summaryrefslogtreecommitdiffstats
path: root/devtools/client/webconsole/test/browser/browser_webconsole_insecure_passwords_web_console_warning.js
blob: 7a426f0415cf5a1467313c01f5d072b759bd5ae0 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

/* Any copyright is dedicated to the Public Domain.
 * http://creativecommons.org/publicdomain/zero/1.0/ */

// Tests that errors about insecure passwords are logged to the web console.
// See Bug 762593.

"use strict";

const INSECURE_IFRAME_URI =
  "http://example.com/browser/devtools/client/webconsole/" +
  "test/browser/test-insecure-passwords-web-console-warning.html";
const INSECURE_PASSWORD_URI =
  "http://example.com/browser/devtools/client/webconsole/" +
  "test/browser/test-iframe-insecure-form-action.html";
const INSECURE_FORM_ACTION_URI =
  "https://example.com/browser/devtools/client/" +
  "webconsole/test/browser/test-iframe-insecure-form-action.html";

const STOLEN =
  "This is a security risk that allows user login credentials to be stolen.";
const INSECURE_PASSWORD_MSG =
  "Password fields present on an insecure (http://) page. " + STOLEN;
const INSECURE_FORM_ACTION_MSG =
  "Password fields present in a form with an insecure (http://) form action. " +
  STOLEN;
const INSECURE_IFRAME_MSG =
  "Password fields present on an insecure (http://) iframe. " + STOLEN;
const INSECURE_PASSWORDS_URI =
  "https://developer.mozilla.org/docs/Web/Security/Insecure_passwords" +
  DOCS_GA_PARAMS;

add_task(async function () {
  // testing insecure password warnings, hence disabling https-first
  await pushPref("dom.security.https_first", false);
  await testUriWarningMessage(INSECURE_IFRAME_URI, INSECURE_IFRAME_MSG);
  await testUriWarningMessage(INSECURE_PASSWORD_URI, INSECURE_PASSWORD_MSG);
  await testUriWarningMessage(
    INSECURE_FORM_ACTION_URI,
    INSECURE_FORM_ACTION_MSG
  );
});

async function testUriWarningMessage(uri, warningMessage) {
  const hud = await openNewTabAndConsole(uri);
  const message = await waitFor(() => findWarningMessage(hud, warningMessage));
  ok(message, "Warning message displayed successfully");
  await testLearnMoreLinkClick(message, INSECURE_PASSWORDS_URI);
}

async function testLearnMoreLinkClick(message, expectedUri) {
  const learnMoreLink = message.querySelector(".learn-more-link");
  ok(learnMoreLink, "There is a [Learn More] link");
  const { link } = await simulateLinkClick(learnMoreLink);
  is(
    link,
    expectedUri,
    "Click on [Learn More] link navigates user to " + expectedUri
  );
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-23 02:23:22 +0000