Restore "ignore this warning" link for phishing warning. b=400731, r=gavin, r=dcamp, ui-r=mconnor, a=blocking-firefox3 (beltzner)
authorjohnath@mozilla.com
Wed, 12 Mar 2008 13:34:31 -0700
changeset 12960 c2b043d8e547d71c264f14bf9fb2f972d6b46de4
parent 12959 27f7b56a9604ea9277c816268f7220c170bd6e66
child 12961 c27cd9e79df3274f3dcfd1d77a8e7b2856b9fcb0
push idunknown
push userunknown
push dateunknown
reviewersgavin, dcamp, mconnor, blocking-firefox3
bugs400731
milestone1.9b5pre
Restore "ignore this warning" link for phishing warning. b=400731, r=gavin, r=dcamp, ui-r=mconnor, a=blocking-firefox3 (beltzner)
browser/base/content/browser.js
browser/components/safebrowsing/Makefile.in
browser/components/safebrowsing/content/blockedSite.xhtml
browser/components/safebrowsing/content/test/Makefile.in
browser/components/safebrowsing/content/test/browser_bug400731.js
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -2316,16 +2316,32 @@ function BrowserOnCommand(event) {
             content.location = Cc["@mozilla.org/toolkit/URLFormatterService;1"]
                               .getService(Components.interfaces.nsIURLFormatter)
                               .formatURLPref("browser.safebrowsing.warning.infoURL");
           } catch (e) {
             Components.utils.reportError("Couldn't get phishing info URL: " + e);
           }
         }
       }
+      else if (ot == errorDoc.getElementById('ignoreWarningButton')) {
+        // Allow users to override and continue through to the site,
+        // but add a notify bar as a reminder, so that they don't lose
+        // track after, e.g., tab switching.
+        gBrowser.loadURIWithFlags(content.location.href,
+                                  nsIWebNavigation.LOAD_FLAGS_BYPASS_CLASSIFIER,
+                                  null, null, null);
+        var notificationBox = gBrowser.getNotificationBox();
+        notificationBox.appendNotification(
+          errorDoc.title, /* Re-use the error page's title, e.g. "Reported Web Forgery!" */
+          "blocked-badware-page",
+          "chrome://global/skin/icons/blacklist_favicon.png",
+          notificationBox.PRIORITY_CRITICAL_HIGH,
+          null
+        );
+      }
     }
 }
 
 /**
  * Re-direct the browser to a known-safe page.  This function is
  * used when, for example, the user browses to a known malware page
  * and is presented with about:blocked.  The "Get me out of here!"
  * button should take the user to the default start page so that even
--- a/browser/components/safebrowsing/Makefile.in
+++ b/browser/components/safebrowsing/Makefile.in
@@ -40,16 +40,20 @@ DEPTH     = ../../..
 topsrcdir = @top_srcdir@
 srcdir    = @srcdir@
 VPATH     = @srcdir@
 
 include $(DEPTH)/config/autoconf.mk
 
 DIRS      = src
 
+ifdef MOZ_MOCHITEST
+DIRS += content/test
+endif
+
 ifneq (,$(BUILD_OFFICIAL)$(MOZILLA_OFFICIAL))
 DEFINES += -DOFFICIAL_BUILD=1
 endif
 
 # EXTRA_COMPONENTS installs components written in JS to dist/bin/components
 EXTRA_PP_COMPONENTS = \
          src/nsSafebrowsingApplication.js \
          $(NULL)
--- a/browser/components/safebrowsing/content/blockedSite.xhtml
+++ b/browser/components/safebrowsing/content/blockedSite.xhtml
@@ -142,22 +142,50 @@
         el.parentNode.removeChild(el);
 
         el = document.getElementById("errorShortDescText_malware");
         el.parentNode.removeChild(el);
 
         el = document.getElementById("errorLongDescText_malware");
         el.parentNode.removeChild(el);
 
+        // Unhide clickthrough button
+        el = document.getElementById("ignoreWarningButton");
+        el.style.display = "-moz-box";
+        
         // Set sitename
         document.getElementById("phishing_sitename").textContent = getHostString();
         document.title = document.getElementById("errorTitleText_phishing")
                                  .innerHTML;
       }
     ]]></script>
+    <style type="text/css">
+      /* Style warning button to look like a small text link in the
+         bottom right. This is preferable to just using a text link
+         since there is already a mechanism in browser.js for trapping
+         oncommand events from unprivileged chrome pages (BrowserOnCommand).*/
+      #ignoreWarningButton {
+        -moz-appearance: none;
+        background: transparent;
+        border: none;
+        color: white;  /* Hard coded because netError.css forces this page's background to dark red */
+        text-decoration: underline;
+        margin: 0;
+        padding: 0;
+        position: relative;
+        top: 23px;
+        left: 20px;
+        font-size: smaller;
+        display: none; /* Hide the button by default */
+      }
+      
+      #ignoreWarning {
+        text-align: right;
+      }
+    </style>
   </head>
 
   <body dir="&locale.dir;">
     <div id="errorPageContainer">
     
       <!-- Error Title -->
       <div id="errorTitle">
         <h1 id="errorTitleText_phishing">&safeb.blocked.phishing.title;</h1>
@@ -182,16 +210,20 @@
         <div id="buttons">
           <!-- Commands handled in browser.js -->
           <xul:button xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
                       id="getMeOutButton" label="&safeb.palm.accept.label;"/>
           <xul:button xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
                       id="reportButton" label="&safeb.palm.report.label;"/>
         </div>
       </div>
+      <div id="ignoreWarning">
+        <xul:button xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+                    id="ignoreWarningButton" label="&safeb.palm.decline.label;"/>
+      </div>
     </div>
     <!--
     - Note: It is important to run the script this way, instead of using
     - an onload handler. This is because error pages are loaded as
     - LOAD_BACKGROUND, which means that onload handlers will not be executed.
     -->
     <script type="application/javascript">initPage();</script>
   </body>
new file mode 100644
--- /dev/null
+++ b/browser/components/safebrowsing/content/test/Makefile.in
@@ -0,0 +1,53 @@
+#
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is
+#    Mozilla Corporation.
+# Portions created by the Initial Developer are Copyright (C) 1998
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#   Johnathan Nightingale <johnath@mozilla.com>
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either of the GNU General Public License Version 2 or later (the "GPL"),
+# or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+DEPTH		= ../../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+relativesrcdir  = browser/components/safebrowsing/content/test
+
+include $(DEPTH)/config/autoconf.mk
+include $(topsrcdir)/config/rules.mk
+
+_BROWSER_FILES = browser_bug400731.js \
+    $(NULL)
+
+libs::	$(_BROWSER_FILES)
+	$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/browser/$(relativesrcdir)
+
new file mode 100644
--- /dev/null
+++ b/browser/components/safebrowsing/content/test/browser_bug400731.js
@@ -0,0 +1,39 @@
+/* Check for the intended visibility of the "Ignore this warning" text*/
+var newBrowser
+
+function test() {
+  waitForExplicitFinish();
+  
+  var newTab = gBrowser.addTab();
+  gBrowser.selectedTab = newTab;
+  newBrowser = gBrowser.getBrowserForTab(newTab);
+  
+  // Navigate to malware site.  Can't use an onload listener here since
+  // error pages don't fire onload
+  newBrowser.contentWindow.location = 'http://www.mozilla.com/firefox/its-an-attack.html';
+  window.setTimeout(testMalware, 2000);
+}
+
+function testMalware() {
+  // Confirm that "Ignore this warning" is hidden
+  var el = newBrowser.contentDocument.getElementById("ignoreWarningButton");
+  ok(el, "Ignore warning button should be present (but hidden) for malware");
+  
+  var style = newBrowser.contentWindow.getComputedStyle(el, null);
+  is(style.display, "none", "Ignore Warning button should be display:none for malware");
+  
+  // Now launch the phishing test
+  newBrowser.contentWindow.location = 'http://www.mozilla.com/firefox/its-a-trap.html';
+  window.setTimeout(testPhishing, 2000);
+}
+
+function testPhishing() {
+  var el = newBrowser.contentDocument.getElementById("ignoreWarningButton");
+  ok(el, "Ignore warning button should be present for phishing");
+  
+  var style = newBrowser.contentWindow.getComputedStyle(el, null);
+  is(style.display, "-moz-box", "Ignore Warning button should be display:-moz-box for phishing");
+  
+  gBrowser.removeCurrentTab();
+  finish();
+}