bug 832837 - move insecure form submission warning from nsSecureBrows…

…erUIImpl to the HTML form implementation r=mrbkap r=phlsa

As a result, we can remove nsSecurityWarningDialogs completely, which this patch also does.

CLOBBER

@@ -22,4 +22,4 @@
 # changes to stick? As of bug 928195, this shouldn't be necessary! Please
 # don't change CLOBBER for WebIDL changes any more.
 
-Bug 870366 - Blacklisting PREF_JS_EXPORTS in Makefile.ins (because of 852814)
+bug 832837 removes nsISecurityWarningDialogs.idl, which requires a clobber according to bug 1114669

dom/html/HTMLFormElement.cpp

@@ -20,7 +20,6 @@
 #include "nsPresContext.h"
 #include "nsIDocument.h"
 #include "nsIFormControlFrame.h"
-#include "nsISecureBrowserUI.h"
 #include "nsError.h"
 #include "nsContentUtils.h"
 #include "nsInterfaceHashtable.h"
@@ -33,6 +32,7 @@
 #include "mozilla/BinarySearch.h"
 
 // form submission
+#include "mozilla/Telemetry.h"
 #include "nsIFormSubmitObserver.h"
 #include "nsIObserverService.h"
 #include "nsICategoryManager.h"
@@ -45,6 +45,9 @@
 #include "nsIDocShell.h"
 #include "nsFormData.h"
 #include "nsFormSubmissionConstants.h"
+#include "nsIPromptService.h"
+#include "nsISecurityUITelemetry.h"
+#include "nsIStringBundle.h"
 
 // radio buttons
 #include "mozilla/dom/HTMLInputElement.h"
@@ -858,6 +861,108 @@ HTMLFormElement::SubmitSubmission(nsFormSubmission* aFormSubmission)
   return rv;
 }
 
+nsresult
+HTMLFormElement::DoSecureToInsecureSubmitCheck(nsIURI* aActionURL,
+                                               bool* aCancelSubmit)
+{
+  *aCancelSubmit = false;
+
+  // Only ask the user about posting from a secure URI to an insecure URI if
+  // this element is in the root document. When this is not the case, the mixed
+  // content blocker will take care of security for us.
+  nsIDocument* parent = OwnerDoc()->GetParentDocument();
+  bool isRootDocument = (!parent || nsContentUtils::IsChromeDoc(parent));
+  if (!isRootDocument) {
+    return NS_OK;
+  }
+
+  nsIPrincipal* principal = NodePrincipal();
+  if (!principal) {
+    *aCancelSubmit = true;
+    return NS_OK;
+  }
+  nsCOMPtr<nsIURI> principalURI;
+  nsresult rv = principal->GetURI(getter_AddRefs(principalURI));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!principalURI) {
+    principalURI = OwnerDoc()->GetDocumentURI();
+  }
+  bool formIsHTTPS;
+  rv = principalURI->SchemeIs("https", &formIsHTTPS);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  bool actionIsHTTPS;
+  rv = aActionURL->SchemeIs("https", &actionIsHTTPS);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  bool actionIsJS;
+  rv = aActionURL->SchemeIs("javascript", &actionIsJS);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (!formIsHTTPS || actionIsHTTPS || actionIsJS) {
+    return NS_OK;
+  }
+
+  nsCOMPtr<nsIPromptService> promptSvc =
+    do_GetService("@mozilla.org/embedcomp/prompt-service;1");
+  if (!promptSvc) {
+    return NS_ERROR_FAILURE;
+  }
+  nsCOMPtr<nsIStringBundle> stringBundle;
+  nsCOMPtr<nsIStringBundleService> stringBundleService =
+    mozilla::services::GetStringBundleService();
+  if (!stringBundleService) {
+    return NS_ERROR_FAILURE;
+  }
+  rv = stringBundleService->CreateBundle(
+    "chrome://global/locale/browser.properties",
+    getter_AddRefs(stringBundle));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  nsAutoString title;
+  nsAutoString message;
+  nsAutoString cont;
+  stringBundle->GetStringFromName(
+    MOZ_UTF16("formPostSecureToInsecureWarning.title"), getter_Copies(title));
+  stringBundle->GetStringFromName(
+    MOZ_UTF16("formPostSecureToInsecureWarning.message"),
+    getter_Copies(message));
+  stringBundle->GetStringFromName(
+    MOZ_UTF16("formPostSecureToInsecureWarning.continue"),
+    getter_Copies(cont));
+  int32_t buttonPressed;
+  bool checkState = false; // this is unused (ConfirmEx requires this parameter)
+  nsCOMPtr<nsPIDOMWindow> window = OwnerDoc()->GetWindow();
+  rv = promptSvc->ConfirmEx(window, title.get(), message.get(),
+                            (nsIPromptService::BUTTON_TITLE_IS_STRING *
+                             nsIPromptService::BUTTON_POS_0) +
+                            (nsIPromptService::BUTTON_TITLE_CANCEL *
+                             nsIPromptService::BUTTON_POS_1),
+                            cont.get(), nullptr, nullptr, nullptr,
+                            &checkState, &buttonPressed);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  *aCancelSubmit = (buttonPressed == 1);
+  uint32_t telemetryBucket =
+    nsISecurityUITelemetry::WARNING_CONFIRM_POST_TO_INSECURE_FROM_SECURE;
+  mozilla::Telemetry::Accumulate(mozilla::Telemetry::SECURITY_UI,
+                                 telemetryBucket);
+  if (!*aCancelSubmit) {
+    // The user opted to continue, so note that in the next telemetry bucket.
+    mozilla::Telemetry::Accumulate(mozilla::Telemetry::SECURITY_UI,
+                                   telemetryBucket + 1);
+  }
+  return NS_OK;
+}
+
 nsresult
 HTMLFormElement::NotifySubmitObservers(nsIURI* aActionURL,
                                        bool* aCancelSubmit,
@@ -872,28 +977,13 @@ HTMLFormElement::NotifySubmitObservers(nsIURI* aActionURL,
                                   NS_FIRST_FORMSUBMIT_CATEGORY);
   }
 
-  // XXXbz what do the submit observers actually want?  The window
-  // of the document this is shown in?  Or something else?
-  // sXBL/XBL2 issue
-  nsCOMPtr<nsPIDOMWindow> window = OwnerDoc()->GetWindow();
-
-  // Notify the secure browser UI, if any, that the form is being submitted.
-  nsCOMPtr<nsIDocShell> docshell = OwnerDoc()->GetDocShell();
-  if (docshell && !aEarlyNotify) {
-    nsCOMPtr<nsISecureBrowserUI> secureUI;
-    docshell->GetSecurityUI(getter_AddRefs(secureUI));
-    nsCOMPtr<nsIFormSubmitObserver> formSubmitObserver =
-      do_QueryInterface(secureUI);
-    if (formSubmitObserver) {
-      nsresult rv = formSubmitObserver->Notify(this,
-                                               window,
-                                               aActionURL,
-                                               aCancelSubmit);
-      NS_ENSURE_SUCCESS(rv, rv);
-
-      if (*aCancelSubmit) {
-        return NS_OK;
-      }
+  if (!aEarlyNotify) {
+    nsresult rv = DoSecureToInsecureSubmitCheck(aActionURL, aCancelSubmit);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    if (*aCancelSubmit) {
+      return NS_OK;
     }
   }
 
@@ -914,6 +1004,11 @@ HTMLFormElement::NotifySubmitObservers(nsIURI* aActionURL,
     nsCOMPtr<nsISupports> inst;
     *aCancelSubmit = false;
 
+    // XXXbz what do the submit observers actually want?  The window
+    // of the document this is shown in?  Or something else?
+    // sXBL/XBL2 issue
+    nsCOMPtr<nsPIDOMWindow> window = OwnerDoc()->GetWindow();
+
     bool loop = true;
     while (NS_SUCCEEDED(theEnum->HasMoreElements(&loop)) && loop) {
       theEnum->GetNext(getter_AddRefs(inst));

dom/html/HTMLFormElement.h

@@ -495,6 +495,16 @@ class HTMLFormElement MOZ_FINAL : public nsGenericHTMLElement,
   nsresult NotifySubmitObservers(nsIURI* aActionURL, bool* aCancelSubmit,
                                  bool aEarlyNotify);
 
+  /**
+   * If this form submission is secure -> insecure, ask the user if they want
+   * to continue.
+   *
+   * @param aActionURL the URL being submitted to
+   * @param aCancelSubmit out param: will be true if the user wants to cancel
+   */
+  nsresult DoSecureToInsecureSubmitCheck(nsIURI* aActionURL,
+                                         bool* aCancelSubmit);
+
   /**
    * Find form controls in this form with the correct value in the name
    * attribute.

security/manager/boot/public/moz.build

@@ -8,7 +8,6 @@ XPIDL_SOURCES += [
     'nsIBufEntropyCollector.idl',
     'nsICertBlocklist.idl',
     'nsISecurityUITelemetry.idl',
-    'nsISecurityWarningDialogs.idl',
     'nsISSLStatusProvider.idl',
 ]
 

security/manager/boot/src/moz.build

@@ -15,7 +15,6 @@ UNIFIED_SOURCES += [
     'nsEntropyCollector.cpp',
     'nsSecureBrowserUIImpl.cpp',
     'nsSecurityHeaderParser.cpp',
-    'nsSecurityWarningDialogs.cpp',
     'nsSiteSecurityService.cpp',
     'PublicKeyPinningService.cpp',
     'RootCertificateTelemetryUtils.cpp',

security/manager/boot/src/nsBOOTModule.cpp

@@ -8,24 +8,20 @@
 #include "CertBlocklist.h"
 #include "nsEntropyCollector.h"
 #include "nsSecureBrowserUIImpl.h"
-#include "nsSecurityWarningDialogs.h"
 #include "nsSiteSecurityService.h"
 
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsEntropyCollector)
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl)
 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(CertBlocklist, Init)
-NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSecurityWarningDialogs, Init)
 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSiteSecurityService, Init)
 
 NS_DEFINE_NAMED_CID(NS_ENTROPYCOLLECTOR_CID);
-NS_DEFINE_NAMED_CID(NS_SECURITYWARNINGDIALOGS_CID);
 NS_DEFINE_NAMED_CID(NS_SECURE_BROWSER_UI_CID);
 NS_DEFINE_NAMED_CID(NS_SITE_SECURITY_SERVICE_CID);
 NS_DEFINE_NAMED_CID(NS_CERT_BLOCKLIST_CID);
 
 static const mozilla::Module::CIDEntry kBOOTCIDs[] = {
   { &kNS_ENTROPYCOLLECTOR_CID, false, nullptr, nsEntropyCollectorConstructor },
-  { &kNS_SECURITYWARNINGDIALOGS_CID, false, nullptr, nsSecurityWarningDialogsConstructor },
   { &kNS_SECURE_BROWSER_UI_CID, false, nullptr, nsSecureBrowserUIImplConstructor },
   { &kNS_SITE_SECURITY_SERVICE_CID, false, nullptr, nsSiteSecurityServiceConstructor },
   { &kNS_CERT_BLOCKLIST_CID, false, nullptr, CertBlocklistConstructor},
@@ -34,7 +30,6 @@ static const mozilla::Module::CIDEntry kBOOTCIDs[] = {
 
 static const mozilla::Module::ContractIDEntry kBOOTContracts[] = {
   { NS_ENTROPYCOLLECTOR_CONTRACTID, &kNS_ENTROPYCOLLECTOR_CID },
-  { NS_SECURITYWARNINGDIALOGS_CONTRACTID, &kNS_SECURITYWARNINGDIALOGS_CID },
   { NS_SECURE_BROWSER_UI_CONTRACTID, &kNS_SECURE_BROWSER_UI_CID },
   { NS_SSSERVICE_CONTRACTID, &kNS_SITE_SECURITY_SERVICE_CID },
   { NS_CERTBLOCKLIST_CONTRACTID, &kNS_CERT_BLOCKLIST_CID },