corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 399233 - "Phishing UI hidden by content, inconsistent with malware" [p=johnath r=tony r=biesi ui-r=beltzner a=blocking-firefox3+ for M9]

Browse Source
This commit is contained in:
2007-10-29 11:29:14 -07:00
parent 1d050b598c
commit b8a9b11125
18 changed files with 326 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
browser/components/safebrowsing/content/application.js
View File

@@ -38,8 +38,8 @@
var gDataProvider = null;
// An instance of our application is a PROT_Application object. It
// basically just populates a few globals and instantiates wardens and
// the listmanager.
// basically just populates a few globals and instantiates wardens,
// the listmanager, and the about:blocked error page.
/**
* An instance of our application. There should be exactly one of these.
@@ -100,3 +100,30 @@ function PROT_Application() {
PROT_Application.prototype.getReportURL = function(name) {
return gDataProvider["getReport" + name + "URL"]();
}
/**
* about:blocked implementation
*/
PROT_Application.prototype.newChannel = function(uri) {
var ioService = Cc["@mozilla.org/network/io-service;1"]
.getService(Ci.nsIIOService);
var childURI = ioService.newURI("chrome://browser/content/safebrowsing/blockedSite.xhtml",
null, null);
var channel = ioService.newChannelFromURI(childURI);
channel.originalURI = uri;
return channel;
}
PROT_Application.prototype.getURIFlags = function(uri) {
return Ci.nsIAboutModule.ALLOW_SCRIPT;
}
PROT_Application.prototype.QueryInterface = function(iid) {
if (iid.equals(Ci.nsISupports) ||
iid.equals(Ci.nsIAboutModule))
return this;
Components.returnCode = Components.results.NS_ERROR_NO_INTERFACE;
return null;
}

210
browser/components/safebrowsing/content/blockedSite.xhtml Normal file
View File

@@ -0,0 +1,210 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html [
<!ENTITY % htmlDTD PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
%htmlDTD;
<!ENTITY % globalDTD SYSTEM "chrome://global/locale/global.dtd">
%globalDTD;
<!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd" >
%brandDTD;
<!ENTITY % blockedSiteDTD SYSTEM "chrome://browser/locale/safebrowsing/phishing-afterload-warning-message.dtd">
%blockedSiteDTD;
]>
<!-- ***** BEGIN LICENSE BLOCK *****
- Version: MPL 1.1/GPL 2.0/LGPL 2.1
-
- The contents of this file are subject to the Mozilla Public License Version
- 1.1 (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS IS" basis,
- WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- for the specific language governing rights and limitations under the
- License.
-
- The Original Code is mozilla.org code.
-
- The Initial Developer of the Original Code is
- Netscape Communications Corporation.
- Portions created by the Initial Developer are Copyright (C) 1998
- the Initial Developer. All Rights Reserved.
-
- Contributor(s):
- Adam Lock <adamlock@netscape.com>
- William R. Price <wrprice@alumni.rice.edu>
- Henrik Skupin <mozilla@hskupin.info>
- Jeff Walden <jwalden+code@mit.edu>
- Johnathan Nightingale <johnath@mozilla.com>
-
- Alternatively, the contents of this file may be used under the terms of
- either the GNU General Public License Version 2 or later (the "GPL"), or
- the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- in which case the provisions of the GPL or the LGPL are applicable instead
- of those above. If you wish to allow use of your version of this file only
- under the terms of either the GPL or the LGPL, and not to allow others to
- use your version of this file under the terms of the MPL, indicate your
- decision by deleting the provisions above and replace them with the notice
- and other provisions required by the LGPL or the GPL. If you do not delete
- the provisions above, a recipient may use your version of this file under
- the terms of any one of the MPL, the GPL or the LGPL.
-
- ***** END LICENSE BLOCK ***** -->
<html xmlns="http://www.w3.org/1999/xhtml" class="blacklist">
<head>
<link rel="stylesheet" href="chrome://global/skin/netError.css" type="text/css" media="all" />
<link rel="icon" type="image/png" id="favicon" href="chrome://global/skin/icons/blacklist_favicon.png"/>
<script type="application/javascript" src="chrome://global/content/strres.js"/>
<script type="application/javascript"><![CDATA[
// Error url MUST be formatted like this:
// about:blocked?e=error_code&u=url
// Note that this file uses document.documentURI to get
// the URL (with the format from above). This is because
// document.location.href gets the current URI off the docshell,
// which is the URL displayed in the location bar, i.e.
// the URI that the user attempted to load.
function getErrorCode()
{
var url = document.documentURI;
var error = url.search(/e\=/);
var duffUrl = url.search(/\&u\=/);
return decodeURIComponent(url.slice(error + 2, duffUrl));
}
function getURL()
{
var url = document.documentURI;
var index = url.search(/u\=/);
// index == -1 if not found; if so, return an empty string
// instead of what would turn out to be portions of the URI
if (index == -1)
return "";
return decodeURIComponent(url.slice(index + 2));
}
/**
* Attempt to parse the result of getURL and extract a hostname. Fail back
* to getURL so that we always return something meaningful.
*/
function getHostString()
{
var ios = Components.classes["@mozilla.org/network/io-service;1"]
.getService(Components.interfaces.nsIIOService);
var url = getURL();
try {
return ios.newURI(url, null, null).host;
} catch (e) {
return url;
}
}
// Elements that tend to need content set
var errorTitleText, errorShortDescText, errorLongDesc, errorLongDescText;
// The string bundles managing strings for various blocked page scenarios
var sb = srGetStrBundle("chrome://browser/locale/safebrowsing/blockedSite.properties");
var brandBundle = srGetStrBundle("chrome://branding/locale/brand.properties");
var brandShortName = brandBundle.GetStringFromName("brandShortName");
function initPage()
{
// Set up the cached elements
errorTitleText = document.getElementById("errorTitleText");
errorShortDescText = document.getElementById("errorShortDescText");
errorLongDesc = document.getElementById("errorLongDesc");
errorLongDescText = document.getElementById("errorLongDescText");
// Handoff to the appropriate initializer, based on error code
switch(getErrorCode()) {
case "malwareBlocked" :
initPage_malware();
break;
case "phishingBlocked" :
initPage_phishing();
break;
}
}
/**
* Initialize custom strings and functionality for blocked malware case
*/
function initPage_malware()
{
document.title = sb.GetStringFromName("malware.title");
errorTitleText.textContent = document.title;
errorShortDescText.textContent = sb.formatStringFromName("malware.shortDesc",
[getHostString()], 1);
errorLongDesc.innerHTML = sb.GetStringFromName("malware.longDesc");
}
/**
* Initialize custom strings and functionality for blocked phishing case
*/
function initPage_phishing()
{
document.title = sb.GetStringFromName("phishing.title");
errorTitleText.textContent = document.title;
errorShortDescText.textContent = sb.formatStringFromName("phishing.shortDesc",
[getHostString()], 1);
var longDesc = sb.GetStringFromName("phishing.longDesc");
// If we have a more-info link for the phishing information, add it in,
// otherwise just use the generic text
var faqURL = Components.classes["@mozilla.org/toolkit/URLFormatterService;1"]
.getService(Components.interfaces.nsIURLFormatter)
.formatURLPref("browser.safebrowsing.warning.infoURL");
if(faqURL && faqURL != "about:blank") {
longDesc += sb.formatStringFromName("phishing.learnMoreLink",
[brandShortName], 1);
errorLongDesc.innerHTML = longDesc;
document.getElementById("faqLink").setAttribute("href", faqURL);
}
else
errorLongDesc.innerHTML = longDesc;
}
]]></script>
</head>
<body dir="&locale.dir;">
<div id="errorPageContainer">
<!-- Error Title -->
<div id="errorTitle">
<h1 id="errorTitleText" />
</div>
<div id="errorLongContent">
<!-- Short Description -->
<div id="errorShortDesc">
<p id="errorShortDescText" />
</div>
<!-- Long Description -->
<div id="errorLongDesc">
<p id="errorLongDescText" />
</div>
<!-- Action buttons -->
<div id="buttons">
<xul:button xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
id="getMeOutButton" label="&safeb.palm.accept.label;" oncommand="window.home();" />
</div>
</div>
</div>
<!--
- Note: It is important to run the script this way, instead of using
- an onload handler. This is because error pages are loaded as
- LOAD_BACKGROUND, which means that onload handlers will not be executed.
-->
<script type="application/javascript">initPage();</script>
</body>
</html>

7
browser/components/safebrowsing/content/malware-warden.js
View File

@@ -64,6 +64,13 @@ function PROT_MalwareWarden() {
"a:1:" + testData.length + "\n" +
testData +
"\n";
testData = "mozilla.com/firefox/its-a-trap.html";
testUpdate +=
"n:1000\ni:test-phish-simple\nad:1\n" +
"a:1:" + testData.length + "\n" +
testData +
"\n";
var dbService_ = Cc["@mozilla.org/url-classifier/dbservice;1"]
.getService(Ci.nsIUrlClassifierDBService);

50
browser/components/safebrowsing/content/phishing-afterload-displayer.js
View File

@@ -532,26 +532,7 @@ PROT_PhishMsgDisplayerCanvas.inherits(PROT_PhishMsgDisplayerBase);
* Displays the warning message. First we make sure the overlay is loaded
* then call showMessageAfterOverlay_.
*/
PROT_PhishMsgDisplayerCanvas.prototype.showMessage_ = function() {
G_Debug(this, "Showing message.");
// Load the overlay if we haven't already.
var dimmer = this.doc_.getElementById('safebrowsing-dim-area-canvas');
if (!dimmer) {
var onOverlayMerged = BindToObject(this.showMessageAfterOverlay_,
this);
var observer = new G_ObserverWrapper("xul-overlay-merged",
onOverlayMerged);
this.doc_.loadOverlay(
"chrome://browser/content/safebrowsing/warning-overlay.xul",
observer);
} else {
// The overlay is already loaded so we go ahead and call
// showMessageAfterOverlay_.
this.showMessageAfterOverlay_();
}
}
PROT_PhishMsgDisplayerCanvas.prototype.showMessage_ = function() { }
/**
* This does the actual work of showing the warning message.
@@ -678,34 +659,7 @@ PROT_PhishMsgDisplayerCanvas.prototype.isVisibleElement_ = function(elt) {
/**
* Hide the warning message from the user.
*/
PROT_PhishMsgDisplayerCanvas.prototype.hideMessage_ = function() {
G_Debug(this, "Hiding phishing warning.");
G_Assert(this, this.messageShowing_, "Hide message called but not showing?");
this.messageShowing_ = false;
this.repainter_.cancel();
this.repainter_ = null;
// Hide the warning popup.
var message = this.doc_.getElementById(this.messageId_);
message.hidden = true;
message.style.display = "none";
var content = this.doc_.getElementById(this.messageContentId_);
content.style.height = "";
content.style.overflow = "";
var tail = this.doc_.getElementById(this.messageTailId_);
tail.hidden = true;
tail.style.display = "none";
// Remove the canvas element from the chrome document.
var pageCanvas = this.doc_.getElementById(this.pageCanvasId_);
pageCanvas.parentNode.removeChild(pageCanvas);
// Hide the dimmer.
var dimarea = this.doc_.getElementById(this.dimAreaId_);
dimarea.hidden = true;
}
PROT_PhishMsgDisplayerCanvas.prototype.hideMessage_ = function() { }
/**