| author | Ryan VanderMeulen <ryanvm@gmail.com> |
| Mon, 04 Jun 2018 08:48:28 -0400 | |
| changeset 421034 | 9a7562fe4671cfaf5a95d7f3e0d4b9894d9561c9 |
| parent 421033 | c71b1bbac9050b6ab00895f0b28725cbffc9f5bf |
| child 421035 | 1133ee75e096e25d47e759ff2957baea547c0d18 |
| push id | 103969 |
| push user | ryanvm@gmail.com |
| push date | Mon, 04 Jun 2018 12:49:11 +0000 |
| treeherder | mozilla-inbound@9a7562fe4671 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| bugs | 1465017, 1452604 |
| milestone | 62.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| browser/base/content/blockedSite.js | file | annotate | diff | comparison | revisions | |
| browser/base/content/blockedSite.xhtml | file | annotate | diff | comparison | revisions | |
| browser/base/jar.mn | file | annotate | diff | comparison | revisions | |
| modules/libpref/init/all.js | file | annotate | diff | comparison | revisions |
deleted file mode 100644 --- a/browser/base/content/blockedSite.js +++ /dev/null @@ -1,155 +0,0 @@ -// Error url MUST be formatted like this: -// about:blocked?e=error_code&u=url(&o=1)? -// (o=1 when user overrides are allowed) - -// Note that this file uses document.documentURI to get -// the URL (with the format from above). This is because -// document.location.href gets the current URI off the docshell, -// which is the URL displayed in the location bar, i.e. -// the URI that the user attempted to load. - -function getErrorCode() { - var url = document.documentURI; - var error = url.search(/e\=/); - var duffUrl = url.search(/\&u\=/); - return decodeURIComponent(url.slice(error + 2, duffUrl)); -} - -function getURL() { - var url = document.documentURI; - var match = url.match(/&u=([^&]+)&/); - - // match == null if not found; if so, return an empty string - // instead of what would turn out to be portions of the URI - if (!match) - return ""; - - url = decodeURIComponent(match[1]); - - // If this is a view-source page, then get then real URI of the page - if (url.startsWith("view-source:")) - url = url.slice(12); - return url; -} - -/** - * Check whether this warning page is overridable or not, in which case - * the "ignore the risk" suggestion in the error description - * should not be shown. - */ -function getOverride() { - var url = document.documentURI; - var match = url.match(/&o=1&/); - return !!match; -} - -/** - * Attempt to get the hostname via document.location. Fail back - * to getURL so that we always return something meaningful. - */ -function getHostString() { - try { - return document.location.hostname; - } catch (e) { - return getURL(); - } -} - -function onClickSeeDetails() { - let details = document.getElementById("errorDescriptionContainer"); - if (details.hidden) { - details.removeAttribute("hidden"); - } else { - details.setAttribute("hidden", "true"); - } -} - -function initPage() { - var error = ""; - switch (getErrorCode()) { - case "malwareBlocked" : - error = "malware"; - break; - case "deceptiveBlocked" : - error = "phishing"; - break; - case "unwantedBlocked" : - error = "unwanted"; - break; - case "harmfulBlocked" : - error = "harmful"; - break; - default: - error = "harmful"; - return; - } - - var el; - - if (error !== "malware") { - el = document.getElementById("errorTitleText_malware"); - el.remove(); - el = document.getElementById("errorShortDescText_malware"); - el.remove(); - el = document.getElementById("errorLongDesc_malware"); - el.remove(); - } - - if (error !== "phishing") { - el = document.getElementById("errorTitleText_phishing"); - el.remove(); - el = document.getElementById("errorShortDescText_phishing"); - el.remove(); - el = document.getElementById("errorLongDesc_phishing"); - el.remove(); - } - - if (error !== "unwanted") { - el = document.getElementById("errorTitleText_unwanted"); - el.remove(); - el = document.getElementById("errorShortDescText_unwanted"); - el.remove(); - el = document.getElementById("errorLongDesc_unwanted"); - el.remove(); - } - - if (error !== "harmful") { - el = document.getElementById("errorTitleText_harmful"); - el.remove(); - el = document.getElementById("errorShortDescText_harmful"); - el.remove(); - el = document.getElementById("errorLongDesc_harmful"); - el.remove(); - } - - // Decide which version of the string should be visible in the error description. - if (getOverride()) { - document.getElementById(error + "_error_desc_no_override").remove(); - } else { - document.getElementById(error + "_error_desc_override").remove(); - } - - // Set sitename in error details. - let sitenameElem = document.getElementById(error + "_sitename"); - sitenameElem.setAttribute("class", "sitename"); - sitenameElem.textContent = getHostString(); - - document.title = document.getElementById("errorTitleText_" + error).textContent; - - // Inform the test harness that we're done loading the page. - var event = new CustomEvent("AboutBlockedLoaded", - { - bubbles: true, - detail: { - url: this.getURL(), - err: error - } - }); - document.dispatchEvent(event); -} - -document.getElementById("seeDetailsButton").onclick = onClickSeeDetails(); -// Note: It is important to run the script this way, instead of using -// an onload handler. This is because error pages are loaded as -// LOAD_BACKGROUND, which means that onload handlers will not be executed. -initPage();
--- a/browser/base/content/blockedSite.xhtml +++ b/browser/base/content/blockedSite.xhtml @@ -12,19 +12,169 @@ ]> <!-- This Source Code Form is subject to the terms of the Mozilla Public - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> <html xmlns="http://www.w3.org/1999/xhtml" class="blacklist"> <head> - <meta http-equiv="Content-Security-Policy" content="default-src chrome:" /> <link rel="stylesheet" href="chrome://browser/skin/blockedSite.css" type="text/css" media="all" /> <link rel="icon" type="image/png" id="favicon" href="chrome://global/skin/icons/blacklist_favicon.png"/> + + <script type="application/javascript"><![CDATA[ + // Error url MUST be formatted like this: + // about:blocked?e=error_code&u=url(&o=1)? + // (o=1 when user overrides are allowed) + + // Note that this file uses document.documentURI to get + // the URL (with the format from above). This is because + // document.location.href gets the current URI off the docshell, + // which is the URL displayed in the location bar, i.e. + // the URI that the user attempted to load. + + function getErrorCode() { + var url = document.documentURI; + var error = url.search(/e\=/); + var duffUrl = url.search(/\&u\=/); + return decodeURIComponent(url.slice(error + 2, duffUrl)); + } + + function getURL() { + var url = document.documentURI; + var match = url.match(/&u=([^&]+)&/); + + // match == null if not found; if so, return an empty string + // instead of what would turn out to be portions of the URI + if (!match) + return ""; + + url = decodeURIComponent(match[1]); + + // If this is a view-source page, then get then real URI of the page + if (url.startsWith("view-source:")) + url = url.slice(12); + return url; + } + + /** + * Check whether this warning page is overridable or not, in which case + * the "ignore the risk" suggestion in the error description + * should not be shown. + */ + function getOverride() { + var url = document.documentURI; + var match = url.match(/&o=1&/); + return !!match; + } + + /** + * Attempt to get the hostname via document.location. Fail back + * to getURL so that we always return something meaningful. + */ + function getHostString() { + try { + return document.location.hostname; + } catch (e) { + return getURL(); + } + } + + function onClickSeeDetails() { + let details = document.getElementById("errorDescriptionContainer"); + if (details.hidden) { + details.removeAttribute("hidden"); + } else { + details.setAttribute("hidden", "true"); + } + } + + function initPage() { + var error = ""; + switch (getErrorCode()) { + case "malwareBlocked" : + error = "malware"; + break; + case "deceptiveBlocked" : + error = "phishing"; + break; + case "unwantedBlocked" : + error = "unwanted"; + break; + case "harmfulBlocked" : + error = "harmful"; + break; + default: + return; + } + + var el; + + if (error !== "malware") { + el = document.getElementById("errorTitleText_malware"); + el.remove(); + el = document.getElementById("errorShortDescText_malware"); + el.remove(); + el = document.getElementById("errorLongDesc_malware"); + el.remove(); + } + + if (error !== "phishing") { + el = document.getElementById("errorTitleText_phishing"); + el.remove(); + el = document.getElementById("errorShortDescText_phishing"); + el.remove(); + el = document.getElementById("errorLongDesc_phishing"); + el.remove(); + } + + if (error !== "unwanted") { + el = document.getElementById("errorTitleText_unwanted"); + el.remove(); + el = document.getElementById("errorShortDescText_unwanted"); + el.remove(); + el = document.getElementById("errorLongDesc_unwanted"); + el.remove(); + } + + if (error !== "harmful") { + el = document.getElementById("errorTitleText_harmful"); + el.remove(); + el = document.getElementById("errorShortDescText_harmful"); + el.remove(); + el = document.getElementById("errorLongDesc_harmful"); + el.remove(); + } + + // Decide which version of the string should be visible in the error description. + if (getOverride()) { + document.getElementById(error + "_error_desc_no_override").remove(); + } else { + document.getElementById(error + "_error_desc_override").remove(); + } + + // Set sitename in error details. + let sitenameElem = document.getElementById(error + "_sitename"); + sitenameElem.setAttribute("class", "sitename"); + sitenameElem.textContent = getHostString(); + + document.title = document.getElementById("errorTitleText_" + error).textContent; + + // Inform the test harness that we're done loading the page. + var event = new CustomEvent("AboutBlockedLoaded", + { + bubbles: true, + detail: { + url: this.getURL(), + err: error + } + }); + document.dispatchEvent(event); + } + ]]></script> </head> <body dir="&locale.dir;"> <div id="errorPageContainer" class="container"> <!-- Error Title --> <div id="errorTitle" class="title"> <h1 class="title-text" id="errorTitleText_phishing">&safeb.blocked.phishingPage.title3;</h1> @@ -47,17 +197,17 @@ <div id="advisoryDesc"> <p id="advisoryDescText">&safeb.palm.advisory.desc2;</p> </div> <!-- Action buttons --> <div id="buttons" class="button-container"> <!-- Commands handled in browser.js --> <button id="goBackButton">&safeb.palm.accept.label2;</button> - <button id="seeDetailsButton">&safeb.palm.seedetails.label;</button> + <button id="seeDetailsButton" onclick="onClickSeeDetails();">&safeb.palm.seedetails.label;</button> </div> </div> <div id="errorDescriptionContainer" hidden="true"> <div class="error-description" id="errorLongDesc_phishing"> <p id="phishing_error_desc_override">&safeb.blocked.phishingPage.errorDesc.override;</p> <p id="phishing_error_desc_no_override">&safeb.blocked.phishingPage.errorDesc.noOverride;</p> <p id="phishing_learn_more">&safeb.blocked.phishingPage.learnMore;</p> </div> @@ -73,11 +223,18 @@ </div> <div class="error-description" id="errorLongDesc_harmful"> <p id="harmful_error_desc_override">&safeb.blocked.harmfulPage.errorDesc.override;</p> <p id="harmful_error_desc_no_override">&safeb.blocked.harmfulPage.errorDesc.noOverride;</p> <p id="harmful_learn_more">&safeb.blocked.harmfulPage.learnMore;</p> </div> </div> </div> + <!-- + - Note: It is important to run the script this way, instead of using + - an onload handler. This is because error pages are loaded as + - LOAD_BACKGROUND, which means that onload handlers will not be executed. + --> + <script type="application/javascript"> + initPage(); + </script> </body> - <script type="application/javascript" src="chrome://browser/content/blockedSite.js"/> </html>
--- a/browser/base/jar.mn +++ b/browser/base/jar.mn @@ -105,17 +105,16 @@ browser.jar: #ifndef XP_MACOSX * content/browser/webrtcIndicator.xul (content/webrtcIndicator.xul) content/browser/webrtcIndicator.js (content/webrtcIndicator.js) #endif # the following files are browser-specific overrides * content/browser/license.html (/toolkit/content/license.html) % override chrome://global/content/license.html chrome://browser/content/license.html content/browser/blockedSite.xhtml (content/blockedSite.xhtml) - content/browser/blockedSite.js (content/blockedSite.js) % override chrome://global/content/netError.xhtml chrome://browser/content/aboutNetError.xhtml # L10n resources and overrides. % override chrome://global/locale/appstrings.properties chrome://browser/locale/appstrings.properties % override chrome://global/locale/netError.dtd chrome://browser/locale/netError.dtd % override chrome://mozapps/locale/downloads/settingsChange.dtd chrome://browser/locale/downloads/settingsChange.dtd % resource search-plugins chrome://browser/locale/searchplugins/
--- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -2495,17 +2495,17 @@ pref("security.dialog_enable_delay", 100 pref("security.notification_enable_delay", 500); pref("security.csp.enable", true); pref("security.csp.experimentalEnabled", false); pref("security.csp.enableStrictDynamic", true); #if defined(DEBUG) && !defined(ANDROID) // about:welcome has been added until Bug 1448359 is fixed at which time home, newtab, and welcome will all be removed. -pref("csp.content_privileged_about_uris_without_csp", "blank,home,newtab,printpreview,srcdoc,welcome"); +pref("csp.content_privileged_about_uris_without_csp", "blank,blocked,home,newtab,printpreview,srcdoc,welcome"); #endif #ifdef NIGHTLY_BUILD pref("security.csp.enable_violation_events", true); #else pref("security.csp.enable_violation_events", false); #endif