Remove Learn More link from the Insecure Password Fields autocomplete popup

VERIFIED FIXED in Firefox 52

Status

()

Toolkit
Password Manager
P1
normal
VERIFIED FIXED
6 months ago
4 months ago

People

(Reporter: tanvi, Assigned: MattN)

Tracking

(Blocks: 1 bug)

52 Branch
mozilla52
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox51 unaffected, firefox52 verified, firefox53 verified)

Details

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(2 attachments)

(Reporter)

Description

6 months ago
Go to about:config and set:
security.insecure_field_warning.contextual.enabled to true
signon.autofillForms.http to true

Go to an http page with a password field; example: http://mysqueezebox.com/user/login.

Focus on the username or password field.  You will see the insecure password warning message with a Learn More link.  Try to click on the Learn More link.  Nothing happens.  

The browser console does show a warning when the dropdown appears (before I try to keep Learn More).  The warning is:
Invalid chrome URI: /

I am using Nightly 53.0a1 from 2016-11-16 on OSX.  Learn More link works for MattN though; so I'm not sure if this is intermittent.
(Reporter)

Updated

6 months ago
Blocks: 1304224
I can only reproduce this in Ubuntu Linux so far but Windows and MacOSX.
If Learn More link is clicked quick enough after pop-up showing, it works. This issue is easy to reproduce with these steps in MacOSX and Linux:
1. Trigger the login autocomplete drop-down.
2. Wait 2~3 seconds.
3. Click Learn More link, and there is nothing happened.

The expected behavior in step 3 is to open the link in another tab.

The link works in waiting for a short time in step 2. Timing issue probably.
Hmm, the STR can not always reproduce the issue as well.
A decision was made with Philipp Sackl and Stephen Horlander to remove the "Learn more" link. It's out of place in the context of a dropdown menu, and the link is available in Control Center if users are really puzzled.
(In reply to Ryan Feeley [:rfeeley] from comment #4)
> A decision was made with Philipp Sackl and Stephen Horlander to remove the
> "Learn more" link. It's out of place in the context of a dropdown menu, and
> the link is available in Control Center if users are really puzzled.

Yay! Do you want to open the SUMO article if the user selects (e.g. hits Enter on) the warning row?
Flags: needinfo?(rfeeley)
(In reply to Matthew N. [:MattN] (PM me if requests are blocking you) from comment #5)
> (In reply to Ryan Feeley [:rfeeley] from comment #4)
> > A decision was made with Philipp Sackl and Stephen Horlander to remove the
> > "Learn more" link. It's out of place in the context of a dropdown menu, and
> > the link is available in Control Center if users are really puzzled.
> 
> Yay! Do you want to open the SUMO article if the user selects (e.g. hits
> Enter on) the warning row?

I forgot I already filed bug 1319176 for that so I'll just remove Learn More here and needinfo you there..
Assignee: nobody → MattN+bmo
Status: NEW → ASSIGNED
status-firefox51: --- → unaffected
status-firefox52: --- → affected
status-firefox53: --- → affected
Flags: needinfo?(rfeeley)
Summary: Learn More link for Insecure Password Fields doesn't work. → Remove Learn More link from the Insecure Password Fields autocomplete popup
> Yay! Do you want to open the SUMO article if the user selects (e.g. hits
> Enter on) the warning row?

No need, the row is not selectable, does not highlight and is essentially a header row.
Comment hidden (mozreview-request)
(In reply to Ryan Feeley [:rfeeley] from comment #7)
> > Yay! Do you want to open the SUMO article if the user selects (e.g. hits
> > Enter on) the warning row?
> 
> No need, the row is not selectable, does not highlight and is essentially a
> header row.

I clarified on IRC that it was implemented as selectable because of the Learn More behaviour and to be consistent with the footer that is coming. Ryan responded to that with bug 1319176 comment 3.
(Assignee)

Comment 10

6 months ago
mozreview-review
Comment on attachment 8813871 [details]
Bug 1318537 - Remove Learn More link from the insecure login field autocomplete popup.

https://reviewboard.mozilla.org/r/95188/#review95366

::: toolkit/locales/en-US/chrome/passwordmgr/passwordmgr.properties
(Diff revision 1)
>  noUsername=No username
>  duplicateLoginTitle=Login already exists
>  duplicateLogin=A duplicate login already exists.
>  
>  insecureFieldWarningDescription = This connection is not secure. Logins entered here could be compromised.
> -insecureFieldWarningLearnMore = Learn More

The patch for uplift will simply omit this change to avoid breaking string freeze.
Comment on attachment 8813871 [details]
Bug 1318537 - Remove Learn More link from the insecure login field autocomplete popup.

Looks good to me!
Attachment #8813871 - Flags: review?(selee) → review+

Comment 12

6 months ago
Pushed by mozilla@noorenberghe.ca:
https://hg.mozilla.org/integration/mozilla-inbound/rev/c752386b6631
Remove Learn More link from the insecure login field autocomplete popup. r=seanlee

Comment 13

6 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/c752386b6631
Status: ASSIGNED → RESOLVED
Last Resolved: 6 months ago
status-firefox53: affected → fixed
Resolution: --- → FIXED
(Reporter)

Comment 14

6 months ago
Matt, please request uplift to FF 52.
Flags: needinfo?(MattN+bmo)
This blocks bug 1317882 from being uplifted. Please cancel needinfo there once the uplift request is submitted here.
(Reporter)

Comment 16

6 months ago
Matt, please rebase the patch for aurora (and remove the removal of the Learn More string to avoid string freeze issues) and then request for uplift.
Blocks: 1289913
Comment hidden (mozreview-request)
Comment on attachment 8818637 [details]
[Aurora] Bug 1318537 - Remove Learn More link from the insecure login field autocomplete popup.

Approval Request Comment
[Feature/Bug causing the regression]: Bug 1304224 - Insecure field warning
[User impact if declined]: Learn more link sometimes doesn't work and the interaction of a link inside autocomplete is unusual.
[Is this code covered by automated tests?]: The code is but nothing checks the presence of the Learn More link
[Has the fix been verified in Nightly?]: Not by QA but by other devs
[Needs manual test from QE? If yes, steps to reproduce]: No
[List of other uplifts needed for the feature/fix]: Bug 1289913 depends on this to avoid bitrot
[Is the change risky?]: No
[Why is the change risky/not risky?]: trivial deletion
[String changes made/needed]: No, unused string will stay on 52 (deleted on 53)
Attachment #8818637 - Attachment description: Bug 1318537 - Remove Learn More link from the insecure login field autocomplete popup. → [Aurora] Bug 1318537 - Remove Learn More link from the insecure login field autocomplete popup.
Flags: needinfo?(MattN+bmo)
Attachment #8818637 - Flags: review?(selee)
Attachment #8818637 - Flags: review+
Attachment #8818637 - Flags: approval-mozilla-aurora?
Comment on attachment 8818637 [details]
[Aurora] Bug 1318537 - Remove Learn More link from the insecure login field autocomplete popup.

remove link from autocomplete popup, for aurora52
Attachment #8818637 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
(Assignee)

Comment 20

6 months ago
bugherderuplift
https://hg.mozilla.org/releases/mozilla-aurora/rev/bbe23c9a1964
status-firefox52: affected → fixed
Tested with FF Nighlty 53.0a1(2017-01-15) and DevEdition 52.0a2(2017-01-15) on Mac OS X 10.10, Windows 7 and Ubuntu 16.04 and the "Learn More" link doesn't appear. Based on that I can confirm the fix.
status-firefox52: fixed → verified
status-firefox53: fixed → verified
Depends on: 1332901
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.