MozillaWiki

Security/Features/Mixed Content Blocker/TestPlan: Difference between revisions

< Security‎ | Features‎ | Mixed Content Blocker
(Created page with "= Improve display of location bar results = {| class="fullwidth-table" |- | Feature | Status | Product manager | Lead Engineer | QA Lead | QA Status |- | Improve display of l...")
 
 
(25 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Improve display of location bar results =
= Overview =


{| class="fullwidth-table"
{| class="fullwidth-table"
Line 5: Line 5:
| Feature  
| Feature  
| Status  
| Status  
| Product manager
| Lead Engineer
| Lead Engineer
| QA Lead  
| QA Lead  
| QA Status
| QA Status
|-
|-
| Improve display of location bar results
| Mixed Content Blocker
| Restyling landed, development still in progress
| {{StatusHealthy|status= Landed}}
|  
| Tanvi Vyas
|  
| Mihai Morar
|  
| {{StatusHealthy|status= Merge To Beta SIgn-off (pre-beta)}}
| In Progress
|}
|}


== Summary ==
= Summary =


* T
The Mixed Content Blocker prevents "mixed script" content from being loaded into a secure web page. The Mixed Contect Blocker feature blocks mixed scripts from loading by default, and adds UI (doorhanger and icon) that enables a user to reload the page with the insecure content permitted to load. Mixed display content is allowed.
* E
Mixed script is defined as: fonts, plugin content, scripts, stylesheets, iframes, websockets, XHR. While mixed content is defined as: images, audio, video, <a ping>.
** 3


= References =
* [https://wiki.mozilla.org/Security/Features/Mixed_Content_Blocker Feature Page]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=815321 Tracking bug]
* [http://googleonlinesecurity.blogspot.ro/2011/06/trying-to-end-mixed-scripting.html Google implementation of Mixed Script]
* [https://developer.mozilla.org/en-US/docs/Security/MixedContent MDN]
* [https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/ Blog Post]
* [https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/ Blog Post]


== References ==
= Focus areas =
* [ Feature Page]
* [ Implementation bug]
 
== Focus areas ==
The following list comprises focus areas which will be considered in testing:
The following list comprises focus areas which will be considered in testing:
*Correct display of messages when visiting a mixed content webpage
*UI flow when blocking/unblocking mixed content on a webpage
*URL Bar display with auto-complete/minimized/maximized navigation bar
*make sure other security UI icons are displayed as expected
*Session restore interaction


== Test strategy  ==
= Test strategy  =
*create and run manual test cases (moztrap.mozilla.org)
*create manual test cases (moztrap.mozilla.org)
**test creation should take into account focus areas
**test creation should take into account focus areas
**tests shall be ran on all supported platforms before Release: Windows Vista, XP, 7, Mac OS 10.6, 10.7, 10.8, Ubuntu 12.04
**run all tests once for every branch (sign-off)
*do regular triage related to  
**tests shall be ran on all supported platforms before Release: Windows 7, 8, Mac 10.7 or 10.8, Ubuntu 13.04
*organize a Firefox testday after all feature changes will have landed
*identify and create automated tests for non-automated test cases - if possible
*verify fixed bugs (dependencies in Master bug)
*do regular triage related to feature regressions in Security components


== Test Cases  ==
= Test Cases  =
[ Moztrap test cases]
[https://moztrap.mozilla.org/manage/cases/?filter-suite=305 Moztrap test cases]


== Important bugs  ==
[https://docs.google.com/spreadsheet/ccc?key=0Amty6gb0hLqVdEkxYzhBWUhvUFZMcTFxem1xaGtUa1E#gid=0 Spreadsheet]
 
= Important Open bugs  =
<bugzilla>
<bugzilla>
{
{
  "id": "815321"
  "id": "844556, 843977, 840395, 839238, 824871, 826599, 827595, 834828, 838395, 838402"
}
}
</bugzilla>
</bugzilla>


== Sign-off Criteria ==
= Sign-off Criteria =
*Feature landed and functional on all supported platforms
*P1 bugs have been verified and have not yielded important regressions
 
= Compatibility issues (Matt Wobensmith) =
*[https://bugzilla.mozilla.org/show_bug.cgi?id=844556 bug 844556] tracks compatibility issues with Mixed Content on non-mozilla sites
**dependencies contain the list of sites broken by mixed content


== Aurora sign off==
17.05.2012 - signed off
*Ran existing test cases on three platforms (Windows 8, Mac OS 10.8, Ubuntu 12.10) - PASS
*[https://docs.google.com/spreadsheet/ccc?key=0Amty6gb0hLqVdEkxYzhBWUhvUFZMcTFxem1xaGtUa1E#gid=0 Results spreadsheet]
*basic functionality works as expected


=== Aurora ===
== Beta ==
=== Beta ===
== Release ==
=== Release ===

Latest revision as of 07:29, 18 July 2013

Overview

Feature Status Lead Engineer QA Lead QA Status
Mixed Content Blocker Landed Tanvi Vyas Mihai Morar Merge To Beta SIgn-off (pre-beta)

Summary

The Mixed Content Blocker prevents "mixed script" content from being loaded into a secure web page. The Mixed Contect Blocker feature blocks mixed scripts from loading by default, and adds UI (doorhanger and icon) that enables a user to reload the page with the insecure content permitted to load. Mixed display content is allowed. Mixed script is defined as: fonts, plugin content, scripts, stylesheets, iframes, websockets, XHR. While mixed content is defined as: images, audio, video, <a ping>.

References

Focus areas

The following list comprises focus areas which will be considered in testing:

  • Correct display of messages when visiting a mixed content webpage
  • UI flow when blocking/unblocking mixed content on a webpage
  • URL Bar display with auto-complete/minimized/maximized navigation bar
  • make sure other security UI icons are displayed as expected
  • Session restore interaction

Test strategy

  • create manual test cases (moztrap.mozilla.org)
    • test creation should take into account focus areas
    • run all tests once for every branch (sign-off)
    • tests shall be ran on all supported platforms before Release: Windows 7, 8, Mac 10.7 or 10.8, Ubuntu 13.04
  • identify and create automated tests for non-automated test cases - if possible
  • verify fixed bugs (dependencies in Master bug)
  • do regular triage related to feature regressions in Security components

Test Cases

Moztrap test cases

Spreadsheet

Important Open bugs

Full Query
ID Summary Priority Status
824871 Regression - nsMixedContentBlocker sets wrong Security State for http pages with https iframes P1 RESOLVED
826599 Mixed active content loaded in an iframe is unblocked when the user unblocks mixed active content in the root document P1 RESOLVED
827595 Design Tweaks For Mixed Content Blocker Doorhanger -- RESOLVED
834828 Make Mixed Content Doorhanger More Discoverable -- RESOLVED
838395 Pages with HSTS subresources, referenced using http:// URLs, are displayed as having mixed content even though no non-HTTPS loads occur P3 NEW
838402 Change site identity / Larry messages for mixed active content and mixed display content -- RESOLVED
839238 Documentation for Mixed Content Blocker -- RESOLVED
840395 confusing control center messages for http page with https iframe with mixed content -- RESOLVED
843977 [tracking] Mixed Active Content on Mozilla Affiliated sites P2 NEW
844556 [meta][tracking] compatibility issues with mixed content blocker on non-Mozilla websites -- RESOLVED

10 Total; 2 Open (20%); 8 Resolved (80%); 0 Verified (0%);


Sign-off Criteria

  • Feature landed and functional on all supported platforms
  • P1 bugs have been verified and have not yielded important regressions

Compatibility issues (Matt Wobensmith)

  • bug 844556 tracks compatibility issues with Mixed Content on non-mozilla sites
    • dependencies contain the list of sites broken by mixed content

Aurora sign off

17.05.2012 - signed off

  • Ran existing test cases on three platforms (Windows 8, Mac OS 10.8, Ubuntu 12.10) - PASS
  • Results spreadsheet
  • basic functionality works as expected

Beta

Release

Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Features/Mixed_Content_Blocker/TestPlan&oldid=677601"