Closed
Bug 747090
Opened 13 years ago
Closed 12 years ago
Change the icon for mixed content
Categories
(Firefox :: Theme, defect)
Firefox
Theme
Tracking
()
RESOLVED
FIXED
People
(Reporter: curtisk, Unassigned)
References
(Blocks 1 open bug, )
Details
(Whiteboard: [SecReview Action Item])
Attachments
(1 file, 1 obsolete file)
11.75 KB,
patch
|
dao
:
review+
akeybl
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
No description provided.
Updated•13 years ago
|
Component: Security Assurance → Theme
Product: mozilla.org → Firefox
QA Contact: security-assurance → theme
Version: other → Trunk
Comment 2•13 years ago
|
||
Current nightly design for mixed(encryption + unencrypted) content is the almost the same with the unencrypted one. I think simply colouring the current mixed content design should solve the problem.
Comment 3•13 years ago
|
||
Attachment #617880 -
Flags: review?(shorlander)
Updated•13 years ago
|
Assignee: jwein → dao
Status: NEW → ASSIGNED
Comment 4•13 years ago
|
||
To test this, open http://zpao.com/posts/max-concurrent-tabs-is-dead/ and click the link at the bottom ("For the details, check out bug 648683").
Comment 5•13 years ago
|
||
I've updated this patch to use the warning (triangle shaped) icon that can be seen in this screenshot: http://cl.ly/0S2r0E0G2q2s0f0E0q2P
Attachment #617880 -
Attachment is obsolete: true
Attachment #617880 -
Flags: review?(shorlander)
Attachment #622576 -
Flags: review?(dao)
Updated•13 years ago
|
Attachment #622576 -
Flags: review?(dao) → review+
Comment 6•13 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/1586fba669b9
http://hg.mozilla.org/integration/mozilla-inbound/rev/837cb0a0af48
Target Milestone: --- → Firefox 15
Comment 7•13 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/1586fba669b9
https://hg.mozilla.org/mozilla-central/rev/837cb0a0af48
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment 8•13 years ago
|
||
Can we backport this and the other identity block bugs to Aurora? I don't think our users would like to see the identity block change two times (13-14 and 14-15)
Maybe this should also be a yellow Larry that would better fit with the new icon ?
Comment 10•13 years ago
|
||
(In reply to Guillaume C. [:ge3k0s] from comment #9)
> Maybe this should also be a yellow Larry that would better fit with the new
> icon ?
FWIW yellow "Larry" is for "This connection is untrusted"[1] as of today.
[1] https://support.mozilla.org/en-US/kb/This%20connection%20is%20untrusted
Comment 11•13 years ago
|
||
There is a discrepancy in this bug. The secreview keywords say Blocks FF 14, but the Target Milestone is FF15.
There is concern that the yellow triangle with an exclamation mark icon is too alarming. Hence, I think we need another, less alarming icon for FF14.
One of the main issues here is that the triangle icon is too alarming for display mixed content (i.e. images) but not too alarming for script mixed content (i.e. javascript). There is no way to fix this for FF14, because bug 62178 isn't finished and hasn't landed. Part of Bug 62178 distinguishes the two cases (but the purpose of that bug is to block script mixed content, which is more than what we need for this bug).
Comment 12•13 years ago
|
||
Hey guys, I'm working on bug 62178 and am wondering if there's an API that we've exposed to trigger changes in the site identity icons. I have code that watches for mixed content, but until now my approach has been to fire an event at the offending document and let the UI put up an info bar. While we figure out what the exact UI is to be, I need to know how to, at a minimum, update the site identity block. Thanks!
Comment 13•13 years ago
|
||
Adding the tracking-firefox14 flag since the security team would like the new identity-block features to land at the same time.
tracking-firefox14:
--- → ?
Comment 14•13 years ago
|
||
Comment on attachment 622576 [details] [diff] [review]
Dao's patch with Stephen's icons
[Approval Request Comment]
Bug caused by (feature/regressing bug #): none, new feature
User impact if declined: inconsistent security UI between Fx14 & Fx15
Testing completed (on m-c, etc.): been on m-c for a long time
Risk to taking this patch (and alternatives if risky): no risk anticipated
String or UUID changes made by this patch: none
I am requesting approval for this patch as well as the patch for bug 755429.
Attachment #622576 -
Flags: approval-mozilla-aurora?
Updated•13 years ago
|
Comment 15•13 years ago
|
||
Comment on attachment 622576 [details] [diff] [review]
Dao's patch with Stephen's icons
[Triage Comment]
Approved for Aurora given this is a low risk change to get feature parity between FF14 and FF15.
Attachment #622576 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 16•13 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/330ca032d38b
https://hg.mozilla.org/releases/mozilla-aurora/rev/6086fcc613c2
status-firefox14:
--- → fixed
Updated•13 years ago
|
Assignee: dao → nobody
Status: RESOLVED → REOPENED
status-firefox14:
fixed → ---
Resolution: FIXED → ---
Target Milestone: Firefox 15 → ---
Comment 17•13 years ago
|
||
So, what's the plan here?
Comment 18•13 years ago
|
||
(In reply to Marco Castelluccio from comment #17)
> So, what's the plan here?
For now, see bug 766985.
Once bug 62178 (or bits of it land), the UI can then behave differently based on whether the mixed content is classified as 'script' or 'display' content - there seems to be some level of consensus that mixed display content is a less serious threat to the user than mixed script content. The UX we end up with for each scenario should reflect this. Also, there's agreement with your point in comment 8 that the UX around this shouldn't change and then change again.
Comment 20•13 years ago
|
||
(In reply to Jared Wein [:jaws] from comment #13)
> Adding the tracking-firefox14 flag since the security team would like the
> new identity-block features to land at the same time.
What's the plan for FF14 at this point? Should we uplift further?
Assignee: nobody → jaws
Comment 21•13 years ago
|
||
Comment #18 is the current status of this bug. It is my understanding that for Firefox 14, 15, and 16 we are going to plan on using the globe icon for mixed-content.
When bug 62178 is fixed we can then add some new UI for what we consider to be more dangerous mixed-content.
Whiteboard: [SecReview Action Item][blocks FF14] → [SecReview Action Item]
Comment 22•13 years ago
|
||
This no longer needs to track14+ - bug 766985 is fixed for 14, and we're happy with the status quo there.
tracking-firefox14:
+ → ---
Comment 23•12 years ago
|
||
This will change when bug 782654 lands. This is what it will look like:
* HTTPS page with a valid EV Cert - Green Lock (no change)
* HTTPS page with a valid SSL Cert - Grey Lock (no change)
* HTTPS page with a valid EV/SSL Cert and Mixed Content Blocked - Green/Grey Lock and Shield Icon on the right side of the url bar (see http://people.mozilla.com/~lco/ProjectSPF/Mixed_Content/Mixed%20Content%20Spec%20v3.pdf page 8)
* HTTPS page with a valid EV/SSL Cert and Mixed Script Content Enabled - Yellow Triangle with Black Exclamation point and https will be crossed out in grey (see http://people.mozilla.com/~lco/ProjectSPF/Mixed_Content/Mixed%20Content%20Spec%20v3.pdf page 8)
* HTTPS page with a valid EV/SSL Cert and Mixed Display Content - Grey Globe icon and https:// in the url bar (no change)
* HTTP page - Globe Icon and no http:// in the url bar (no change)
If someone is interested in fixing and landing this specific part right now, go for it. You may be able to it in Firefox 18, while bug 782654 won't make it to Firefox 18:
* HTTPS page with a valid EV/SSL Cert and Mixed Script Content Enabled - Yellow Triangle with Black Exclamation point and https will be crossed out in grey (see http://people.mozilla.com/~lco/ProjectSPF/Mixed_Content/Mixed%20Content%20Spec%20v3.pdf page 8)
Updated•12 years ago
|
Blocks: MixedContentBlocker
Comment 24•12 years ago
|
||
This was fixed in bug 822366.
Status: REOPENED → RESOLVED
Closed: 13 years ago → 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•