<?xml version="1.0"?>

<!-- -*- Mode: Java; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- -->
<!-- This Source Code Form is subject to the terms of the Mozilla Public
   - License, v. 2.0. If a copy of the MPL was not distributed with this
   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->

<!DOCTYPE overlay [
  <!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd">
  <!ENTITY % securityDTD SYSTEM "chrome://browser/locale/preferences/security.dtd">
  %brandDTD;
  %securityDTD;
]>

<overlay id="SecurityPaneOverlay"
         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">

  <prefpane id="paneSecurity"
            onpaneload="gSecurityPane.init();"
            helpTopic="prefs-security">

    <preferences id="securityPreferences">
      <!-- XXX buttons -->
      <preference id="pref.privacy.disable_button.view_passwords"
                  name="pref.privacy.disable_button.view_passwords"
                  type="bool"/>
      <preference id="pref.privacy.disable_button.view_passwords_exceptions"
                  name="pref.privacy.disable_button.view_passwords_exceptions"
                  type="bool"/>

      <!-- Add-ons, malware, phishing -->
      <preference id="xpinstall.whitelist.required"
                  name="xpinstall.whitelist.required"
                  type="bool"/>
      <preference id="extensions.blocklist.level"
                  name="extensions.blocklist.level"
                  onchange="gSecurityPane.addonLevelNeedsSync();"
                  type="int"/>

      <!-- Passwords -->
      <preference id="signon.rememberSignons" name="signon.rememberSignons" type="bool"/>
      <preference id="signon.autofillForms"   name="signon.autofillForms"   type="bool"/>

      <!-- Security Protocols -->
      
      <preference id="network.stricttransportsecurity.enabled"
                  name="network.stricttransportsecurity.enabled"
                  type="bool"/>
      <preference id="security.cert_pinning.enforcement_level"
                  name="security.cert_pinning.enforcement_level"
                  type="int"/>
      
      <!-- Opportunistic Encryption -->
                  
      <preference id="network.http.upgrade-insecure-requests"
                  name="network.http.upgrade-insecure-requests"
                  type="bool"/>
      <preference id="network.http.altsvc.oe"
                  name="network.http.altsvc.oe"
                  type="bool"/>
      
      <!-- XSS Filter -->
      <!--
      <preference id="security.xssfilter.enable" name="security.xssfilter.enable" type="bool"/>
      -->

    </preferences>
    
    <script type="application/javascript" src="chrome://browser/content/preferences/security.js"/>
    
    <stringbundle id="bundlePreferences" src="chrome://browser/locale/preferences/preferences.properties"/>

    <!-- addons, forgery (phishing) UI -->
    <groupbox id="addonsSecurityGroup">
      <caption label="&addons.label;"/>
      
      <hbox id="addonInstallBox">
        <checkbox id="warnAddonInstall" flex="1"
                  label="&warnAddonInstall.label;"
                  accesskey="&warnAddonInstall.accesskey;"
                  preference="xpinstall.whitelist.required"
                  onsyncfrompreference="return gSecurityPane.readWarnAddonInstall();"/>
        <button id="addonExceptions"
                label="&addonExceptions.label;"
                accesskey="&addonExceptions.accesskey;"
                oncommand="gSecurityPane.showAddonExceptions();"/>
      </hbox>
      <hbox id="addonSecuritySettingsBox" flex="1">
       <vbox>
        <label id="addonSecurity" control="addonsecurity-menu">&addonSecuritylevel;</label>
		<menulist id="addonsecurity-menu" preference="extensions.blocklist.level" sizetopopup="always">
		  <menupopup>
		    <menuitem label="&addonSecurityLevel_Off;" value="99" />
		    <menuitem label="&addonSecurityLevel_Low;" value="3" />
		    <menuitem label="&addonSecurityLevel_High;" value="2" />
		    <menuitem label="&addonSecurityLevel_Extreme;" value="1" />
		  </menupopup>
		</menulist>       
       </vbox>
      </hbox>
    </groupbox>

    <!-- Passwords -->
    <groupbox id="passwordsGroup" orient="vertical">
      <caption label="&passwords.label;"/>

      <hbox id="savePasswordsBox">
        <checkbox id="savePasswords" flex="1"
                  label="&rememberPasswords.label;" accesskey="&rememberPasswords.accesskey;"
                  preference="signon.rememberSignons"
                  onsyncfrompreference="return gSecurityPane.readSavePasswords();"/>
        <button id="passwordExceptions"
                label="&passwordExceptions.label;"
                accesskey="&passwordExceptions.accesskey;"
                oncommand="gSecurityPane.showPasswordExceptions();"
                preference="pref.privacy.disable_button.view_passwords_exceptions"/>
      </hbox>
      <checkbox id="autofillPasswords" flex="1"
                label="&autofillPasswords.label;" accesskey="&autofillPasswords.accesskey;"
                preference="signon.autofillForms"/>
      <hbox id="masterPasswordBox">
        <checkbox id="useMasterPassword" flex="1"
                  oncommand="gSecurityPane.updateMasterPasswordButton();"
                  label="&useMasterPassword.label;"
                  accesskey="&useMasterPassword.accesskey;"/>
        <button id="changeMasterPassword"
                label="&changeMasterPassword.label;"
                accesskey="&changeMasterPassword.accesskey;"
                oncommand="gSecurityPane.changeMasterPassword();"/>
      </hbox>

      <hbox id="showPasswordsBox">
        <spacer flex="1"/>
        <button id="showPasswords"
                label="&savedPasswords.label;" accesskey="&savedPasswords.accesskey;"
                oncommand="gSecurityPane.showPasswords();"
                preference="pref.privacy.disable_button.view_passwords"/>
      </hbox>
    </groupbox>

    <!-- Security protocols -->
    <groupbox id="SecProtoGroup">
      <caption label="&SecProto.label;"/>
    
      <vbox id="SecProtoBox" align="start" flex="1">
        <checkbox id="enableHSTS"
                  label="&enableHSTS.label;"
                  accesskey="&enableHSTS.accesskey;"
                  preference="network.stricttransportsecurity.enabled" />
        <checkbox id="enableHPKP"
                  label="&enableHPKP.label;"
                  accesskey="&enableHPKP.accesskey;"
                  oncommand="gSecurityPane.updateHPKPPref();"/>
      </vbox>
    </groupbox>
    
    <groupbox id="OpportunisticEncryption">
      <caption label="&OpEnc.label;"/>
      <checkbox id="enableUIROpEnc"
                label="&enableUIROpEnc.label;"
                preference="network.http.upgrade-insecure-requests" />
      <checkbox id="enableAltSvcOpEnc"
                label="&enableAltSvcOpEnc.label;"
                preference="network.http.altsvc.oe" />
    </groupbox>    

    <!-- XSS Filter -->
    <!--
    <groupbox id="XSSFiltGroup">
      <caption label="&XSSFilt.label;"/>
    
      <hbox id="XSSFiltBox">
        <checkbox id="enableXSSFilt" flex="1"
                  label="&enableXSSFilt.label;"
                  accesskey="&enableXSSFilt.accesskey;"
                  preference="security.xssfilter.enable" />
      </hbox>

    </groupbox>
    -->

  </prefpane>

</overlay>