Change the icon for mixed content

RESOLVED FIXED

Status

()

defect
RESOLVED FIXED
7 years ago
7 years ago

People

(Reporter: curtisk, Unassigned)

Tracking

(Blocks 1 bug)

Trunk
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [SecReview Action Item], )

Attachments

(1 attachment, 1 obsolete attachment)

No description provided.
No longer blocks: 744304
Component: Security Assurance → Theme
Product: mozilla.org → Firefox
QA Contact: security-assurance → theme
Version: other → Trunk
Duplicate of this bug: 748348
Current nightly design for mixed(encryption + unencrypted) content is the almost the same with the unencrypted one. I think simply colouring the current mixed content design should solve the problem.
Posted patch patch (obsolete) — Splinter Review
Attachment #617880 - Flags: review?(shorlander)
Assignee: jwein → dao
Status: NEW → ASSIGNED
To test this, open http://zpao.com/posts/max-concurrent-tabs-is-dead/ and click the link at the bottom ("For the details, check out bug 648683").
I've updated this patch to use the warning (triangle shaped) icon that can be seen in this screenshot: http://cl.ly/0S2r0E0G2q2s0f0E0q2P
Attachment #617880 - Attachment is obsolete: true
Attachment #617880 - Flags: review?(shorlander)
Attachment #622576 - Flags: review?(dao)
Attachment #622576 - Flags: review?(dao) → review+
Can we backport this and the other identity block bugs to Aurora? I don't think our users would like to see the identity block change two times (13-14 and 14-15)
Maybe this should also be a yellow Larry that would better fit with the new icon ?
(In reply to Guillaume C. [:ge3k0s] from comment #9)
> Maybe this should also be a yellow Larry that would better fit with the new
> icon ?

FWIW yellow "Larry" is for "This connection is untrusted"[1] as of today.

[1] https://support.mozilla.org/en-US/kb/This%20connection%20is%20untrusted
There is a discrepancy in this bug.  The secreview keywords say Blocks FF 14, but the Target Milestone is FF15.

There is concern that the yellow triangle with an exclamation mark icon is too alarming.  Hence, I think we need another, less alarming icon for FF14.

One of the main issues here is that the triangle icon is too alarming for display mixed content (i.e. images) but not too alarming for script mixed content (i.e. javascript).  There is no way to fix this for FF14, because bug 62178 isn't finished and hasn't landed.  Part of Bug 62178 distinguishes the two cases (but the purpose of that bug is to block script mixed content, which is more than what we need for this bug).
Hey guys, I'm working on bug 62178 and am wondering if there's an API that we've exposed to trigger changes in the site identity icons.  I have code that watches for mixed content, but until now my approach has been to fire an event at the offending document and let the UI put up an info bar.  While we figure out what the exact UI is to be, I need to know how to, at a minimum, update the site identity block.  Thanks!
Adding the tracking-firefox14 flag since the security team would like the new identity-block features to land at the same time.
Comment on attachment 622576 [details] [diff] [review]
Dao's patch with Stephen's icons

[Approval Request Comment]
Bug caused by (feature/regressing bug #): none, new feature
User impact if declined: inconsistent security UI between Fx14 & Fx15
Testing completed (on m-c, etc.): been on m-c for a long time
Risk to taking this patch (and alternatives if risky): no risk anticipated
String or UUID changes made by this patch: none

I am requesting approval for this patch as well as the patch for bug 755429.
Attachment #622576 - Flags: approval-mozilla-aurora?
Comment on attachment 622576 [details] [diff] [review]
Dao's patch with Stephen's icons

[Triage Comment]
Approved for Aurora given this is a low risk change to get feature parity between FF14 and FF15.
Attachment #622576 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Depends on: 766985
Assignee: dao → nobody
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Target Milestone: Firefox 15 → ---
So, what's the plan here?
(In reply to Marco Castelluccio from comment #17)
> So, what's the plan here?

For now, see bug 766985.

Once bug 62178 (or bits of it land), the UI can then behave differently based on whether the mixed content is classified as 'script' or 'display' content - there seems to be some level of consensus that mixed display content is a less serious threat to the user than mixed script content. The UX we end up with for each scenario should reflect this. Also, there's agreement with your point in comment 8 that the UX around this shouldn't change and then change again.
Ok, thank you for the clarification.
See Also: → 760854
(In reply to Jared Wein [:jaws] from comment #13)
> Adding the tracking-firefox14 flag since the security team would like the
> new identity-block features to land at the same time.

What's the plan for FF14 at this point? Should we uplift further?
Assignee: nobody → jaws
Comment #18 is the current status of this bug. It is my understanding that for Firefox 14, 15, and 16 we are going to plan on using the globe icon for mixed-content.

When bug 62178 is fixed we can then add some new UI for what we consider to be more dangerous mixed-content.
Whiteboard: [SecReview Action Item][blocks FF14] → [SecReview Action Item]
This no longer needs to track14+ - bug 766985 is fixed for 14, and we're happy with the status quo there.
Assignee: jaws → nobody
Depends on: 62178
This will change when bug 782654 lands.  This is what it will look like:

* HTTPS page with a valid EV Cert - Green Lock (no change)
* HTTPS page with a valid SSL Cert - Grey Lock (no change)
* HTTPS page with a valid EV/SSL Cert and Mixed Content Blocked - Green/Grey Lock and Shield Icon on the right side of the url bar (see http://people.mozilla.com/~lco/ProjectSPF/Mixed_Content/Mixed%20Content%20Spec%20v3.pdf page 8)
* HTTPS page with a valid EV/SSL Cert and Mixed Script Content Enabled - Yellow Triangle with Black Exclamation point and https will be crossed out in grey (see http://people.mozilla.com/~lco/ProjectSPF/Mixed_Content/Mixed%20Content%20Spec%20v3.pdf page 8)
* HTTPS page with a valid EV/SSL Cert and Mixed Display Content - Grey Globe icon and https:// in the url bar (no change)
* HTTP page - Globe Icon and no http:// in the url bar (no change)

If someone is interested in fixing and landing this specific part right now, go for it.  You may be able to it in Firefox 18, while bug 782654 won't make it to Firefox 18:
* HTTPS page with a valid EV/SSL Cert and Mixed Script Content Enabled - Yellow Triangle with Black Exclamation point and https will be crossed out in grey (see http://people.mozilla.com/~lco/ProjectSPF/Mixed_Content/Mixed%20Content%20Spec%20v3.pdf page 8)
This was fixed in bug 822366.
Status: REOPENED → RESOLVED
Closed: 7 years ago7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.