Steps to reproduce 1. Launch Firefox 2. Open "Web Console" 3. Visit an unsafe page. (e.g., https://itisatrap.org/firefox/its-a-trap.html) Expected result - Firefox should output a warning message to the web console. - The warning message is "The resource at "https://itisatrap.org/firefox/its-a-trap.html" was blocked by Safe Browsing Actual result: - No warning message in the web console. Affected versions - 54.0a1 (2017-03-05) (64-bit)
The developer console warning was added in bug 1288633, so this does look like a bug.
By the way, it works for another cases. Steps to reproduce: 1. Launch Firefox 2. Open "Web Console" 3. Visit a page which contains unsafe resource loading, e.g., https://people.mozilla.org/~fmarier/test-safebrowsing-mistake-reporting.html Actual result: - There are 2 warning messages in web console. (1) The resource at “https://itisatrap.org/firefox/its-a-trap.html” was blocked by Safe Browsing. (2) The resource at “https://testsafebrowsing.appspot.com/s/phishing.html” was blocked by Safe Browsing.
We send to the console warning text as the same way Tracking Protection(TP) does. That said, TP does not block top level loads and so does SafeBrowsing (SB). However, if top-level load is blocked by SB, user does see the error page about:blocked?e=deceptiveBlockedXXXX, an probably console warning does not have too much effects. Thats why you see warning in page https://people.mozilla.org/~fmarier/test-safebrowsing-mistake-reporting.html in which embedded content iframe is blocked by SB. But does not see warning in https://itisatrap.org/firefox/its-a-trap.html which is top-level load.
I agree with Thomas, we don't really need to show a warning if the whole page is blocked with a user-visible warning. For iframes, we need a console message because the iframe may not be visible.