Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-03-03 15:26:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 346942 - Finalize anti-phishing UI, part 2. This gets rid of the stupid dialog we had before. Parts of patch courtesy of Tony Chang, rest was me, r=mconnor

Browse Source
This commit is contained in:
jwalden%mit.edu 2006-08-16 07:23:53 +00:00
parent b3e3cb1049
commit 1a83e25ed9
11 changed files with 375 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
browser/app/profile/firefox.js
View File

@ -509,6 +509,9 @@ pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrow
pref("browser.safebrowsing.provider.0.keyURL", "https://www.google.com/safebrowsing/getkey?");
pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
// privacy policy -- must be chrome URL
pref("browser.safebrowsing.provider.0.privacy.url", "chrome://browser/content/preferences/phishEULA.xhtml");
// HTML report pages
pref("browser.safebrowsing.provider.0.reportGenericURL", "http://www.mozilla.org/projects/bonecho/anti-phishing/report_general/?hl={moz:locale}");
pref("browser.safebrowsing.provider.0.reportErrorURL", "http://www.mozilla.org/projects/bonecho/anti-phishing/report_error/?hl={moz:locale}");

3
browser/components/preferences/jar.mn
View File

@ -25,6 +25,9 @@ browser.jar:
* content/browser/preferences/permissions.xul
* content/browser/preferences/permissions.js
* content/browser/preferences/permissionsutils.js
* content/browser/preferences/phishEULA.xul
* content/browser/preferences/phishEULA.js
* content/browser/preferences/phishEULA.xhtml
* content/browser/preferences/preferences.xul
* content/browser/preferences/privacy.xul
* content/browser/preferences/privacy.js

157
browser/components/preferences/phishEULA.js Normal file
View File

@ -0,0 +1,157 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Firefox Anti-Phishing Support.
*
* The Initial Developer of the Original Code is
* Mozilla Corporation.
* Portions created by the Initial Developer are Copyright (C) 2006
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Jeff Walden <jwalden+code@mit.edu> (original author)
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/**
* gPhishDialog controls the user interface for displaying the privacy policy of
* an anti-phishing provider.
*
* The caller (gSecurityPane._userAgreedToPhishingEULA in main.js) invokes this
* dialog with a single argument - a reference to an object with .providerNum
* and .userAgreed properties. This code displays the dialog for the provider
* as dictated by .providerNum and loads the policy. When that load finishes,
* the OK button is enabled and the user can either accept or decline the
* agreement (a choice which is communicated by setting .userAgreed to true if
* the user did indeed agree).
*/
var gPhishDialog = {
/**
* The nsIWebProgress object associated with the privacy policy frame.
*/
_webProgress: null,
/**
* Initializes UI and starts the privacy policy loading.
*/
init: function ()
{
const Cc = Components.classes, Ci = Components.interfaces;
var providerNum = window.arguments[0].providerNum;
var phishBefore = document.getElementById("phishBefore");
var phishAfter = document.getElementById("phishAfter");
var prefb = Cc["@mozilla.org/preferences-service;1"].
getService(Ci.nsIPrefService).
getBranch("browser.safebrowsing.provider.");
// init before-frame and after-frame strings
// note that description only wraps when the string is the element's
// *content* and *not* when it's the value attribute
var providerName = prefb.getCharPref(providerNum + ".name");
var strings = document.getElementById("bundle_phish");
phishBefore.textContent = strings.getFormattedString("phishBefore", [providerName]);
phishAfter.textContent = strings.getFormattedString("phishAfter", [providerName]);
// guaranteed to be present, because only providers with privacy policies
// are displayed in the prefwindow
var privacyURL = prefb.getComplexValue(providerNum + ".privacy.url", Ci.nsISupportsString).data;
// add progress listener to enable OK when page loads
var frame = document.getElementById("phishPolicyFrame");
var webProgress = frame.docShell
.QueryInterface(Ci.nsIInterfaceRequestor)
.getInterface(Ci.nsIWebProgress);
webProgress.addProgressListener(this._progressListener,
Ci.nsIWebProgress.NOTIFY_STATE_WINDOW);
this._webProgress = webProgress; // for easy use later
// start loading the privacyURL
const loadFlags = Ci.nsIWebNavigation.LOAD_FLAGS_NONE;
frame.webNavigation.loadURI(privacyURL, loadFlags, null, null, null);
},
/**
* The nsIWebProgressListener used to watch the status of the load of the
* privacy policy; enables the OK button when the load completes.
*/
_progressListener:
{
onStateChange: function (aWebProgress, aRequest, aStateFlags, aStatus)
{
// enable the OK button when the request completes
const Ci = Components.interfaces, Cr = Components.results;
if ((aStateFlags & Ci.nsIWebProgressListener.STATE_STOP) &&
(aStateFlags & Ci.nsIWebProgressListener.STATE_IS_WINDOW)) {
// XXX check for load failure here!
document.documentElement.getButton("accept").disabled = false;
}
},
onProgressChange: function(aWebProgress, aRequest, aCurSelfProgress,
aMaxSelfProgress, aCurTotalProgress,
aMaxTotalProgress)
{
},
onStatusChange : function(aWebProgress, aRequest, aStatus, aMessage)
{
},
QueryInterface : function(aIID)
{
const Ci = Components.interfaces;
if (aIID.equals(Ci.nsIWebProgressListener) ||
aIID.equals(Ci.nsISupportsWeakReference) ||
aIID.equals(Ci.nsISupports))
return this;
throw Components.results.NS_NOINTERFACE;
}
},
/**
* Signals that the user accepted the privacy policy by setting the window
* arguments appropriately. Note that this does *not* change preferences;
* the opener of this dialog handles that.
*/
accept: function ()
{
window.arguments[0].userAgreed = true;
},
/**
* Clean up any XPCOM-JS cycles we may have created.
*/
uninit: function ()
{
// overly aggressive, but better safe than sorry
this._webProgress.removeProgressListener(this._progressListener);
this._progressListener = this._webProgress = null;
}
};

16
browser/components/preferences/phishEULA.xhtml Normal file
View File

@ -0,0 +1,16 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html [
<!ENTITY % htmlDTD
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"DTD/xhtml1-strict.dtd">
%htmlDTD;
<!ENTITY % phisheulaDTD
SYSTEM "chrome://browser/locale/safebrowsing/eula.dtd">
%phisheulaDTD;
]>
<html id="phish-eula"
xmlns="http://www.w3.org/1999/xhtml">
<body>&phish.eulatext;</body>
</html>

76
browser/components/preferences/phishEULA.xul Normal file
View File

@ -0,0 +1,76 @@
<?xml version="1.0"?>
# -*- Mode: Java; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Firefox Preferences System.
#
# The Initial Developer of the Original Code is
# Mozilla Corporation.
# Portions created by the Initial Developer are Copyright (C) 2006
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
# Jeff Walden <jwalden+bmo@mit.edu> (original author)
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
<?xml-stylesheet href="chrome://global/skin/"?>
<!DOCTYPE dialog SYSTEM "chrome://browser/locale/preferences/phishEULA.dtd">
<dialog id="phishDialog"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
title="&phishDialog.title;"
style="width: &phishDialog.width;; height: &phishDialog.height;;"
persist="screenX screenY width height"
onload="gPhishDialog.init();"
onunload="gPhishDialog.uninit();"
ondialogaccept="gPhishDialog.accept();"
buttonlabelaccept="&accept.label;"
buttonlabelcancel="&cancel.label;"
buttondisabledaccept="true">
<stringbundle id="bundle_phish"
src="chrome://browser/locale/preferences/preferences.properties"/>
<script type="application/javascript"
src="chrome://browser/content/preferences/phishEULA.js"/>
<description id="phishBefore"/>
<separator class="thin"/>
<vbox id="phishPolicy" flex="1">
<iframe id="phishPolicyFrame" type="content" flex="1" src=""/>
</vbox>
<separator class="thin"/>
<description id="phishAfter"/>
<separator class="thin"/>
</dialog>

110
browser/components/preferences/security.js
View File

@ -144,36 +144,43 @@ var gSecurityPane = {
/**
* Displays the currently-used phishing provider's EULA and offers the user
* the choice of cancelling the enabling of phishing.
* the choice of cancelling the enabling of phishing, but only if the user has
* not previously agreed to the provider's EULA before.
*
* @param providerNum
* the number of the provider whose policy should be displayed
* @returns bool
* true if the user still wants to enable phishing protection with
* the current provider, false otherwise
*/
_userAgreedToPhishingEULA: function ()
_userAgreedToPhishingEULA: function (providerNum)
{
// XXX this is hackish, and there's no nice URL support -- window with
// HTML file provided by anti-phishing provider later?
// create the opt-in preference element for the provider
const prefName = "browser.safebrowsing.provider." +
providerNum +
".privacy.optedIn";
var pref = document.createElement("preference");
pref.setAttribute("type", "bool");
pref.id = prefName;
pref.setAttribute("name", prefName);
document.getElementById("securityPreferences").appendChild(pref);
// XXX cache the EULAs to which the user has agreed so switching from
// "foo"->"bar" shows the EULA, but then a "bar"->"foo" check
// doesn't display the EULA again
// only show privacy policy if it hasn't already been shown or the user
// hasn't agreed to it
if (!pref.value) {
var rv = { userAgreed: false, providerNum: providerNum };
document.documentElement.openSubDialog("chrome://browser/content/preferences/phishEULA.xul",
"resizable", rv);
const Cc = Components.classes, Ci = Components.interfaces;
const IPS = Ci.nsIPromptService;
var ips = Cc["@mozilla.org/embedcomp/prompt-service;1"]
.getService(IPS);
var bundle = document.getElementById("bundlePreferences");
var btnPressed = ips.confirmEx(window,
bundle.getString("phishEULATitle"),
bundle.getString("phishEULAText"),
IPS.BUTTON_POS_0 * IPS.BUTTON_TITLE_IS_STRING +
IPS.BUTTON_POS_1 * IPS.BUTTON_TITLE_IS_STRING,
bundle.getString("phishEULAOK"),
bundle.getString("phishEULACancel"),
"",
"", {});
return (btnPressed == 0);
// mark this provider as having had its privacy policy accepted if it was
if (rv.userAgreed)
pref.value = true;
return rv.userAgreed;
}
// user has previously agreed
return true;
},
/**
@ -202,9 +209,11 @@ var gSecurityPane = {
writePhishChoice: function ()
{
var radio = document.getElementById("checkPhishChoice");
var provider = document.getElementById("browser.safebrowsing.dataProvider");
// display a privacy policy if onload checking is being enabled
if (radio.value == "true" && !this._userAgreedToPhishingEULA()) {
if (radio.value == "true" &&
!this._userAgreedToPhishingEULA(provider.value)) {
radio.value = "false";
return false;
}
@ -224,32 +233,62 @@ var gSecurityPane = {
var popup = document.getElementById(onloadPopupId);
if (!popup) {
var providers = Cc["@mozilla.org/preferences-service;1"]
.getService(Ci.nsIPrefService)
.getBranch("browser.safebrowsing.provider.");
var providerBranch = Cc["@mozilla.org/preferences-service;1"]
.getService(Ci.nsIPrefService)
.getBranch("browser.safebrowsing.provider.");
// fill in onload phishing list data
var kids = providers.getChildList("", {});
// fill in onload phishing list data -- but require a privacy policy
// URL be provided, and require it to be at a chrome URL so it's always
// available
var kids = providerBranch.getChildList("", {});
var providers = [];
var hasPrivacyPolicy = {};
for (var i = 0; i < kids.length; i++) {
var curr = kids[i];
var matches = curr.match(/^(\d+)\.name$/);
var matchesName = curr.match(/^(\d+)\.name$/);
var matchesPolicy = curr.match(/^(\d+)\.privacy\.url$/);
// skip preferences not of form "##.name"
if (!matches)
// skip preferences which aren't names or privacy URLs
if (!matchesName && !matchesPolicy)
continue;
if (matchesName)
providers.push(matchesName[1]);
else
hasPrivacyPolicy[matchesPolicy[1]] = true;
}
// construct the menu only from the providers with policies
for (var i = 0; i < providers.length; i++) {
// skip providers without a privacy policy
if (!(providers[i] in hasPrivacyPolicy))
continue;
// ensure privacy URL is a chrome URL
try {
var providerNum = providers[i];
var url = providerBranch.getCharPref(providerNum + ".privacy.url");
var scheme = Cc["@mozilla.org/network/io-service;1"].
getService(Ci.nsIIOService).
extractScheme(url);
if (scheme != "chrome")
throw "scheme must be chrome";
}
catch (e) {
// don't add this provider
continue;
}
if (!popup) {
popup = document.createElement("menupopup");
popup.id = onloadPopupId;
}
var providerNum = matches[1];
var providerName = providers.getCharPref(curr);
var providerName = providerBranch.getCharPref(providerNum + ".name");
var item = document.createElement("menuitem");
item.setAttribute("value", providerNum);
item.setAttribute("label", providerName);
popup.appendChild(item);
}
@ -267,7 +306,8 @@ var gSecurityPane = {
*/
onProviderChanged: function ()
{
if (!this._userAgreedToPhishingEULA()) {
var pref = document.getElementById("browser.safebrowsing.dataProvider");
if (!this._userAgreedToPhishingEULA(pref.value)) {
this._disableOnloadPhishChecks();
}
},

6
browser/components/preferences/security.xul
View File

@ -50,14 +50,16 @@
<prefpane id="paneSecurity" onpaneload="gSecurityPane.init();"
helpTopic="prefs-security" helpURI="chrome://browser/locale/help/help.rdf">
<preferences>
<preferences id="securityPreferences">
<!-- XXX buttons -->
<preference id="pref.privacy.disable_button.view_passwords"
name="pref.privacy.disable_button.view_passwords"
type="bool"/>
<!-- Add-ons, phishing -->
<preference id="xpinstall.whitelist.required" name="xpinstall.whitelist.required" type="bool"/>
<preference id="xpinstall.whitelist.required"
name="xpinstall.whitelist.required"
type="bool"/>
<preference id="browser.safebrowsing.enabled"
name="browser.safebrowsing.enabled"
type="bool"/>

14
browser/locales/en-US/chrome/browser/preferences/phishEULA.dtd Normal file
View File

@ -0,0 +1,14 @@
<!ENTITY phishDialog.title "Phishing Protection Privacy Agreement">
<!-- LOCALIZATION NOTE:
The following entities contain sizing information for the phishing privacy
agreement dialog, which is opened when you select the "Check by asking"
option as how the browser checks for phishing attempts (if you haven't
already agreed with the policy for that provider; once you agree to a
provider's policy, you don't see it again).
-->
<!ENTITY phishDialog.height "35em">
<!ENTITY phishDialog.width "35em">
<!ENTITY accept.label "Accept and Continue">
<!ENTITY cancel.label "Cancel">

14
browser/locales/en-US/chrome/browser/preferences/preferences.properties
View File

@ -16,14 +16,12 @@ addReader=Add New Reader...
#### Security
# LOCALIZATION NOTE:
# the next strings (phishEULATitle and phishEULAText) are here for b1 only;
# don't bother localizing them unless you've localized everything else,
# because they're going away because this is clearly a gross hack
phishEULATitle=Anti-Phishing Privacy Policy
phishEULAText=If you choose Google as your provider for Safe Browsing in Enhanced Protection mode, Google will receive the URLs of pages you visit for evaluation. When you click to accept, reject, or close the warning message that Safe Browsing gives you about a suspicious page, Google will log your action and the URL of the page. Google will receive standard log information <http://www.google.com/privacy_faq.html#serverlogs>, including a cookie, as part of this process. Google will not associate the information that Safe Browsing logs with other personal information about you. However, it is possible that a URL sent to Google may itself contain personal information. Please see the Google Privacy Policy <http://www.google.com/privacypolicy.html> for more information. Do you wish to use Google as your Safe Browsing provider?
phishEULACancel=Disable Safe Browsing
phishEULAOK=Use Google
# LOCALIZATION NOTE: phishBefore and phishAfter use %S to represent the name of
# the provider whose privacy policy must be accepted (for
# enabling check-every-page-as-I-load-it phishing
# protection).
phishBefore=Selecting this option will send the address of web pages you are viewing to %S. To continue, please review the following privacy agreement:
phishAfter=Do you want to accept this privacy agreement and ask %S about each site you visit?
setMasterPassword=Set Master Password...
setMasterPassword_accesskey=M

17
browser/locales/en-US/chrome/browser/safebrowsing/eula.dtd Normal file
View File

@ -0,0 +1,17 @@
<!ENTITY phish.eulatext "If you choose to check with Google about each site
you visit, Google will receive the URLs of pages you visit for evaluation.
When you click to accept, reject, or close the warning message that Phishing
Protection gives you about a suspicious page, Google will log your action
and the URL of the page. Google will receive standard
<a href='http://www.google.com/privacy_faq.html#serverlogs'
onclick='window.open(this.href);return false;'>log information</a>,
including a cookie, as part of this process. Google will not associate the
information that Phishing Protection logs with other personal information
about you. However, it is possible that a
<a href='http://www.google.com/privacy_faq.html#urls'
onclick='window.open(this.href);return false;'>URL</a> sent to Google may
itself contain personal information. Please see the
<a href='http://www.google.com/privacypolicy.html'
onclick='window.open(this.href);return false;'>Google Privacy Policy</a>
for more information.
">

6
browser/locales/jar.mn
View File

@ -40,8 +40,9 @@
* locale/browser/bookmarks/bookmarksProperties.dtd (%chrome/browser/bookmarks/bookmarksProperties.dtd)
#endif
#ifdef MOZ_SAFE_BROWSING
locale/browser/safebrowsing/phishing-afterload-warning-message.dtd (%chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd)
locale/browser/safebrowsing/report-phishing.dtd (%chrome/browser/safebrowsing/report-phishing.dtd)
locale/browser/safebrowsing/phishing-afterload-warning-message.dtd (%chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd)
locale/browser/safebrowsing/report-phishing.dtd (%chrome/browser/safebrowsing/report-phishing.dtd)
locale/browser/safebrowsing/eula.dtd (%chrome/browser/safebrowsing/eula.dtd)
#endif
#ifdef MOZ_FEEDS
locale/browser/feeds/subscribe.dtd (%chrome/browser/feeds/subscribe.dtd)
@ -65,6 +66,7 @@
locale/browser/preferences/main.dtd (%chrome/browser/preferences/main.dtd)
locale/browser/preferences/languages.dtd (%chrome/browser/preferences/languages.dtd)
locale/browser/preferences/permissions.dtd (%chrome/browser/preferences/permissions.dtd)
locale/browser/preferences/phishEULA.dtd (%chrome/browser/preferences/phishEULA.dtd)
locale/browser/preferences/preferences.dtd (%chrome/browser/preferences/preferences.dtd)
locale/browser/preferences/preferences.properties (%chrome/browser/preferences/preferences.properties)
locale/browser/preferences/privacy.dtd (%chrome/browser/preferences/privacy.dtd)