertError) { + // Toggling the advanced panel must ensure that the debugging + // information panel is hidden as well, since it's opened by the + // error code link in the advanced panel. + var div = document.getElementById("certificateErrorDebugInformation"); + div.style.display = "none"; + } + } + } + + function createLink(el, id, text) { + var anchorEl = document.createElement("a"); + anchorEl.setAttribute("id", id); + anchorEl.setAttribute("title", text); + anchorEl.appendChild(document.createTextNode(text)); + el.appendChild(anchorEl); + } + ]]></script> + </head> + + <body dir="&locale.dir;"> + <!-- Contains an alternate page title set on page init for cert errors. --> + <div id="certErrorPageTitle" style="display: none;">&certerror.pagetitle1;</div> + <div id="captivePortalPageTitle" style="display: none;">&captivePortal.title;</div> + + <!-- ERROR ITEM CONTAINER (removed during loading to avoid bug 39098) --> + <div id="errorContainer"> + <div id="errorTitlesContainer"> + <h1 id="et_generic">&generic.title;</h1> + <h1 id="et_captivePortal">&captivePortal.title;</h1> + <h1 id="et_dnsNotFound">&dnsNotFound.title;</h1> + <h1 id="et_fileNotFound">&fileNotFound.title;</h1> + <h1 id="et_fileAccessDenied">&fileAccessDenied.title;</h1> + <h1 id="et_malformedURI">&malformedURI.title;</h1> + <h1 id="et_unknownProtocolFound">&unknownProtocolFound.title;</h1> + <h1 id="et_connectionFailure">&connectionFailure.title;</h1> + <h1 id="et_netTimeout">&netTimeout.title;</h1> + <h1 id="et_redirectLoop">&redirectLoop.title;</h1> + <h1 id="et_unknownSocketType">&unknownSocketType.title;</h1> + <h1 id="et_netReset">&netReset.title;</h1> + <h1 id="et_notCached">¬Cached.title;</h1> + <h1 id="et_netOffline">&netOffline.title;</h1> + <h1 id="et_netInterrupt">&netInterrupt.title;</h1> + <h1 id="et_deniedPortAccess">&deniedPortAccess.title;</h1> + <h1 id="et_proxyResolveFailure">&proxyResolveFailure.title;</h1> + <h1 id="et_proxyConnectFailure">&proxyConnectFailure.title;</h1> + <h1 id="et_contentEncodingError">&contentEncodingError.title;</h1> + <h1 id="et_unsafeContentType">&unsafeContentType.title;</h1> + <h1 id="et_nssFailure2">&nssFailure2.title;</h1> + <h1 id="et_nssBadCert">&certerror.longpagetitle1;</h1> + <h1 id="et_cspBlocked">&cspBlocked.title;</h1> + <h1 id="et_remoteXUL">&remoteXUL.title;</h1> + <h1 id="et_corruptedContentErrorv2">&corruptedContentErrorv2.title;</h1> + <h1 id="et_sslv3Used">&sslv3Used.title;</h1> + <h1 id="et_weakCryptoUsed">&weakCryptoUsed.title;</h1> + <h1 id="et_inadequateSecurityError">&inadequateSecurityError.title;</h1> + </div> + <div id="errorDescriptionsContainer"> + <div id="ed_generic">&generic.longDesc;</div> + <div id="ed_captivePortal">&captivePortal.longDesc;</div> + <div id="ed_dnsNotFound">&dnsNotFound.longDesc;</div> + <div id="ed_fileNotFound">&fileNotFound.longDesc;</div> + <div id="ed_fileAccessDenied">&fileAccessDenied.longDesc;</div> + <div id="ed_malformedURI">&malformedURI.longDesc;</div> + <div id="ed_unknownProtocolFound">&unknownProtocolFound.longDesc;</div> + <div id="ed_connectionFailure">&connectionFailure.longDesc;</div> + <div id="ed_netTimeout">&netTimeout.longDesc;</div> + <div id="ed_redirectLoop">&redirectLoop.longDesc;</div> + <div id="ed_unknownSocketType">&unknownSocketType.longDesc;</div> + <div id="ed_netReset">&netReset.longDesc;</div> + <div id="ed_notCached">¬Cached.longDesc;</div> + <div id="ed_netOffline">&netOffline.longDesc2;</div> + <div id="ed_netInterrupt">&netInterrupt.longDesc;</div> + <div id="ed_deniedPortAccess">&deniedPortAccess.longDesc;</div> + <div id="ed_proxyResolveFailure">&proxyResolveFailure.longDesc;</div> + <div id="ed_proxyConnectFailure">&proxyConnectFailure.longDesc;</div> + <div id="ed_contentEncodingError">&contentEncodingError.longDesc;</div> + <div id="ed_unsafeContentType">&unsafeContentType.longDesc;</div> + <div id="ed_nssFailure2">&nssFailure2.longDesc2;</div> + <div id="ed_nssBadCert">&certerror.introPara;</div> + <div id="ed_cspBlocked">&cspBlocked.longDesc;</div> + <div id="ed_remoteXUL">&remoteXUL.longDesc;</div> + <div id="ed_corruptedContentErrorv2">&corruptedContentErrorv2.longDesc;</div> + <div id="ed_sslv3Used">&sslv3Used.longDesc2;</div> + <div id="ed_weakCryptoUsed">&weakCryptoUsed.longDesc2;</div> + <div id="ed_inadequateSecurityError">&inadequateSecurityError.longDesc;</div> + </div> + </div> + + <!-- PAGE CONTAINER (for styling purposes only) --> + <div id="errorPageContainer" class="container"> + + <!-- Error Title --> + <div class="title"> + <h1 class="title-text"/> + </div> + + <!-- LONG CONTENT (the section most likely to require scrolling) --> + <div id="errorLongContent"> + + <!-- Short Description --> + <div id="errorShortDesc"> + <p id="errorShortDescText" /> + </div> + <p id="badStsCertExplanation" hidden="true">&certerror.whatShouldIDo.badStsCertExplanation;</p> + + <div id="wrongSystemTimePanel" style="display: none;"> + &certerror.wrongSystemTime; + </div> + + <!-- Long Description (Note: See netError.dtd for used XHTML tags) --> + <div id="errorLongDesc" /> + + <div id="prefChangeContainer" class="button-container"> + <p>&prefReset.longDesc;</p> + <button id="prefResetButton" class="primary" autocomplete="off">&prefReset.label;</button> + </div> + + <div id="certErrorAndCaptivePortalButtonContainer" class="button-container"> + <button id="returnButton" class="primary" autocomplete="off">&returnToPreviousPage.label;</button> + <button id="openPortalLoginPageButton" class="primary" autocomplete="off">&openPortalLoginPage.label;</button> + <div class="button-spacer"></div> + <button id="advancedButton" autocomplete="off">&advanced.label;</button> + </div> + </div> + + <div id="netErrorButtonContainer" class="button-container"> + <button id="errorTryAgain" class="primary" autocomplete="off" onclick="retryThis(this);">&retry.label;</button> + </div> + + <div id="advancedPanelContainer"> + <div id="weakCryptoAdvancedPanel" class="advanced-panel"> + <div id="weakCryptoAdvancedDescription"> + <p>&weakCryptoAdvanced.longDesc;</p> + </div> + <div id="advancedLongDesc" /> + <div id="overrideWeakCryptoPanel"> + <a id="overrideWeakCrypto" href="#">&weakCryptoAdvanced.override;</a> + </div> + </div> + + <div id="badCertAdvancedPanel" class="advanced-panel"> + <p id="badCertTechnicalInfo"/> + <button id="exceptionDialogButton">&securityOverride.exceptionButtonLabel;</button> + </div> + </div> + + </div> + + <div id="certificateErrorDebugInformation"> + <button id="copyToClipboard">&certerror.copyToClipboard.label;</button> + <div id="certificateErrorText"/> + <button id="copyToClipboard">&certerror.copyToClipboard.label;</button> + </div> + + <!-- + - Note: It is important to run the script this way, instead of using + - an onload handler. This is because error pages are loaded as + - LOAD_BACKGROUND, which means that onload handlers will not be executed. + --> + <script type="application/javascript"> + initPage(); + </script> + + </body> +</html> |