Closed Bug 1979341 Opened 8 months ago Closed 7 months ago

Warn the user when an unexpected script is loaded and prompt them to report it

Categories

(Core :: DOM: Security, enhancement)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
143 Branch
Tracking Flags:
Tracking Status
firefox143 --- fixed

People

(Reporter: tjr, Assigned: tjr)

References

(Blocks 1 open bug)

Details

Attachments

(18 files, 4 obsolete files)

Bug 1979341: Set up the framework for the notification bar r?gijs
48 bytes, text/x-phabricator-request
Details | Review
Bug 1979341: Set up the notification bar r?gijs
48 bytes, text/x-phabricator-request
Details | Review
Bug 1979341: Create and show a skeleton of a dialog r?gijs
48 bytes, text/x-phabricator-request
Details | Review
Bug 1979341: Add the style and content to the dialog r?gijs
48 bytes, text/x-phabricator-request
Details | Review
Bug 1979341: Initialize the window depending on the button pressed r?gijs
48 bytes, text/x-phabricator-request
Details | Review
Bug 1979341: Add telemetry to all the relevant actions r?gijs
48 bytes, text/x-phabricator-request
Details | Review
Bug 1979341: Make all the text fluent r?gijs
48 bytes, text/x-phabricator-request
Details | Review
Bug 1979341: Wire up the script reporting and pref setting r?gijs
48 bytes, text/x-phabricator-request
Details | Review
Bug 1979341: Clean up some console logs r?Gijs
48 bytes, text/x-phabricator-request
Details | Review
Testing.patch
3.05 KB, text/plain
Details
Bug 1979341: Work around the moz-button-group limitation, and always put the Learn More Link on the outside. r?Gijs
48 bytes, text/x-phabricator-request
Details | Review
Bug 1979341: Create a pref to disable the notification bar, and ensure Nimbus can control it r?Gijs
48 bytes, text/x-phabricator-request
Details | Review
Bug 1979341: Add a test r?Gijs
48 bytes, text/x-phabricator-request
Details | Review
Bug 1979341: Abstract the test so we can test more stuff without duping so much code r?Gijs
48 bytes, text/x-phabricator-request
Details | Review
Bug 1979341: Switch to an EveryWindow design r?Gijs
48 bytes, text/x-phabricator-request
Details | Review
Bug 1979341: Disable the reporting inputs if telemetry is disabled r?Gijs
48 bytes, text/x-phabricator-request
Details | Review
data_review
4.03 KB, text/plain
Details
WIP: Bug 1979341: Lint fix
48 bytes, text/x-phabricator-request
Details | Review

There is a very small number of users we want to show this to so we can eliminate a remaining blocker for deploying script hardening in the parent process

This adds an observer to browser.js and because experimentally
it seems like sometimes an unexpected script is loaded prior
to the observer being added in browser-init, we also store
the very first unexpected script seen in nsContentSecurityUtils
and check for it when adding the observer.

It is intentional that we will only show the notification bar
once, for the first script seen, so while the logic to only show
it once is not present, the inherent limitation in this code
is intentional.

Use the scriptName in the notification bar and add the
text and the bottons, as well as a Learn More link

The buttons slightly change based on whether the user pressed
'Approve' or 'Block' from the notificaiton bar, so create the
JavaScript class that will run in the dialog and move the buttons
around based on how we opened the dialog.

We use event telemetry because the affected users is so low (<1000)
it will be easier to query and ultimately use less space than adding
fields to the main ping.

We want the notification bar to be visible on all windows unless it
has been explicitly actioned. If the user opens the dialog from a
different tab, we don't want the dialog to remain open on some other
tab or some other window, so we jump through some hoops to ensure only
one dialog is ever opened.

Attached file Testing.patch (obsolete) —

To test this patchset, apply the following patch that will turn off crashing for debug/nightly builds and also re-enable the filename validation for pac scripts.

Then in Settings -> Network Settings -> Set an "automatic proxy configuration url" to https://ritter.vg/misc/ff/pac-script.js (or really any URL - this script isn't a valid PAC despite my attempts, but it doesn't actually matter.)

This will cause the infobar to be shown immediately on startup. This is testing the codepath where we're using checkInitialState, and GetVeryFirstUnexpectedScriptFilename instead of the UnexpectedJavaScriptLoad-Live codepath. But the -Live codepath can be tested by just enabling the same setting in an already-running browser.

Assignee: nobody → tom
Attachment #9503863 - Attachment description: WIP: Bug 1979341: Set up the framework for the notification bar → Bug 1979341: Set up the framework for the notification bar r?gijs
Status: NEW → ASSIGNED
Attachment #9503864 - Attachment description: WIP: Bug 1979341: Set up the notification bar → Bug 1979341: Set up the notification bar r?gijs
Attachment #9503865 - Attachment description: WIP: Bug 1979341: Create and show a skeleton of a dialog → Bug 1979341: Create and show a skeleton of a dialog r?gijs
Attachment #9503866 - Attachment description: WIP: Bug 1979341: Add the style and content to the dialog → Bug 1979341: Add the style and content to the dialog r?gijs
Attachment #9503867 - Attachment description: WIP: Bug 1979341: Initialize the window depending on the button pressed → Bug 1979341: Initialize the window depending on the button pressed r?gijs
Attachment #9503868 - Attachment description: WIP: Bug 1979341: Add telemetry to all the relevant actions → Bug 1979341: Add telemetry to all the relevant actions r?gijs
Attachment #9503869 - Attachment description: WIP: Bug 1979341: Ensure we only ever have one notification open at a time → Bug 1979341: Ensure we only ever have one notification open at a time r?gijs
Attachment #9504445 - Attachment description: WIP: Bug 1979341: Make all the text fluent → Bug 1979341: Make all the text fluent r?gijs
Attachment #9504446 - Attachment description: WIP: Bug 1979341: Wire up the script reporting and pref setting → Bug 1979341: Wire up the script reporting and pref setting r?gijs
Attached file Testing.patch

Updating the testing patch to apply cleanly in the whole patch stack

Attachment #9504433 - Attachment is obsolete: true
Attachment #9503869 - Attachment is obsolete: true
Attachment #9505233 - Attachment is obsolete: true
Attachment #9505233 - Attachment is obsolete: false
Attachment #9505233 - Attachment is obsolete: true
Depends on: 1981907
Attachment #9505921 - Attachment description: WIP: Bug 1979341: Add a test → Bug 1979341: Add a test r?Gijs

This is much cleaner, and consistent, aside from the weird threading issue.

Attachment #9506004 - Attachment is obsolete: true

While the best user experience would be to add a link to take
them to that part of the Settings page, while closing the dialog,
given the number of users who will see this, I'm not going to add
the complexity

Attached file data_review
Pushed by tritter@mozilla.com: https://github.com/mozilla-firefox/firefox/commit/0c7e0d73a7c3 https://hg.mozilla.org/integration/autoland/rev/6af45139c379 Set up the framework for the notification bar r=Gijs https://github.com/mozilla-firefox/firefox/commit/9a473a29aa88 https://hg.mozilla.org/integration/autoland/rev/cefa50545d4d Set up the notification bar r=Gijs,fluent-reviewers,bolsson https://github.com/mozilla-firefox/firefox/commit/35b0daac65b8 https://hg.mozilla.org/integration/autoland/rev/fd2c3fe94952 Create and show a skeleton of a dialog r=Gijs https://github.com/mozilla-firefox/firefox/commit/8df6d6998a16 https://hg.mozilla.org/integration/autoland/rev/1408b1d237e9 Add the style and content to the dialog r=Gijs,fluent-reviewers,bolsson https://github.com/mozilla-firefox/firefox/commit/b89fdb1cc4db https://hg.mozilla.org/integration/autoland/rev/1f099a6d9c67 Initialize the window depending on the button pressed r=Gijs,fluent-reviewers,bolsson https://github.com/mozilla-firefox/firefox/commit/8be3f9b94a91 https://hg.mozilla.org/integration/autoland/rev/ccd0e47157a7 Add telemetry to all the relevant actions r=Gijs,data-stewards,mt,toolkit-telemetry-reviewers https://github.com/mozilla-firefox/firefox/commit/965c09b8d545 https://hg.mozilla.org/integration/autoland/rev/fba09b577729 Make all the text fluent r=Gijs,fluent-reviewers,bolsson https://github.com/mozilla-firefox/firefox/commit/034f8b28521c https://hg.mozilla.org/integration/autoland/rev/21a414b5908b Wire up the script reporting and pref setting r=Gijs https://github.com/mozilla-firefox/firefox/commit/8fcc1084e68e https://hg.mozilla.org/integration/autoland/rev/2aed18a1ddb7 Clean up some console logs r=Gijs https://github.com/mozilla-firefox/firefox/commit/3f6e60ae0b43 https://hg.mozilla.org/integration/autoland/rev/4a9b07395da1 Work around the moz-button-group limitation, and always put the Learn More Link on the outside. r=Gijs https://github.com/mozilla-firefox/firefox/commit/68097c04764c https://hg.mozilla.org/integration/autoland/rev/102d7fada30a Create a pref to disable the notification bar, and ensure Nimbus can control it r=Gijs https://github.com/mozilla-firefox/firefox/commit/5a218ae887b0 https://hg.mozilla.org/integration/autoland/rev/d90016b3c253 Add a test r=Gijs https://github.com/mozilla-firefox/firefox/commit/5e1e253fba16 https://hg.mozilla.org/integration/autoland/rev/909a06a9f1d7 Abstract the test so we can test more stuff without duping so much code r=Gijs,webrtc-reviewers,bwc https://github.com/mozilla-firefox/firefox/commit/9ca8294a02ab https://hg.mozilla.org/integration/autoland/rev/6704df26e880 Switch to an EveryWindow design r=Gijs https://github.com/mozilla-firefox/firefox/commit/923ae3c4a101 https://hg.mozilla.org/integration/autoland/rev/d666ebea28fc Disable the reporting inputs if telemetry is disabled r=Gijs,fluent-reviewers,bolsson
Regressions: 1983026
Regressions: 1983112
QA Whiteboard: [qa-triage-done-c144/b143]
Blocks: 2007589
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: