author Yosy <>
Sun, 23 Sep 2012 21:09:29 +0200
changeset 107854 9e32aa6fe544f436b3c8a6a915d5360ef2412ae4
parent 107851 a21e1c1d2ba82b36293bbc7e70ab7bd2ea2f7b5d
permissions -rw-r--r--
Bug 792968 - Replace some regular expression string matches with String.startsWith and replace /^https?/ URI scheme tests with /^https?$/. r=dao

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html [
  <!ENTITY % htmlDTD PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
  <!ENTITY % globalDTD SYSTEM "chrome://global/locale/global.dtd">
  <!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd" >
  <!ENTITY % blockedSiteDTD SYSTEM "chrome://browser/locale/safebrowsing/phishing-afterload-warning-message.dtd">

<!-- This Source Code Form is subject to the terms of the Mozilla Public
   - License, v. 2.0. If a copy of the MPL was not distributed with this
   - file, You can obtain one at -->

<html xmlns="" class="blacklist">
    <link rel="stylesheet" href="chrome://global/skin/netError.css" type="text/css" media="all" />
    <link rel="icon" type="image/png" id="favicon" href="chrome://global/skin/icons/blacklist_favicon.png"/>

    <script type="application/javascript"><![CDATA[
      // Error url MUST be formatted like this:
      //   about:blocked?e=error_code&u=url
      // Note that this file uses document.documentURI to get
      // the URL (with the format from above). This is because
      // document.location.href gets the current URI off the docshell,
      // which is the URL displayed in the location bar, i.e.
      // the URI that the user attempted to load.

      function getErrorCode()
        var url = document.documentURI;
        var error =\=/);
        var duffUrl =\&u\=/);
        return decodeURIComponent(url.slice(error + 2, duffUrl));

      function getURL()
        var url = document.documentURI;
        var match = url.match(/&u=([^&]+)&/);

        // match == null if not found; if so, return an empty string
        // instead of what would turn out to be portions of the URI
        if (!match)
          return "";

        url = decodeURIComponent(match[1]);

        // If this is a view-source page, then get then real URI of the page
        if (url.startsWith("view-source:"))
          url = url.slice(12);
        return url;
       * Attempt to get the hostname via document.location.  Fail back
       * to getURL so that we always return something meaningful.
      function getHostString()
        try {
          return document.location.hostname;
        } catch (e) {
          return getURL();
      function initPage()
        // Handoff to the appropriate initializer, based on error code
        switch (getErrorCode()) {
          case "malwareBlocked" :
          case "phishingBlocked" :
       * Initialize custom strings and functionality for blocked malware case
      function initPage_malware()
        // Remove phishing strings
        var el = document.getElementById("errorTitleText_phishing");

        el = document.getElementById("errorShortDescText_phishing");

        el = document.getElementById("errorLongDescText_phishing");

        // Set sitename
        document.getElementById("malware_sitename").textContent = getHostString();
        document.title = document.getElementById("errorTitleText_malware")
       * Initialize custom strings and functionality for blocked phishing case
      function initPage_phishing()
        // Remove malware strings
        var el = document.getElementById("errorTitleText_malware");

        el = document.getElementById("errorShortDescText_malware");

        el = document.getElementById("errorLongDescText_malware");

        // Set sitename
        document.getElementById("phishing_sitename").textContent = getHostString();
        document.title = document.getElementById("errorTitleText_phishing")
    <style type="text/css">
      /* Style warning button to look like a small text link in the
         bottom right. This is preferable to just using a text link
         since there is already a mechanism in browser.js for trapping
         oncommand events from unprivileged chrome pages (BrowserOnCommand).*/
      #ignoreWarningButton {
        -moz-appearance: none;
        background: transparent;
        border: none;
        color: white;  /* Hard coded because netError.css forces this page's background to dark red */
        text-decoration: underline;
        margin: 0;
        padding: 0;
        position: relative;
        top: 23px;
        left: 20px;
        font-size: smaller;
      #ignoreWarning {
        text-align: right;

  <body dir="&locale.dir;">
    <div id="errorPageContainer">
      <!-- Error Title -->
      <div id="errorTitle">
        <h1 id="errorTitleText_phishing">&safeb.blocked.phishingPage.title;</h1>
        <h1 id="errorTitleText_malware">&safeb.blocked.malwarePage.title;</h1>
      <div id="errorLongContent">
        <!-- Short Description -->
        <div id="errorShortDesc">
          <p id="errorShortDescText_phishing">&safeb.blocked.phishingPage.shortDesc;</p>
          <p id="errorShortDescText_malware">&safeb.blocked.malwarePage.shortDesc;</p>

        <!-- Long Description -->
        <div id="errorLongDesc">
          <p id="errorLongDescText_phishing">&safeb.blocked.phishingPage.longDesc;</p>
          <p id="errorLongDescText_malware">&safeb.blocked.malwarePage.longDesc;</p>
        <!-- Action buttons -->
        <div id="buttons">
          <!-- Commands handled in browser.js -->
          <button id="getMeOutButton">&safeb.palm.accept.label;</button>
          <button id="reportButton">&safeb.palm.reportPage.label;</button>
      <div id="ignoreWarning">
        <button id="ignoreWarningButton">&safeb.palm.decline.label;</button>
    - Note: It is important to run the script this way, instead of using
    - an onload handler. This is because error pages are loaded as
    - LOAD_BACKGROUND, which means that onload handlers will not be executed.
    <script type="application/javascript">initPage();</script>