Security/Features/Mixed Content Blocker/TestPlan

From MozillaWiki
Jump to: navigation, search


Feature Status Lead Engineer QA Lead QA Status
Mixed Content Blocker Landed Tanvi Vyas Mihai Morar Merge To Beta SIgn-off (pre-beta)


The Mixed Content Blocker prevents "mixed script" content from being loaded into a secure web page. The Mixed Contect Blocker feature blocks mixed scripts from loading by default, and adds UI (doorhanger and icon) that enables a user to reload the page with the insecure content permitted to load. Mixed display content is allowed. Mixed script is defined as: fonts, plugin content, scripts, stylesheets, iframes, websockets, XHR. While mixed content is defined as: images, audio, video, <a ping>.


Focus areas

The following list comprises focus areas which will be considered in testing:

  • Correct display of messages when visiting a mixed content webpage
  • UI flow when blocking/unblocking mixed content on a webpage
  • URL Bar display with auto-complete/minimized/maximized navigation bar
  • make sure other security UI icons are displayed as expected
  • Session restore interaction

Test strategy

  • create manual test cases (
    • test creation should take into account focus areas
    • run all tests once for every branch (sign-off)
    • tests shall be ran on all supported platforms before Release: Windows 7, 8, Mac 10.7 or 10.8, Ubuntu 13.04
  • identify and create automated tests for non-automated test cases - if possible
  • verify fixed bugs (dependencies in Master bug)
  • do regular triage related to feature regressions in Security components

Test Cases

Moztrap test cases


Important Open bugs

Full Query
ID Summary Priority Status
824871 Regression - nsMixedContentBlocker sets wrong Security State for http pages with https iframes P1 RESOLVED
826599 Mixed active content loaded in an iframe is unblocked when the user unblocks mixed active content in the root document P1 RESOLVED
827595 Design Tweaks For Mixed Content Blocker Doorhanger -- RESOLVED
834828 Make Mixed Content Doorhanger More Discoverable -- RESOLVED
838395 Pages with HSTS subresources, referenced using http:// URLs, are displayed as having mixed content even though no non-HTTPS loads occur P3 NEW
838402 Change site identity / Larry messages for mixed active content and mixed display content -- RESOLVED
839238 Documentation for Mixed Content Blocker -- RESOLVED
840395 confusing control center messages for http page with https iframe with mixed content -- RESOLVED
843977 [tracking] Mixed Active Content on Mozilla Affiliated sites P2 NEW
844556 [meta][tracking] compatibility issues with mixed content blocker on non-Mozilla websites -- RESOLVED

10 Total; 2 Open (20%); 8 Resolved (80%); 0 Verified (0%);

Sign-off Criteria

  • Feature landed and functional on all supported platforms
  • P1 bugs have been verified and have not yielded important regressions

Compatibility issues (Matt Wobensmith)

  • bug 844556 tracks compatibility issues with Mixed Content on non-mozilla sites
    • dependencies contain the list of sites broken by mixed content

Aurora sign off

17.05.2012 - signed off

  • Ran existing test cases on three platforms (Windows 8, Mac OS 10.8, Ubuntu 12.10) - PASS
  • Results spreadsheet
  • basic functionality works as expected