Bug 1644146: Change HTTPS Only Mode error copy to give the sense of protection r=flod,JulianWels

Differential Revision: https://phabricator.services.mozilla.com/D78713

toolkit/components/httpsonlyerror/content/errorpage.html

@@ -9,23 +9,28 @@
     <meta http-equiv="Content-Security-Policy" content="default-src chrome:; object-src 'none'" />
     <link rel="stylesheet" href="chrome://global/skin/in-content/info-pages.css">
     <link rel="stylesheet" href="chrome://global/skin/aboutHttpsOnlyError.css">
+    <link rel="localization" href="branding/brand.ftl"/>
     <link rel="localization" href="toolkit/about/aboutHttpsOnlyError.ftl">
     <!-- If the location of the favicon is changed here, the FAVICON_ERRORPAGE_URL symbol in
          toolkit/components/places/src/nsFaviconService.h should be updated. -->
     <link rel="icon" id="favicon" href="chrome://global/skin/icons/warning.svg"/>
-    <title data-l10n-id="about-httpsonly-insecure-title"></title>
+    <title data-l10n-id="about-httpsonly-title"></title>
   </head>
   <body class="caution">
     <main class="container">
       <div class="title">
-        <h1 class="title-text" data-l10n-id="about-httpsonly-insecure-title"></h1>
+        <h1 class="title-text" data-l10n-id="about-httpsonly-title"></h1>
       </div>
-      <p id="insecure-explanation-unavailable" data-l10n-id="about-httpsonly-insecure-explanation-unavailable"></p>
-      <p data-l10n-id="about-httpsonly-insecure-explanation-reasons"></p>
-      <p data-l10n-id="about-httpsonly-insecure-explanation-exception"></p>
+      <p id="insecure-explanation-unavailable" data-l10n-id="about-httpsonly-explanation-unavailable"></p>
+      <br/>
+      <b data-l10n-id="about-httpsonly-explanation-question"></b>
+      <ul>
+        <li data-l10n-id="about-httpsonly-explanation-nosupport"></li>
+        <li data-l10n-id="about-httpsonly-explanation-risk"></li>
+      </ul>
       <div class="button-container">
         <button id="goBack" class="primary" data-l10n-id="about-httpsonly-button-go-back"></button>
-        <button id="openInsecure" data-l10n-id="about-httpsonly-button-make-exception"></button>
+        <button id="openInsecure" data-l10n-id="about-httpsonly-button-accept-and-continue"></button>
       </div>
     </main>
     <script xmlns="http://www.w3.org/1999/xhtml" src="chrome://global/content/httpsonlyerror/errorpage.js"></script>

toolkit/components/httpsonlyerror/content/errorpage.js

@@ -21,7 +21,7 @@ function initPage() {
 
   document.l10n.setAttributes(
     explanation1,
-    "about-httpsonly-insecure-explanation-unavailable",
+    "about-httpsonly-explanation-unavailable",
     { websiteUrl: pageUrl.host }
   );
 

toolkit/locales/en-US/toolkit/about/aboutHttpsOnlyError.ftl

@@ -2,13 +2,14 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-about-httpsonly-insecure-title = Secure Connection Unavailable
+about-httpsonly-title = { -brand-short-name } Detected a Potential Security Issue
 
 # Variables:
 #   $websiteUrl (String) - Url of the website that failed to load. Example: www.example.com
-about-httpsonly-insecure-explanation-unavailable = You’re browsing in HTTPS-Only Mode, and a secure HTTPS version of <em>{ $websiteUrl }</em> is not available.
-about-httpsonly-insecure-explanation-reasons = Most likely, the website does not support HTTPS, but it is also possible that an attacker is blocking the HTTPS version.
-about-httpsonly-insecure-explanation-exception = While the security risk is low, if you decide to visit the HTTP version of the website, you should not enter any sensitive information like passwords, emails, or credit card details.
+about-httpsonly-explanation-unavailable = You’re browsing in HTTPS-Only Mode, and a secure HTTPS version of <em>{ $websiteUrl }</em> is not available.
+about-httpsonly-explanation-question = What could be causing this?
+about-httpsonly-explanation-nosupport = Most likely, the website simply does not support HTTPS.
+about-httpsonly-explanation-risk = It’s also possible that an attacker is involved. If you decide to visit the website, you should not enter any sensitive information like passwords, emails, or credit card details.
 
-about-httpsonly-button-make-exception = Accept the Risk and Continue to Site
+about-httpsonly-button-accept-and-continue = Accept the Risk and Continue
 about-httpsonly-button-go-back = Go Back