Bug 1570678 - Replace (i) icon for a file icon on potentially trustworthy pages. r=johannh,nhnt11

Differential Revision: https://phabricator.services.mozilla.com/D70932

browser/base/content/browser-siteIdentity.js

@@ -131,6 +131,23 @@ var gIdentityHandler = {
     );
   },
 
+  get _isAboutNetErrorPage() {
+    return (
+      gBrowser.selectedBrowser.documentURI &&
+      gBrowser.selectedBrowser.documentURI.scheme == "about" &&
+      gBrowser.selectedBrowser.documentURI.pathQueryRef.startsWith("neterror")
+    );
+  },
+
+  get _isPotentiallyTrustworthy() {
+    return (
+      !this._isBrokenConnection &&
+      (this._isSecureContext ||
+        (gBrowser.selectedBrowser.documentURI &&
+          gBrowser.selectedBrowser.documentURI.scheme == "chrome"))
+    );
+  },
+
   // smart getters
   get _identityPopup() {
     delete this._identityPopup;
@@ -707,14 +724,12 @@ var gIdentityHandler = {
     } else if (this._isAboutCertErrorPage) {
       // We show a warning lock icon for 'about:certerror' page.
       this._identityBox.className = "certErrorPage";
-    } else if (
-      this._isSecureContext ||
-      (gBrowser.selectedBrowser.documentURI &&
-        (gBrowser.selectedBrowser.documentURI.scheme == "about" ||
-          gBrowser.selectedBrowser.documentURI.scheme == "chrome"))
-    ) {
-      // This is a local resource (and shouldn't be marked insecure).
+    } else if (this._isAboutNetErrorPage) {
+      // Network errors get a more neutral icon
       this._identityBox.className = "unknownIdentity";
+    } else if (this._isPotentiallyTrustworthy) {
+      // This is a local resource (and shouldn't be marked insecure).
+      this._identityBox.className = "localResource";
     } else {
       // This is an insecure connection.
       let warnOnInsecure =
@@ -893,6 +908,10 @@ var gIdentityHandler = {
       customRoot = this._hasCustomRoot();
     } else if (this._isAboutCertErrorPage) {
       connection = "cert-error-page";
+    } else if (this._isAboutNetErrorPage) {
+      connection = "not-secure";
+    } else if (this._isPotentiallyTrustworthy) {
+      connection = "file";
     }
 
     // Determine the mixed content state.

browser/base/content/test/siteIdentity/browser_check_identity_state.js

@@ -61,7 +61,7 @@ async function webpageTest(secureCheck) {
   }
 
   gBrowser.selectedTab = oldTab;
-  is(getIdentityMode(), "unknownIdentity", "Identity should be unknown");
+  is(getIdentityMode(), "localResource", "Identity should be localResource");
 
   gBrowser.selectedTab = newTab;
   if (secureCheck) {
@@ -96,7 +96,7 @@ async function webpageTestTextWarning(secureCheck) {
   }
 
   gBrowser.selectedTab = oldTab;
-  is(getIdentityMode(), "unknownIdentity", "Identity should be unknown");
+  is(getIdentityMode(), "localResource", "Identity should be localResource");
 
   gBrowser.selectedTab = newTab;
   if (secureCheck) {
@@ -180,7 +180,7 @@ async function blankPageTest(secureCheck) {
     "valid",
     "pageproxystate should be valid"
   );
-  is(getIdentityMode(), "unknownIdentity", "Identity should be unknown");
+  is(getIdentityMode(), "localResource", "Identity should be localResource");
 
   gBrowser.selectedTab = newTab;
   is(
@@ -207,7 +207,7 @@ async function secureTest(secureCheck) {
   is(getIdentityMode(), "verifiedDomain", "Identity should be verified");
 
   gBrowser.selectedTab = oldTab;
-  is(getIdentityMode(), "unknownIdentity", "Identity should be unknown");
+  is(getIdentityMode(), "localResource", "Identity should be localResource");
 
   gBrowser.selectedTab = newTab;
   is(getIdentityMode(), "verifiedDomain", "Identity should be verified");
@@ -257,7 +257,7 @@ async function insecureTest(secureCheck) {
   }
 
   gBrowser.selectedTab = oldTab;
-  is(getIdentityMode(), "unknownIdentity", "Identity should be unknown");
+  is(getIdentityMode(), "localResource", "Identity should be localResource");
 
   gBrowser.selectedTab = newTab;
   if (secureCheck) {
@@ -290,7 +290,7 @@ async function addonsTest(secureCheck) {
   is(getIdentityMode(), "chromeUI", "Identity should be chrome");
 
   gBrowser.selectedTab = oldTab;
-  is(getIdentityMode(), "unknownIdentity", "Identity should be unknown");
+  is(getIdentityMode(), "localResource", "Identity should be localResource");
 
   gBrowser.selectedTab = newTab;
   is(getIdentityMode(), "chromeUI", "Identity should be chrome");
@@ -315,7 +315,7 @@ async function fileTest(secureCheck) {
   is(getConnectionState(), "file", "Connection should be file");
 
   gBrowser.selectedTab = oldTab;
-  is(getIdentityMode(), "unknownIdentity", "Identity should be unknown");
+  is(getIdentityMode(), "localResource", "Identity should be localResource");
 
   gBrowser.selectedTab = newTab;
   is(getConnectionState(), "file", "Connection should be file");
@@ -341,7 +341,11 @@ async function resourceUriTest(secureCheck) {
   is(getConnectionState(), "file", "Connection should be file");
 
   gBrowser.selectedTab = oldTab;
-  is(getIdentityMode(), "unknownIdentity", "Identity should be unknown");
+  is(
+    getIdentityMode(),
+    "localResource",
+    "Identity should be a local a resource"
+  );
 
   gBrowser.selectedTab = newTab;
   is(getConnectionState(), "file", "Connection should be file");
@@ -378,7 +382,7 @@ async function noCertErrorTest(secureCheck) {
   );
 
   gBrowser.selectedTab = oldTab;
-  is(getIdentityMode(), "unknownIdentity", "Identity should be unknown");
+  is(getIdentityMode(), "localResource", "Identity should be localResource");
 
   gBrowser.selectedTab = newTab;
   is(
@@ -471,7 +475,7 @@ async function aboutUriTest(secureCheck) {
   is(getConnectionState(), "file", "Connection should be file");
 
   gBrowser.selectedTab = oldTab;
-  is(getIdentityMode(), "unknownIdentity", "Identity should be unknown");
+  is(getIdentityMode(), "localResource", "Identity should be localResource");
 
   gBrowser.selectedTab = newTab;
   is(getConnectionState(), "file", "Connection should be file");
@@ -522,7 +526,7 @@ async function dataUriTest(secureCheck) {
   }
 
   gBrowser.selectedTab = oldTab;
-  is(getIdentityMode(), "unknownIdentity", "Identity should be unknown");
+  is(getIdentityMode(), "localResource", "Identity should be localResource");
 
   gBrowser.selectedTab = newTab;
   if (secureCheck) {
@@ -574,8 +578,8 @@ async function pbModeTest(prefs, secureCheck) {
   privateWin.gBrowser.selectedTab = oldTab;
   is(
     getIdentityMode(privateWin),
-    "unknownIdentity",
-    "Identity should be unknown"
+    "localResource",
+    "Identity should be localResource"
   );
 
   privateWin.gBrowser.selectedTab = newTab;

browser/base/content/test/siteIdentity/browser_deprecatedTLSVersions.js

@@ -14,10 +14,29 @@ function getIdentityMode(aWindow = window) {
   return aWindow.document.getElementById("identity-box").className;
 }
 
+function openIdentityPopup() {
+  let mainView = document.getElementById("identity-popup-mainView");
+  let viewShown = BrowserTestUtils.waitForEvent(mainView, "ViewShown");
+  gIdentityHandler._identityBox.click();
+  return viewShown;
+}
+
+function closeIdentityPopup() {
+  let promise = BrowserTestUtils.waitForEvent(
+    gIdentityHandler._identityPopup,
+    "popuphidden"
+  );
+  gIdentityHandler._identityPopup.hidePopup();
+  return promise;
+}
+
+async function checkConnectionState(state) {
+  await openIdentityPopup();
+  is(getConnectionState(), state, "connectionState should be " + state);
+  await closeIdentityPopup();
+}
+
 function getConnectionState() {
-  // Prevents items that are being lazy loaded causing issues
-  document.getElementById("identity-box").click();
-  gIdentityHandler.refreshIdentityPopup();
   return document.getElementById("identity-popup").getAttribute("connection");
 }
 
@@ -42,11 +61,7 @@ add_task(async function() {
       "unknownIdentity weakCipher",
       "Identity should be unknownIdentity"
     );
-    is(
-      getConnectionState(),
-      "not-secure",
-      "connectionState should be not-secure"
-    );
+    await checkConnectionState("not-secure");
 
     await BrowserTestUtils.loadURI(browser, HTTPS_TLS1_1);
     await BrowserTestUtils.browserLoaded(browser);
@@ -56,18 +71,14 @@ add_task(async function() {
       "unknownIdentity weakCipher",
       "Identity should be unknownIdentity"
     );
-    is(
-      getConnectionState(),
-      "not-secure",
-      "connectionState should be not-secure"
-    );
+    await checkConnectionState("not-secure");
 
     // Transition to secure
     await BrowserTestUtils.loadURI(browser, HTTPS_TLS1_2);
     await BrowserTestUtils.browserLoaded(browser);
     isSecurityState(browser, "secure");
     is(getIdentityMode(), "verifiedDomain", "Identity should be verified");
-    is(getConnectionState(), "secure", "connectionState should be secure");
+    await checkConnectionState("secure");
 
     // Transition back to broken
     await BrowserTestUtils.loadURI(browser, HTTPS_TLS1_1);
@@ -78,17 +89,13 @@ add_task(async function() {
       "unknownIdentity weakCipher",
       "Identity should be unknownIdentity"
     );
-    is(
-      getConnectionState(),
-      "not-secure",
-      "connectionState should be not-secure"
-    );
+    await checkConnectionState("not-secure");
 
     // TLS1.3 for completeness
     await BrowserTestUtils.loadURI(browser, HTTPS_TLS1_3);
     await BrowserTestUtils.browserLoaded(browser);
     isSecurityState(browser, "secure");
     is(getIdentityMode(), "verifiedDomain", "Identity should be verified");
-    is(getConnectionState(), "secure", "connectionState should be secure");
+    await checkConnectionState("secure");
   });
 });

browser/base/content/test/siteIdentity/browser_identityBlock_flicker.js

@@ -14,7 +14,7 @@ add_task(async function test() {
 
   is(
     identityBox.className,
-    "unknownIdentity",
+    "localResource",
     "identity box has the correct class"
   );
 

browser/base/content/test/siteIdentity/browser_identityIcon_img_url.js

@@ -30,7 +30,7 @@ const TEST_CASES = [
   {
     type: "non-chrome about page",
     testURL: "about:about",
-    img_url: `url("chrome://global/skin/icons/identity-icon.svg")`,
+    img_url: `url("chrome://global/skin/icons/document.svg")`,
   },
   {
     type: "chrome about page",
@@ -40,7 +40,12 @@ const TEST_CASES = [
   {
     type: "file",
     testURL: "dummy_page.html",
-    img_url: `url("chrome://global/skin/icons/identity-icon.svg")`,
+    img_url: `url("chrome://global/skin/icons/document.svg")`,
+  },
+  {
+    type: "resource",
+    testURL: "resource://gre/modules/Log.jsm",
+    img_url: `url("chrome://global/skin/icons/document.svg")`,
   },
   {
     type: "mixedPassiveContent",
@@ -60,12 +65,12 @@ const TEST_CASES = [
   {
     type: "localhost",
     testURL: "http://127.0.0.1",
-    img_url: `url("chrome://global/skin/icons/identity-icon.svg")`,
+    img_url: `url("chrome://global/skin/icons/document.svg")`,
   },
   {
     type: "localhost + http frame",
     testURL: kBaseURILocalhost + "file_csp_block_all_mixedcontent.html",
-    img_url: `url("chrome://global/skin/icons/identity-icon.svg")`,
+    img_url: `url("chrome://global/skin/icons/document.svg")`,
   },
   {
     type: "data URI",

browser/base/content/test/siteIdentity/browser_secure_transport_insecure_scheme.js

@@ -26,7 +26,7 @@ add_task(async function() {
     });
     await BrowserTestUtils.browserLoaded(browser);
     let identityMode = window.document.getElementById("identity-box").className;
-    is(identityMode, "unknownIdentity", "identity should be 'unknown'");
+    is(identityMode, "localResource", "identity should be 'localResource'");
   });
 });
 

browser/themes/shared/controlcenter/panel.inc.css

@@ -369,6 +369,10 @@
   background-image: url(chrome://branding/content/icon48.png);
 }
 
+#identity-popup[connection=file] .identity-popup-security-connection {
+  background-image: url(chrome://global/skin/icons/document.svg);
+}
+
 #identity-popup[connection^=secure] .identity-popup-security-connection {
   background-image: url(chrome://browser/skin/connection-secure.svg);
   -moz-context-properties: fill;

browser/themes/shared/identity-block/identity-block.inc.css

@@ -124,6 +124,10 @@
   list-style-image: url(chrome://branding/content/identity-icons-brand.svg);
 }
 
+#identity-box[pageproxystate="valid"].localResource > #identity-icon {
+  list-style-image: url(chrome://global/skin/icons/document.svg);
+}
+
 #urlbar:not(.searchButton) > #urlbar-input-container > #identity-box[pageproxystate="invalid"] > #identity-icon {
   list-style-image: url(chrome://browser/skin/search-glass.svg);
   fill-opacity: .4;

toolkit/themes/shared/icons/document.svg

@@ -0,0 +1,6 @@
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16">
+  <path fill="context-fill" fill-opacity="context-fill-opacity" d="M14.12 3.71l-2.83-2.83A3 3 0 0 0 9.17 0H4a3 3 0 0 0-3 3v10a3 3 0 0 0 3 3h8a3 3 0 0 0 3-3V5.83a3 3 0 0 0-0.88-2.12zM12.59 5H10V2.41zM12 14H4a1 1 0 0 1-1-1V3a1 1 0 0 1 1-1h5v3a1 1 0 0 0 1 1h3v7a1 1 0 0 1-1 1z"/>
+</svg>

toolkit/themes/shared/jar.inc.mn

@@ -40,6 +40,7 @@ toolkit.jar:
   skin/classic/global/pictureinpicture/close-pip.svg       (../../shared/pictureinpicture/close-pip.svg)
   skin/classic/global/icons/columnpicker.svg               (../../shared/icons/columnpicker.svg)
   skin/classic/global/icons/delete.svg                     (../../shared/icons/delete.svg)
+  skin/classic/global/icons/document.svg                   (../../shared/icons/document.svg)
   skin/classic/global/icons/error.svg                      (../../shared/icons/error.svg)
   skin/classic/global/icons/find-previous-arrow.svg        (../../shared/icons/find-previous-arrow.svg)
   skin/classic/global/icons/find-next-arrow.svg            (../../shared/icons/find-next-arrow.svg)