Bug 1191335 - Add a "Learn More" link to HPKP security console messages. r=jryans

--HG--
extra : transplant_source : %1D%F9jL%81%5C%F0%A1%C8CZ%14%A1%F1%3BSy%06%9B6

browser/devtools/webconsole/test/browser_webconsole_hpkp_invalid-headers.js

@@ -9,6 +9,8 @@ const TEST_URI = "data:text/html;charset=utf-8,Web Console HPKP invalid " +
                  "header test";
 const SJS_URL = "https://example.com/browser/browser/devtools/webconsole/" +
                 "test/test_hpkp-invalid-headers.sjs";
+const LEARN_MORE_URI = "https://developer.mozilla.org/docs/Web/Security/" +
+                       "Public_Key_Pinning";
 const NON_BUILTIN_ROOT_PREF = "security.cert_pinning.process_headers_from_" +
                               "non_builtin_roots";
 
@@ -86,7 +88,7 @@ function* checkForMessage(curTest, hud) {
 
   content.location = curTest.url;
 
-  yield waitForMessages({
+  let results = yield waitForMessages({
     webconsole: hud,
     messages: [
       {
@@ -94,7 +96,17 @@ function* checkForMessage(curTest, hud) {
         text: curTest.text,
         category: CATEGORY_SECURITY,
         severity: SEVERITY_WARNING,
+        objects: true,
       },
     ],
   });
+
+  yield testClickOpenNewTab(hud, results);
+}
+
+function testClickOpenNewTab(hud, results) {
+  let warningNode = results[0].clickableElements[0];
+  ok(warningNode, "link element");
+  ok(warningNode.classList.contains("learn-more-link"), "link class name");
+  return simulateMessageLinkClick(warningNode, LEARN_MORE_URI);
 }

browser/devtools/webconsole/webconsole.js

@@ -46,6 +46,8 @@ const TRACKING_PROTECTION_LEARN_MORE = "https://developer.mozilla.org/Firefox/Pr
 
 const INSECURE_PASSWORDS_LEARN_MORE = "https://developer.mozilla.org/docs/Security/InsecurePasswords";
 
+const PUBLIC_KEY_PINS_LEARN_MORE = "https://developer.mozilla.org/docs/Web/Security/Public_Key_Pinning";
+
 const STRICT_TRANSPORT_SECURITY_LEARN_MORE = "https://developer.mozilla.org/docs/Security/HTTP_Strict_Transport_Security";
 
 const WEAK_SIGNATURE_ALGORITHM_LEARN_MORE = "https://developer.mozilla.org/docs/Security/Weak_Signature_Algorithm";
@@ -1668,25 +1670,28 @@ WebConsoleFrame.prototype = {
   {
     let url;
     switch (aScriptError.category) {
-     case "Insecure Password Field":
-       url = INSECURE_PASSWORDS_LEARN_MORE;
-     break;
-     case "Mixed Content Message":
-     case "Mixed Content Blocker":
-      url = MIXED_CONTENT_LEARN_MORE;
-     break;
-     case "Invalid HSTS Headers":
-      url = STRICT_TRANSPORT_SECURITY_LEARN_MORE;
-     break;
-     case "SHA-1 Signature":
-      url = WEAK_SIGNATURE_ALGORITHM_LEARN_MORE;
-     break;
-     case "Tracking Protection":
-      url = TRACKING_PROTECTION_LEARN_MORE;
-     break;
-     default:
-      // Unknown category. Return without adding more info node.
-      return;
+      case "Insecure Password Field":
+        url = INSECURE_PASSWORDS_LEARN_MORE;
+        break;
+      case "Mixed Content Message":
+      case "Mixed Content Blocker":
+        url = MIXED_CONTENT_LEARN_MORE;
+        break;
+      case "Invalid HPKP Headers":
+        url = PUBLIC_KEY_PINS_LEARN_MORE;
+        break;
+      case "Invalid HSTS Headers":
+        url = STRICT_TRANSPORT_SECURITY_LEARN_MORE;
+        break;
+      case "SHA-1 Signature":
+        url = WEAK_SIGNATURE_ALGORITHM_LEARN_MORE;
+        break;
+      case "Tracking Protection":
+        url = TRACKING_PROTECTION_LEARN_MORE;
+        break;
+      default:
+        // Unknown category. Return without adding more info node.
+        return;
     }
 
     this.addLearnMoreWarningNode(aNode, url);