Add escape & appeal buttons to phishing/malware clickthrough bar. r=gavin r=tony ui-r=beltzner b=441624
authorJohnathan Nightingale <johnath@mozilla.com>
Mon, 27 Oct 2008 15:36:46 -0400
changeset 20862 653cd7bf1bb4005dacd8e462d5a246a986012df7
parent 20861 1622ca12ba25fb190c73970da2cd0f5a98823244
child 20863 7b456bc0eb3071a29b670109b43ee9ef968cc49c
push id3206
push userjnightingale@mozilla.com
push dateMon, 27 Oct 2008 19:38:13 +0000
treeherdermozilla-central@653cd7bf1bb4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgavin, tony, beltzner
bugs441624
milestone1.9.1b2pre
Add escape & appeal buttons to phishing/malware clickthrough bar. r=gavin r=tony ui-r=beltzner b=441624
browser/app/profile/firefox.js
browser/base/content/browser.js
browser/components/safebrowsing/content/globalstore.js
browser/components/safebrowsing/content/sb-loader.js
browser/locales/en-US/chrome/browser/browser.properties
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -619,16 +619,18 @@ pref("browser.safebrowsing.provider.0.ge
 // point to the same file.  fallbackurl must be a chrome url
 pref("browser.safebrowsing.provider.0.privacy.url", "http://www.google.com/tools/firefox/firefox_privacy.html?hl=%LOCALE%");
 pref("browser.safebrowsing.provider.0.privacy.fallbackurl", "chrome://browser/content/preferences/phishEULA.xhtml");
 
 // HTML report pages
 pref("browser.safebrowsing.provider.0.reportGenericURL", "http://{moz:locale}.phish-generic.mozilla.com/?hl={moz:locale}");
 pref("browser.safebrowsing.provider.0.reportErrorURL", "http://{moz:locale}.phish-error.mozilla.com/?hl={moz:locale}");
 pref("browser.safebrowsing.provider.0.reportPhishURL", "http://{moz:locale}.phish-report.mozilla.com/?hl={moz:locale}");
+pref("browser.safebrowsing.provider.0.reportMalwareURL", "http://{moz:locale}.malware-report.mozilla.com/?hl={moz:locale}");
+pref("browser.safebrowsing.provider.0.reportMalwareErrorURL", "http://{moz:locale}.malware-error.mozilla.com/?hl={moz:locale}");
 
 // FAQ URL
 pref("browser.safebrowsing.warning.infoURL", "http://%LOCALE%.www.mozilla.com/%LOCALE%/firefox/phishing-protection/");
 
 // Name of the about: page contributed by safebrowsing to handle display of error
 // pages on phishing/malware hits.  (bug 399233)
 pref("urlclassifier.alternate_error_page", "blocked");
 
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -2207,60 +2207,89 @@ function BrowserOnCommand(event) {
           errorDoc.location.reload();
       }
       else if (ot == errorDoc.getElementById('getMeOutOfHereButton')) {
         getMeOutOfHere();
       }
     }
     else if (/^about:blocked/.test(errorDoc.documentURI)) {
       // The event came from a button on a malware/phishing block page
+      // First check whether it's malware or phishing, so that we can
+      // use the right strings/links
+      var isMalware = /e=malwareBlocked/.test(errorDoc.documentURI);
       
       if (ot == errorDoc.getElementById('getMeOutButton')) {
         getMeOutOfHere();
       }
       else if (ot == errorDoc.getElementById('reportButton')) {
         // This is the "Why is this site blocked" button.  For malware,
         // we can fetch a site-specific report, for phishing, we redirect
         // to the generic page describing phishing protection.
         var formatter = Cc["@mozilla.org/toolkit/URLFormatterService;1"]
                        .getService(Components.interfaces.nsIURLFormatter);
         
-        if (/e=malwareBlocked/.test(errorDoc.documentURI)) {
+        if (isMalware) {
           // Get the stop badware "why is this blocked" report url,
           // append the current url, and go there.
           try {
             var reportURL = formatter.formatURLPref("browser.safebrowsing.malware.reportURL");
             reportURL += errorDoc.location.href;
             content.location = reportURL;
           } catch (e) {
             Components.utils.reportError("Couldn't get malware report URL: " + e);
           }
         }
-        else if (/e=phishingBlocked/.test(errorDoc.documentURI)) {
+        else { // It's a phishing site, not malware
           try {
             content.location = formatter.formatURLPref("browser.safebrowsing.warning.infoURL");
           } catch (e) {
             Components.utils.reportError("Couldn't get phishing info URL: " + e);
           }
         }
       }
       else if (ot == errorDoc.getElementById('ignoreWarningButton')) {
         // Allow users to override and continue through to the site,
         // but add a notify bar as a reminder, so that they don't lose
         // track after, e.g., tab switching.
         gBrowser.loadURIWithFlags(content.location.href,
                                   nsIWebNavigation.LOAD_FLAGS_BYPASS_CLASSIFIER,
                                   null, null, null);
+        var buttons = [{
+          label: gNavigatorBundle.getString("safebrowsing.getMeOutOfHereButton.label"),
+          accessKey: gNavigatorBundle.getString("safebrowsing.getMeOutOfHereButton.accessKey"),
+          callback: function() { getMeOutOfHere(); }
+        }];
+        
+        if (isMalware) {
+          var title = gNavigatorBundle.getString("safebrowsing.reportedAttackSite");
+          buttons[1] = {
+            label: gNavigatorBundle.getString("safebrowsing.notAnAttackButton.label"),
+            accessKey: gNavigatorBundle.getString("safebrowsing.notAnAttackButton.accessKey"),
+            callback: function() {
+              openUILinkIn(safebrowsing.getReportURL('MalwareError'), 'tab');
+            }
+          };
+        } else {
+          title = gNavigatorBundle.getString("safebrowsing.reportedWebForgery");
+          buttons[1] = {
+            label: gNavigatorBundle.getString("safebrowsing.notAForgeryButton.label"),
+            accessKey: gNavigatorBundle.getString("safebrowsing.notAForgeryButton.accessKey"),
+            callback: function() {
+              openUILinkIn(safebrowsing.getReportURL('Error'), 'tab');
+            }
+          };
+        }
+        
         var notificationBox = gBrowser.getNotificationBox();
         notificationBox.appendNotification(
-          errorDoc.title, /* Re-use the error page's title, e.g. "Reported Web Forgery!" */
+          title,
           "blocked-badware-page",
           "chrome://global/skin/icons/blacklist_favicon.png",
           notificationBox.PRIORITY_CRITICAL_HIGH,
-          null
+          buttons
         );
       }
     }
 }
 
 /**
  * Re-direct the browser to a known-safe page.  This function is
  * used when, for example, the user browses to a known malware page
--- a/browser/components/safebrowsing/content/globalstore.js
+++ b/browser/components/safebrowsing/content/globalstore.js
@@ -108,16 +108,18 @@ PROT_DataProvider.prototype.loadDataProv
   this.keyURL_ = this.getUrlPref_(basePref + "keyURL");
   this.reportURL_ = this.getUrlPref_(basePref + "reportURL");
   this.gethashURL_ = this.getUrlPref_(basePref + "gethashURL");
 
   // Urls to HTML report pages
   this.reportGenericURL_ = this.getUrlPref_(basePref + "reportGenericURL");
   this.reportErrorURL_ = this.getUrlPref_(basePref + "reportErrorURL");
   this.reportPhishURL_ = this.getUrlPref_(basePref + "reportPhishURL");
+  this.reportMalwareURL_ = this.getUrlPref_(basePref + "reportMalwareURL")
+  this.reportMalwareErrorURL_ = this.getUrlPref_(basePref + "reportMalwareErrorURL")
 
   // Propagate the changes to the list-manager.
   this.updateListManager_();
 }
 
 /**
  * The list manager needs urls to operate.  It needs a url to know where the
  * table updates are, and it needs a url for decrypting enchash style tables.
@@ -215,8 +217,14 @@ PROT_DataProvider.prototype.getReportGen
   return this.reportGenericURL_;
 }
 PROT_DataProvider.prototype.getReportErrorURL = function() {
   return this.reportErrorURL_;
 }
 PROT_DataProvider.prototype.getReportPhishURL = function() {
   return this.reportPhishURL_;
 }
+PROT_DataProvider.prototype.getReportMalwareURL = function() {
+  return this.reportMalwareURL_;
+}
+PROT_DataProvider.prototype.getReportMalwareErrorURL = function() {
+  return this.reportMalwareErrorURL_;
+}
--- a/browser/components/safebrowsing/content/sb-loader.js
+++ b/browser/components/safebrowsing/content/sb-loader.js
@@ -80,17 +80,17 @@ var safebrowsing = {
   get appContext() {
     delete this.appContext;
     return this.appContext = Cc["@mozilla.org/safebrowsing/application;1"]
                             .getService().wrappedJSObject;
   },
 
   /**
    * Used to report a phishing page or a false positive
-   * @param name String either "Phish" or "Error"
+   * @param name String One of "Phish", "Error", "Malware" or "MalwareError"
    * @return String the report phishing URL.
    */
   getReportURL: function(name) {
     var reportUrl = this.appContext.getReportURL(name);
 
     var pageUrl = getBrowser().currentURI.asciiSpec;
     reportUrl += "&url=" + encodeURIComponent(pageUrl);
 
--- a/browser/locales/en-US/chrome/browser/browser.properties
+++ b/browser/locales/en-US/chrome/browser/browser.properties
@@ -143,8 +143,21 @@ editBookmarkPanel.editBookmarkTitle=Edit
 #
 geolocation.exactLocation=Exact Location (within 10 feet)
 geolocation.exactLocationKey=E
 geolocation.neighborhoodLocation=Neighborhood (within 1 mile)
 geolocation.neighborhoodLocationKey=N
 geolocation.nothingLocation=Nothing
 geolocation.nothingLocationKey=o
 geolocation.requestMessage=%S wants to know where you are.  Tell them:
+
+# Phishing/Malware Notification Bar.
+# LOCALIZATION NOTE (notAForgery, notAnAttack)
+# The two button strings will never be shown at the same time, so
+# it's okay for them to have the same access key
+safebrowsing.getMeOutOfHereButton.label=Get me out of here!
+safebrowsing.getMeOutOfHereButton.accessKey=G
+safebrowsing.reportedWebForgery=Reported Web Forgery!
+safebrowsing.notAForgeryButton.label=This isn't a web forgery…
+safebrowsing.notAForgeryButton.accessKey=F
+safebrowsing.reportedAttackSite=Reported Attack Site!
+safebrowsing.notAnAttackButton.label=This isn't an attack site…
+safebrowsing.notAnAttackButton.accessKey=A