summaryrefslogtreecommitdiffstats
path: root/devtools/client/webconsole/test/browser/browser_webconsole_insecure_passwords_web_console_warning.js
diff options
context:
space:
mode:
Diffstat (limited to 'devtools/client/webconsole/test/browser/browser_webconsole_insecure_passwords_web_console_warning.js')
-rw-r--r--devtools/client/webconsole/test/browser/browser_webconsole_insecure_passwords_web_console_warning.js59
1 files changed, 59 insertions, 0 deletions
diff --git a/devtools/client/webconsole/test/browser/browser_webconsole_insecure_passwords_web_console_warning.js b/devtools/client/webconsole/test/browser/browser_webconsole_insecure_passwords_web_console_warning.js
new file mode 100644
index 0000000000..7a426f0415
--- /dev/null
+++ b/devtools/client/webconsole/test/browser/browser_webconsole_insecure_passwords_web_console_warning.js
@@ -0,0 +1,59 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// Tests that errors about insecure passwords are logged to the web console.
+// See Bug 762593.
+
+"use strict";
+
+const INSECURE_IFRAME_URI =
+ "http://example.com/browser/devtools/client/webconsole/" +
+ "test/browser/test-insecure-passwords-web-console-warning.html";
+const INSECURE_PASSWORD_URI =
+ "http://example.com/browser/devtools/client/webconsole/" +
+ "test/browser/test-iframe-insecure-form-action.html";
+const INSECURE_FORM_ACTION_URI =
+ "https://example.com/browser/devtools/client/" +
+ "webconsole/test/browser/test-iframe-insecure-form-action.html";
+
+const STOLEN =
+ "This is a security risk that allows user login credentials to be stolen.";
+const INSECURE_PASSWORD_MSG =
+ "Password fields present on an insecure (http://) page. " + STOLEN;
+const INSECURE_FORM_ACTION_MSG =
+ "Password fields present in a form with an insecure (http://) form action. " +
+ STOLEN;
+const INSECURE_IFRAME_MSG =
+ "Password fields present on an insecure (http://) iframe. " + STOLEN;
+const INSECURE_PASSWORDS_URI =
+ "https://developer.mozilla.org/docs/Web/Security/Insecure_passwords" +
+ DOCS_GA_PARAMS;
+
+add_task(async function () {
+ // testing insecure password warnings, hence disabling https-first
+ await pushPref("dom.security.https_first", false);
+ await testUriWarningMessage(INSECURE_IFRAME_URI, INSECURE_IFRAME_MSG);
+ await testUriWarningMessage(INSECURE_PASSWORD_URI, INSECURE_PASSWORD_MSG);
+ await testUriWarningMessage(
+ INSECURE_FORM_ACTION_URI,
+ INSECURE_FORM_ACTION_MSG
+ );
+});
+
+async function testUriWarningMessage(uri, warningMessage) {
+ const hud = await openNewTabAndConsole(uri);
+ const message = await waitFor(() => findWarningMessage(hud, warningMessage));
+ ok(message, "Warning message displayed successfully");
+ await testLearnMoreLinkClick(message, INSECURE_PASSWORDS_URI);
+}
+
+async function testLearnMoreLinkClick(message, expectedUri) {
+ const learnMoreLink = message.querySelector(".learn-more-link");
+ ok(learnMoreLink, "There is a [Learn More] link");
+ const { link } = await simulateLinkClick(learnMoreLink);
+ is(
+ link,
+ expectedUri,
+ "Click on [Learn More] link navigates user to " + expectedUri
+ );
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-23 02:44:59 +0000