Closed Bug 1344645 Opened 7 years ago Closed 7 years ago

Failed to output a warning message to the web console when unsafe site is blocked

Categories

(Toolkit :: Safe Browsing, defect, P2)

Product:
Toolkit
Component:
Safe Browsing
Version:
54 Branch
Type:
defect

Tracking

()

Status:
RESOLVED INVALID
Tracking Flags:
Tracking Status
firefox54 --- affected

People

(Reporter: cynthiatang, Unassigned)

Details

Steps to reproduce
 1. Launch Firefox 
 2. Open "Web Console"
 3. Visit an unsafe page. (e.g., https://itisatrap.org/firefox/its-a-trap.html)

Expected result
 - Firefox should output a warning message to the web console. 
 - The warning message is "The resource at "https://itisatrap.org/firefox/its-a-trap.html" was blocked by Safe Browsing

Actual result:
 - No warning message in the web console.

Affected versions
 - 54.0a1 (2017-03-05) (64-bit)
The developer console warning was added in bug 1288633, so this does look like a bug.
Priority: -- → P2
By the way, it works for another cases.

Steps to reproduce:
 1. Launch Firefox 
 2. Open "Web Console"
 3. Visit a page which contains unsafe resource loading, e.g., https://people.mozilla.org/~fmarier/test-safebrowsing-mistake-reporting.html

Actual result:
 - There are 2 warning messages in web console.
   (1) The resource at “https://itisatrap.org/firefox/its-a-trap.html” was blocked by Safe Browsing.
   (2) The resource at “https://testsafebrowsing.appspot.com/s/phishing.html” was blocked by Safe Browsing.
We send to the console warning text as the same way Tracking Protection(TP) does.
That said, TP does not block top level loads and so does SafeBrowsing (SB). However, if top-level load is blocked by SB, user does see the error page about:blocked?e=deceptiveBlockedXXXX, an probably console warning does not have too much effects.
Thats why you see warning in page https://people.mozilla.org/~fmarier/test-safebrowsing-mistake-reporting.html in which embedded content iframe is blocked by SB. But does not see warning in https://itisatrap.org/firefox/its-a-trap.html which is top-level load.
I agree with Thomas, we don't really need to show a warning if the whole page is blocked with a user-visible warning.

For iframes, we need a console message because the iframe may not be visible.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.