Bug 1366384 - Add Google attribution on Safe Browsing warning pages
MozReview-Commit-ID: AetAscS1Bkw
--- a/browser/base/content/blockedSite.xhtml
+++ b/browser/base/content/blockedSite.xhtml
@@ -162,16 +162,21 @@
<!-- Long Description -->
<div id="errorLongDesc">
<p id="errorLongDescText_phishing">&safeb.blocked.phishingPage.longDesc2;</p>
<p id="errorLongDescText_malware">&safeb.blocked.malwarePage.longDesc;</p>
<p id="errorLongDescText_unwanted">&safeb.blocked.unwantedPage.longDesc;</p>
</div>
+ <!-- Advisory -->
+ <div id="advisoryDesc">
+ <p id="advisoryDescText">&safeb.palm.advisory.desc;</p>
+ </div>
+
<!-- Action buttons -->
<div id="buttons" class="button-container">
<!-- Commands handled in browser.js -->
<button id="getMeOutButton" class="primary">&safeb.palm.accept.label;</button>
<div class="button-spacer"></div>
<button id="reportButton">&safeb.palm.reportPage.label;</button>
</div>
</div>
--- a/browser/base/content/content.js
+++ b/browser/base/content/content.js
@@ -310,21 +310,77 @@ function getSiteBlockedErrorDetails(docS
blockedInfo = { list: classifiedChannel.matchedList,
provider: classifiedChannel.matchedProvider,
uri: reportUri.asciiSpec };
}
}
return blockedInfo;
}
-addMessageListener("DeceptiveBlockedDetails", (message) => {
- sendAsyncMessage("DeceptiveBlockedDetails:Result", {
- blockedInfo: getSiteBlockedErrorDetails(docShell),
- });
-});
+var AboutBlockedSiteListener = {
+ init(chromeGlobal) {
+ addMessageListener("DeceptiveBlockedDetails", this);
+ chromeGlobal.addEventListener("AboutBlockedLoaded", this, false, true);
+ },
+
+ get isBlockedSite() {
+ return content.document.documentURI.startsWith("about:blocked");
+ },
+
+ receiveMessage(msg) {
+ if (!this.isBlockedSite) {
+ return;
+ }
+
+ if (msg.name == "DeceptiveBlockedDetails") {
+ sendAsyncMessage("DeceptiveBlockedDetails:Result", {
+ blockedInfo: getSiteBlockedErrorDetails(docShell),
+ });
+ }
+ },
+
+ handleEvent(aEvent) {
+ if (!this.isBlockedSite) {
+ return;
+ }
+
+ if (aEvent.type != "AboutBlockedLoaded") {
+ return;
+ }
+
+ let provider = "";
+ if (docShell.failedChannel) {
+ let classifiedChannel = docShell.failedChannel.
+ QueryInterface(Ci.nsIClassifiedChannel);
+ if (classifiedChannel) {
+ provider = classifiedChannel.matchedProvider;
+ }
+ }
+
+ let advisoryUrl = Services.prefs.getCharPref(
+ "browser.safebrowsing.provider." + provider + ".advisoryURL", "");
+ if (!advisoryUrl) {
+ let el = content.document.getElementById("advisoryDesc");
+ el.remove();
+ return;
+ }
+
+ let advisoryLinkText = Services.prefs.getCharPref(
+ "browser.safebrowsing.provider." + provider + ".advisoryName", "");
+ if (!advisoryLinkText) {
+ let el = content.document.getElementById("advisoryDesc");
+ el.remove();
+ return;
+ }
+
+ let anchorEl = content.document.getElementById("advisory_provider");
+ anchorEl.setAttribute("href", advisoryUrl);
+ anchorEl.textContent = advisoryLinkText;
+ },
+}
var AboutNetAndCertErrorListener = {
init(chromeGlobal) {
addMessageListener("CertErrorDetails", this);
addMessageListener("Browser:CaptivePortalFreed", this);
chromeGlobal.addEventListener("AboutNetErrorLoad", this, false, true);
chromeGlobal.addEventListener("AboutNetErrorOpenCaptivePortal", this, false, true);
chromeGlobal.addEventListener("AboutNetErrorSetAutomatic", this, false, true);
@@ -512,17 +568,17 @@ var AboutNetAndCertErrorListener = {
securityInfo: getSerializedSecurityInfo(docShell),
});
}
},
}
AboutNetAndCertErrorListener.init(this);
-
+AboutBlockedSiteListener.init(this);
var ClickEventHandler = {
init: function init() {
Cc["@mozilla.org/eventlistenerservice;1"]
.getService(Ci.nsIEventListenerService)
.addSystemEventListener(global, "click", this, true);
},
--- a/browser/base/content/test/static/browser_misused_characters_in_strings.js
+++ b/browser/base/content/test/static/browser_misused_characters_in_strings.js
@@ -25,16 +25,20 @@ let gWhitelist = [{
key: "certerror.wrongSystemTime2",
type: "single-quote"
}, {
file: "netError.dtd",
key: "certerror.wrongSystemTimeWithoutReference",
type: "single-quote"
}, {
file: "phishing-afterload-warning-message.dtd",
+ key: "safeb.palm.advisory.desc",
+ type: "single-quote"
+ }, {
+ file: "phishing-afterload-warning-message.dtd",
key: "safeb.blocked.malwarePage.shortDesc",
type: "single-quote"
}, {
file: "phishing-afterload-warning-message.dtd",
key: "safeb.blocked.unwantedPage.shortDesc",
type: "single-quote"
}, {
file: "phishing-afterload-warning-message.dtd",
--- a/browser/locales/en-US/chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd
+++ b/browser/locales/en-US/chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd
@@ -9,16 +9,18 @@
shown. -->
<!ENTITY safeb.palm.notdeceptive.label "This isn’t a deceptive site…">
<!-- Localization note (safeb.palm.notdeceptive.accesskey) - Because
safeb.palm.notdeceptive.label and reportDeceptiveSiteMenu.title from
report-phishing.dtd are never shown at the same time, the same accesskey can
be used for them. -->
<!ENTITY safeb.palm.notdeceptive.accesskey "d">
<!ENTITY safeb.palm.reportPage.label "Why was this page blocked?">
+<!-- Localization note (safeb.palm.advisory.desc) - Please don't translate <a id="advisory_provider"/> tag. It will be replaced at runtime with advisory link-->
+<!ENTITY safeb.palm.advisory.desc "Advisory provided by <a id='advisory_provider'/>">
<!ENTITY safeb.blocked.malwarePage.title "Reported Attack Page!">
<!-- Localization note (safeb.blocked.malwarePage.shortDesc) - Please don't translate the contents of the <span id="malware_sitename"/> tag. It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->
<!ENTITY safeb.blocked.malwarePage.shortDesc "This web page at <span id='malware_sitename'/> has been reported as an attack page and has been blocked based on your security preferences.">
<!ENTITY safeb.blocked.malwarePage.longDesc "<p>Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.</p><p>Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.</p>">
<!ENTITY safeb.blocked.unwantedPage.title "Reported Unwanted Software Page!">
<!-- Localization note (safeb.blocked.unwantedPage.shortDesc) - Please don't translate the contents of the <span id="unwanted_sitename"/> tag. It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->
--- a/mobile/android/chrome/content/blockedSite.xhtml
+++ b/mobile/android/chrome/content/blockedSite.xhtml
@@ -136,17 +136,17 @@
}
// Set sitename
document.getElementById(error + "_sitename").textContent = getHostString();
document.title = document.getElementById("errorTitleText_" + error)
.innerHTML;
// Inform the test harness that we're done loading the page
- var event = new CustomEvent("AboutBlockedLoaded");
+ var event = new CustomEvent("AboutBlockedLoaded", { bubbles: true });
document.dispatchEvent(event);
}
]]></script>
</head>
<body id="errorPage" class="blockedsite" dir="&locale.dir;">
<div id="errorPageContainer">
@@ -168,17 +168,22 @@
</div>
<!-- Long Description -->
<div id="errorLongDesc">
<p id="errorLongDescText_phishing">&safeb.blocked.phishingPage.longDesc3;</p>
<p id="errorLongDescText_malware">&safeb.blocked.malwarePage.longDesc;</p>
<p id="errorLongDescText_unwanted">&safeb.blocked.unwantedPage.longDesc;</p>
</div>
-
+
+ <!-- Advisory -->
+ <div id="advisoryDesc">
+ <p id="advisoryDescText">&safeb.palm.advisory.desc;</p>
+ </div>
+
<!-- Action buttons -->
<div id="buttons">
<!-- Commands handled in browser.js -->
<button id="getMeOutButton">&safeb.palm.accept.label;</button>
<button id="reportButton">&safeb.palm.reportPage.label;</button>
</div>
</div>
<div id="ignoreWarning">
--- a/mobile/android/chrome/content/content.js
+++ b/mobile/android/chrome/content/content.js
@@ -11,16 +11,66 @@ Cu.import("resource://gre/modules/XPCOMU
XPCOMUtils.defineLazyModuleGetter(this, "AboutReader", "resource://gre/modules/AboutReader.jsm");
XPCOMUtils.defineLazyModuleGetter(this, "ReaderMode", "resource://gre/modules/ReaderMode.jsm");
XPCOMUtils.defineLazyModuleGetter(this, "LoginManagerContent", "resource://gre/modules/LoginManagerContent.jsm");
var dump = Cu.import("resource://gre/modules/AndroidLog.jsm", {}).AndroidLog.d.bind(null, "Content");
var global = this;
+var AboutBlockedSiteListener = {
+ init(chromeGlobal) {
+ addEventListener("AboutBlockedLoaded", this, false, true);
+ },
+
+ get isBlockedSite() {
+ return content.document.documentURI.startsWith("about:blocked");
+ },
+
+ handleEvent(aEvent) {
+ if (!this.isBlockedSite) {
+ return;
+ }
+
+ if (aEvent.type != "AboutBlockedLoaded") {
+ return;
+ }
+
+ let provider = "";
+ if (docShell.failedChannel) {
+ let classifiedChannel = docShell.failedChannel.
+ QueryInterface(Ci.nsIClassifiedChannel);
+ if (classifiedChannel) {
+ provider = classifiedChannel.matchedProvider;
+ }
+ }
+
+ let advisoryUrl = Services.prefs.getCharPref(
+ "browser.safebrowsing.provider." + provider + ".advisoryURL", "");
+ if (!advisoryUrl) {
+ let el = content.document.getElementById("advisoryDesc");
+ el.remove();
+ return;
+ }
+
+ let advisoryLinkText = Services.prefs.getCharPref(
+ "browser.safebrowsing.provider." + provider + ".advisoryName", "");
+ if (!advisoryLinkText) {
+ let el = content.document.getElementById("advisoryDesc");
+ el.remove();
+ return;
+ }
+
+ let anchorEl = content.document.getElementById("advisory_provider");
+ anchorEl.setAttribute("href", advisoryUrl);
+ anchorEl.textContent = advisoryLinkText;
+ },
+}
+AboutBlockedSiteListener.init();
+
// This is copied from desktop's tab-content.js. See bug 1153485 about sharing this code somehow.
var AboutReaderListener = {
_articlePromise: null,
_isLeavingReaderableReaderMode: false,
init: function() {
--- a/mobile/android/locales/en-US/chrome/phishing.dtd
+++ b/mobile/android/locales/en-US/chrome/phishing.dtd
@@ -1,15 +1,17 @@
<!-- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
<!ENTITY safeb.palm.accept.label "Get me out of here!">
<!ENTITY safeb.palm.decline.label "Ignore this warning">
<!ENTITY safeb.palm.reportPage.label "Why was this page blocked?">
+<!-- Localization note (safeb.palm.advisory.desc) - Please don't translate <a id="advisory_provider"/> tag. It will be replaced at runtime with advisory link-->
+<!ENTITY safeb.palm.advisory.desc "Advisory provided by <a id='advisory_provider'/>">
<!ENTITY safeb.blocked.malwarePage.title "Reported Attack Page!">
<!-- Localization note (safeb.blocked.malware.shortDesc) - Please don't translate the contents of the <span id="malware_sitename"/> tag. It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->
<!ENTITY safeb.blocked.malwarePage.shortDesc "This web page at <span id='malware_sitename'/> has been reported as an attack page and has been blocked based on your security preferences.">
<!ENTITY safeb.blocked.malwarePage.longDesc "<p>Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.</p><p>Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.</p>">
<!ENTITY safeb.blocked.phishingPage.title3 "Deceptive Site!">
<!-- Localization note (safeb.blocked.phishingPage.shortDesc3) - Please don't translate the contents of the <span id="phishing_sitename"/> tag. It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -5375,26 +5375,29 @@ pref("browser.safebrowsing.debug", false
// The protocol version we communicate with google server.
pref("browser.safebrowsing.provider.google.pver", "2.2");
pref("browser.safebrowsing.provider.google.lists", "goog-badbinurl-shavar,goog-downloadwhite-digest256,goog-phish-shavar,googpub-phish-shavar,goog-malware-shavar,goog-unwanted-shavar");
pref("browser.safebrowsing.provider.google.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2&key=%GOOGLE_API_KEY%");
pref("browser.safebrowsing.provider.google.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2");
pref("browser.safebrowsing.provider.google.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "https://%LOCALE%.phish-error.mozilla.com/?hl=%LOCALE%&url=");
pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "https://%LOCALE%.malware-error.mozilla.com/?hl=%LOCALE%&url=");
-
+pref("browser.safebrowsing.provider.google.advisoryURL", "https://developers.google.com/safe-browsing/v4/advisory");
+pref("browser.safebrowsing.provider.google.advisoryName", "Google Safe Browsing.");
// Prefs for v4.
pref("browser.safebrowsing.provider.google4.pver", "4");
pref("browser.safebrowsing.provider.google4.lists", "goog-badbinurl-proto,goog-downloadwhite-proto,goog-phish-proto,googpub-phish-proto,goog-malware-proto,goog-unwanted-proto");
pref("browser.safebrowsing.provider.google4.updateURL", "https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGLE_API_KEY%&$httpMethod=POST");
pref("browser.safebrowsing.provider.google4.gethashURL", "https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_API_KEY%&$httpMethod=POST");
pref("browser.safebrowsing.provider.google4.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "https://%LOCALE%.phish-error.mozilla.com/?hl=%LOCALE%&url=");
pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "https://%LOCALE%.malware-error.mozilla.com/?hl=%LOCALE%&url=");
+pref("browser.safebrowsing.provider.google4.advisoryURL", "https://developers.google.com/safe-browsing/v4/advisory");
+pref("browser.safebrowsing.provider.google4.advisoryName", "Google Safe Browsing.");
pref("browser.safebrowsing.reportPhishURL", "https://%LOCALE%.phish-report.mozilla.com/?hl=%LOCALE%&url=");
// The table and global pref for blocking plugin content
pref("browser.safebrowsing.blockedURIs.enabled", true);
pref("urlclassifier.blockedTable", "test-block-simple,mozplugin-block-digest256");
// The protocol version we communicate with mozilla server.