Closed Bug 913710 Opened 6 years ago Closed 6 years ago

Change the Larry Menu Text when Mixed Scripts are blocked but the page contains Mixed Display

Categories

(Firefox :: Security, defect)

defect
Not set

Tracking

()

VERIFIED FIXED
Firefox 26
Tracking Status
firefox26 + verified

People

(Reporter: lco, Assigned: tanvi)

References

(Blocks 1 open bug, )

Details

Attachments

(1 file, 1 obsolete file)

In bug 865352, we changed the security indicator icon from a grey globe to a gray warning triangle when the page contained blocked Mixed Scripts and Mixed Display. But clicking on that warning triangle still displays the following message:

"Interactive content that isn't encrypted (such as scripts) have been blocked for your protection."

This message is now confusing to the user, who expects an explanation of why there's a warning icon on the URL bar, not an assurance of being protected from insecure scripts. (It was appropriate for a grey globe because we didn't want to even talk about Mixed Display).

I would like to change the message to:

"The connection to this page is not fully secure because it contains unencrypted elements (such as images)."

This is the same message we show when there's only Mixed Display on the page.
Larissa - do you want to include anything about the mixed script that we've blocked?

The connection to this page is not fully secure because it contains unencrypted elements (such as images). Unencrypted interactive content has been blocked for your protection.

I can make a patch with changed text pretty easily.  Let me know when it's finalized and I will create a patch.  Thanks!
Flags: needinfo?(lco)
I'm just worried that a longer message will confuse the user and make them wonder why we aren't blocking both things. Besides, how will a user understand the difference between "unencrypted elements" and "unencrypted interactive content"?

At the same time, I don't know if seeing the differing shield message AND the warning icon message is also confusing.

I'll have to ask the UX team for their thoughts as well.
Thanks Larissa!  If we want to get this change in at the same time as we introduce the grey triangle, then we need a new string asap since Sunday is the last day I can land a string change for FF 26.  Otherwise, the users will get the "interactive scripts blocked" message for cases like https://people.mozilla.com/~tvyas/mixedboth.html in FF 26 and the changed text will go into FF 27.
Just talked to Larissa about this and we decided the best thing to do was what she initially proposed - keep the mixed display content messages consistent regardless of whether there is mixed active content.  The shield will be an indicator of mixed active content being blocked.  Users can click on the shield to learn more about that.  The site identity indicator will indicate the current status of the page; we remove the information about the blocked content from the site identity box since the shield already talks about that.

Hence, if a page has both mixed active and mixed display content, the site identity box will say:
"The connection to this page is not fully secure because it contains unencrypted elements (such as images)."

the same way it does when a site has just mixed display content.
There are two methods to make this change, and I'm not sure which one is better or preferred, so I've included them both for review.

Method 1 -  Remove the identity.mixed_display_loaded_active_blocked string and just use identity.mixed_display_loaded for both cases.

Method 2 - Change identity.mixed_display_loaded_active_blocked string (and update it to identity.mixed_display_loaded_active_blocked2 for localization reasons).

I'm leaning towards method 1 but we will see what Jared thinks.
Attachment #804808 - Flags: review?(jaws)
Attached patch Bug913710-method2-09-13-13.patch (obsolete) — Splinter Review
Attachment #804809 - Flags: review?(jaws)
Comment on attachment 804809 [details] [diff] [review]
Bug913710-method2-09-13-13.patch

We don't want locales to translate identity.mixed_display_loaded_active_blocked2 any different from identity.mixed_display_loaded, so that other patch is the right approach.
Attachment #804809 - Flags: review?(jaws) → review-
Attachment #804808 - Flags: review?(jaws) → review+
Comment on attachment 804809 [details] [diff] [review]
Bug913710-method2-09-13-13.patch

Thanks for the review dao!
Attachment #804809 - Attachment is obsolete: true
Pushed to inbound:
https://hg.mozilla.org/integration/mozilla-inbound/rev/75196fdc7e21
Assignee: nobody → tanvi
Flags: needinfo?(lco)
https://hg.mozilla.org/mozilla-central/rev/75196fdc7e21
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 26
QA Contact: mihai.morar
(In reply to Tanvi Vyas [:tanvi] from comment #9)
> Pushed to inbound:
> https://hg.mozilla.org/integration/mozilla-inbound/rev/75196fdc7e21

You need to include the reviewer in the commit message. See <https://developer.mozilla.org/en-US/docs/Developer_Guide/Committing_Rules_and_Responsibilities>. You did the same mistake in bug 865352, so I suppose this wasn't just an oversight.
I confirm the fix is verified on Windows 7 x64, Mac OS 10.7.5 and Ubuntu 13.04 x86 using Latest Nightly 26 (2013-09-15) BuildID: 20130915030208
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.