Bug 1597228 - move 'get me out of here' logic to shared place and make toolkit-safe, r=dimi

Differential Revision: https://phabricator.services.mozilla.com/D238762

browser/actors/BlockedSiteParent.sys.mjs

@@ -3,6 +3,8 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+import { EscapablePageParent } from "resource://gre/actors/NetErrorParent.sys.mjs";
+
 let lazy = {};
 
 ChromeUtils.defineESModuleGetters(lazy, {
@@ -108,7 +110,7 @@ SafeBrowsingNotificationBox.prototype.QueryInterface = ChromeUtils.generateQI([
   "nsISupportsWeakReference",
 ]);
 
-export class BlockedSiteParent extends JSWindowActorParent {
+export class BlockedSiteParent extends EscapablePageParent {
   receiveMessage(msg) {
     switch (msg.name) {
       case "Browser:SiteBlockedError":
@@ -154,7 +156,7 @@ export class BlockedSiteParent extends JSWindowActorParent {
             nsISecTel[bucketName + "GET_ME_OUT_OF_HERE"]
           );
         }
-        browser.ownerGlobal.getMeOutOfHere(this.browsingContext);
+        this.leaveErrorPage(browser, /* Never go back */ false);
         break;
       case "ignore_warning_link":
         if (Services.prefs.getBoolPref("browser.safebrowsing.allowOverride")) {
@@ -194,8 +196,9 @@ export class BlockedSiteParent extends JSWindowActorParent {
         accessKey: lazy.browserBundle.GetStringFromName(
           "safebrowsing.getMeOutOfHereButton.accessKey"
         ),
-        callback() {
+        callback: () => {
-          browsingContext.topChromeWindow.getMeOutOfHere(browsingContext);
+          let browser = browsingContext.top.embedderElement;
+          this.leaveErrorPage(browser, /* Never go back */ false);
         },
       },
     ];

browser/base/content/browser.js

@@ -1526,36 +1526,6 @@ function PageProxyClickHandler(aEvent) {
   }
 }
 
-/**
- * Re-direct the browser to a known-safe page.  This function is
- * used when, for example, the user browses to a known malware page
- * and is presented with about:blocked.  The "Get me out of here!"
- * button should take the user to the default start page so that even
- * when their own homepage is infected, we can get them somewhere safe.
- */
-function getMeOutOfHere(browsingContext) {
-  browsingContext.top.fixupAndLoadURIString(getDefaultHomePage(), {
-    triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal(), // Also needs to load homepage
-  });
-}
-
-/**
- * Return the default start page for the cases when the user's own homepage is
- * infected, so we can get them somewhere safe.
- */
-function getDefaultHomePage() {
-  let url = BROWSER_NEW_TAB_URL;
-  if (PrivateBrowsingUtils.isWindowPrivate(window)) {
-    return url;
-  }
-  url = HomePage.getDefault();
-  // If url is a pipe-delimited set of pages, just take the first one.
-  if (url.includes("|")) {
-    url = url.split("|")[0];
-  }
-  return url;
-}
-
 var browserDragAndDrop = {
   canDropLink: aEvent => Services.droppedLinkHandler.canDropLink(aEvent, true),
 

browser/base/content/browser.js.globals

@@ -39,8 +39,6 @@
   "UpdateUrlbarSearchSplitterState",
   "UpdatePopupNotificationsVisibility",
   "PageProxyClickHandler",
-  "getMeOutOfHere",
-  "getDefaultHomePage",
   "browserDragAndDrop",
   "homeButtonObserver",
   "openHomeDialog",

browser/modules/HomePage.sys.mjs

@@ -133,6 +133,17 @@ export let HomePage = {
     return homePages;
   },
 
+  getForErrorPage(win) {
+    if (lazy.PrivateBrowsingUtils.isWindowPrivate(win)) {
+      return win.BROWSER_NEW_TAB_URL;
+    }
+    let url = this.get(win);
+    if (url.includes("|")) {
+      url = url.split("|")[0];
+    }
+    return url;
+  },
+
   /**
    * @returns {string}
    *   Returns the application default homepage.

toolkit/actors/AboutHttpsOnlyErrorParent.sys.mjs

@@ -2,10 +2,9 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-import { HomePage } from "resource:///modules/HomePage.sys.mjs";
+import { EscapablePageParent } from "resource://gre/actors/NetErrorParent.sys.mjs";
-import { PrivateBrowsingUtils } from "resource://gre/modules/PrivateBrowsingUtils.sys.mjs";
 
-export class AboutHttpsOnlyErrorParent extends JSWindowActorParent {
+export class AboutHttpsOnlyErrorParent extends EscapablePageParent {
   get browser() {
     return this.browsingContext.top.embedderElement;
   }
@@ -13,36 +12,8 @@ export class AboutHttpsOnlyErrorParent extends JSWindowActorParent {
   receiveMessage(aMessage) {
     switch (aMessage.name) {
       case "goBack":
-        this.goBackFromErrorPage(this.browser);
+        this.leaveErrorPage(this.browser);
         break;
     }
   }
-
-  goBackFromErrorPage(aBrowser) {
-    if (!aBrowser.canGoBack) {
-      // If the unsafe page is the first or the only one in history, go to the
-      // start page.
-      aBrowser.fixupAndLoadURIString(
-        this.getDefaultHomePage(aBrowser.ownerGlobal),
-        {
-          triggeringPrincipal:
-            Services.scriptSecurityManager.getSystemPrincipal(),
-        }
-      );
-    } else {
-      aBrowser.goBack();
-    }
-  }
-
-  getDefaultHomePage(win) {
-    if (PrivateBrowsingUtils.isWindowPrivate(win)) {
-      return win.BROWSER_NEW_TAB_URL || "about:blank";
-    }
-    let url = HomePage.getDefault();
-    // If url is a pipe-delimited set of pages, just take the first one.
-    if (url.includes("|")) {
-      url = url.split("|")[0];
-    }
-    return url;
-  }
 }

toolkit/actors/NetErrorParent.sys.mjs

@@ -5,8 +5,6 @@
 
 import { AppConstants } from "resource://gre/modules/AppConstants.sys.mjs";
 
-import { PrivateBrowsingUtils } from "resource://gre/modules/PrivateBrowsingUtils.sys.mjs";
-
 const PREF_SSL_IMPACT_ROOTS = [
   "security.tls.version.",
   "security.ssl3.",
@@ -44,7 +42,36 @@ class CaptivePortalObserver {
   }
 }
 
-export class NetErrorParent extends JSWindowActorParent {
+export class EscapablePageParent extends JSWindowActorParent {
+  /**
+   * Re-direct the browser to the previous page or a known-safe page if no
+   * previous page is found in history.  This function is used when the user
+   * browses to a secure page with certificate issues and is presented with
+   * about:certerror.  The "Go Back" button should take the user to the previous
+   * or a default start page so that even when their own homepage is on a server
+   * that has certificate errors, we can get them somewhere safe.
+   */
+  leaveErrorPage(browser, allowGoingBack = true) {
+    if (!browser.canGoBack || !allowGoingBack) {
+      // If the unsafe page is the first or the only one in history, we need to
+      // go somewhere:
+      let safePage = "about:blank";
+
+      // Ideally we use the homepage...
+      if (AppConstants.MOZ_BUILD_APP == "browser") {
+        safePage = lazy.HomePage.getForErrorPage(browser.ownerGlobal);
+      }
+      browser.fixupAndLoadURIString(safePage, {
+        triggeringPrincipal:
+          Services.scriptSecurityManager.getSystemPrincipal(),
+      });
+    } else {
+      browser.goBack();
+    }
+  }
+}
+
+export class NetErrorParent extends EscapablePageParent {
   constructor() {
     super();
     this.captivePortalObserver = new CaptivePortalObserver(this);
@@ -73,51 +100,6 @@ export class NetErrorParent extends JSWindowActorParent {
     return false;
   }
 
-  /**
-   * Return the default start page for the cases when the user's own homepage is
-   * infected, so we can get them somewhere safe.
-   */
-  getDefaultHomePage(win) {
-    let url;
-    if (
-      !PrivateBrowsingUtils.isWindowPrivate(win) &&
-      AppConstants.MOZ_BUILD_APP == "browser"
-    ) {
-      url = lazy.HomePage.getDefault();
-    }
-    url ||= win.BROWSER_NEW_TAB_URL || "about:blank";
-
-    // If url is a pipe-delimited set of pages, just take the first one.
-    if (url.includes("|")) {
-      url = url.split("|")[0];
-    }
-    return url;
-  }
-
-  /**
-   * Re-direct the browser to the previous page or a known-safe page if no
-   * previous page is found in history.  This function is used when the user
-   * browses to a secure page with certificate issues and is presented with
-   * about:certerror.  The "Go Back" button should take the user to the previous
-   * or a default start page so that even when their own homepage is on a server
-   * that has certificate errors, we can get them somewhere safe.
-   */
-  goBackFromErrorPage(browser) {
-    if (!browser.canGoBack) {
-      // If the unsafe page is the first or the only one in history, go to the
-      // start page.
-      browser.fixupAndLoadURIString(
-        this.getDefaultHomePage(browser.ownerGlobal),
-        {
-          triggeringPrincipal:
-            Services.scriptSecurityManager.getSystemPrincipal(),
-        }
-      );
-    } else {
-      browser.goBack();
-    }
-  }
-
   /**
    * This function does a canary request to a reliable, maintained endpoint, in
    * order to help network code detect a system-wide man-in-the-middle.
@@ -241,7 +223,7 @@ export class NetErrorParent extends JSWindowActorParent {
         this.browser.reload();
         break;
       case "Browser:SSLErrorGoBack":
-        this.goBackFromErrorPage(this.browser);
+        this.leaveErrorPage(this.browser);
         break;
       case "GetChangedCertPrefs":
         let hasChangedCertPrefs = this.hasChangedCertPrefs();