devtools/client/webconsole/test/browser_webconsole_bug_762593_insecure_passwords_web_console_warning.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
/* vim: set ft=javascript ts=2 et sw=2 tw=80: */
/* Any copyright is dedicated to the Public Domain.
 * http://creativecommons.org/publicdomain/zero/1.0/ */

 // Tests that errors about insecure passwords are logged to the web console.

"use strict";

const TEST_URI = "http://example.com/browser/devtools/client/webconsole/" +
                 "test/test-bug-762593-insecure-passwords-web-" +
                 "console-warning.html";
const INSECURE_PASSWORD_MSG = "Password fields present on an insecure " +
                 "(http://) page. This is a security risk that allows user " +
                 "login credentials to be stolen.";
const INSECURE_FORM_ACTION_MSG = "Password fields present in a form with an " +
                 "insecure (http://) form action. This is a security risk " +
                 "that allows user login credentials to be stolen.";
const INSECURE_IFRAME_MSG = "Password fields present on an insecure " +
                 "(http://) iframe. This is a security risk that allows " +
                 "user login credentials to be stolen.";
const INSECURE_PASSWORDS_URI = "https://developer.mozilla.org/docs/Web/" +
                               "Security/Insecure_passwords" + DOCS_GA_PARAMS;

add_task(function* () {
  yield loadTab(TEST_URI);

  let hud = yield openConsole();

  let result = yield waitForMessages({
    webconsole: hud,
    messages: [
      {
        name: "Insecure password error displayed successfully",
        text: INSECURE_PASSWORD_MSG,
        category: CATEGORY_SECURITY,
        severity: SEVERITY_WARNING
      },
      {
        name: "Insecure iframe error displayed successfully",
        text: INSECURE_IFRAME_MSG,
        category: CATEGORY_SECURITY,
        severity: SEVERITY_WARNING
      },
      {
        name: "Insecure form action error displayed successfully",
        text: INSECURE_FORM_ACTION_MSG,
        category: CATEGORY_SECURITY,
        severity: SEVERITY_WARNING
      },
    ],
  });

  yield testClickOpenNewTab(hud, result);
});

function testClickOpenNewTab(hud, [result]) {
  let msg = [...result.matched][0];
  let warningNode = msg.querySelector(".learn-more-link");
  ok(warningNode, "learn more link");
  return simulateMessageLinkClick(warningNode, INSECURE_PASSWORDS_URI);
}