tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 0a5a0e99586391e733cc9b7cd14326c6be1f6952
parent 4482657f0815b712ed9b5db618d64ca16d842637
Author: Dale Harvey <dale@arandomurl.com>
Date:   Thu, 20 Nov 2025 18:41:00 +0000

Bug 1997176 - Show 'Not Secure' text in url regardless of tracking. r=daisuke,desktop-theme-reviewers,urlbar-reviewers,dao

Differential Revision: https://phabricator.services.mozilla.com/D272797

Diffstat:

Mbrowser/base/content/browser-trustPanel.js | 13++++---------


Mbrowser/components/urlbar/tests/browser/browser_trust_panel.js | 20++++++++++++++++++++


Mbrowser/themes/shared/identity-block/identity-block.css | 8++++++--


3 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/browser/base/content/browser-trustPanel.js b/browser/base/content/browser-trustPanel.js
@@ -299,19 +299,14 @@ class TrustPanel {
 
   #updateUrlbarIcon() {
     let icon = document.getElementById("trust-icon-container");
-    let secureConnection = this.#isSecurePage();
-    icon.className = "";
+    icon.className = this.#isSecurePage() ? "secure" : "insecure";
 
     if (this.#isURILoadedFromFile) {
       icon.classList.add("file");
-    } else if (!this.#trackingProtectionEnabled) {
+    }
+
+    if (!this.#trackingProtectionEnabled) {
       icon.classList.add("inactive");
-    } else if (secureConnection && this.#trackingProtectionEnabled) {
-      icon.classList.add("secure");
-    } else if (!secureConnection || !this.#trackingProtectionEnabled) {
-      icon.classList.add("insecure");
-    } else {
-      icon.classList.add("warning");
     }
 
     icon.classList.toggle("chickletShown", this.#isSecureInternalUI);
diff --git a/browser/components/urlbar/tests/browser/browser_trust_panel.js b/browser/components/urlbar/tests/browser/browser_trust_panel.js
@@ -114,3 +114,23 @@ add_task(async function test_blob_secure() {
 
   await BrowserTestUtils.removeTab(tab);
 });
+
+add_task(async function test_notsecure_label_without_tracking() {
+  const tab = await BrowserTestUtils.openNewForegroundTab({
+    gBrowser,
+    // eslint-disable-next-line @microsoft/sdl/no-insecure-url
+    opening: "http://example.com",
+    waitForLoad: true,
+  });
+
+  await BrowserTestUtils.waitForCondition(() => urlbarIcon(window) != "none");
+  await toggleETP(tab);
+
+  Assert.ok(
+    BrowserTestUtils.isVisible(urlbarLabel(window)),
+    "Showing Not Secure label"
+  );
+
+  await toggleETP(tab);
+  await BrowserTestUtils.removeTab(tab);
+});
diff --git a/browser/themes/shared/identity-block/identity-block.css b/browser/themes/shared/identity-block/identity-block.css
@@ -309,14 +309,18 @@
     margin-inline-end: var(--identity-box-margin-inline);
     -moz-context-properties: fill, fill-opacity;
 
-    list-style-image: url(chrome://browser/skin/trust-icon-active.svg);
-
+    /* The urlbar will show insecure or secure icon by default depending
+       on the state of the connection, the further clauses may override that. */
     &:where(.insecure) {
       list-style-image: url(chrome://browser/skin/trust-icon-insecure.svg);
       background-color: var(--urlbar-box-bgcolor);
       color: var(--urlbar-box-text-color);
     }
 
+    &.secure {
+      list-style-image: url(chrome://browser/skin/trust-icon-active.svg);
+    }
+
     &.inactive {
       list-style-image: url(chrome://browser/skin/trust-icon-disabled.svg);
     }