Bug #282491 --> Add a phishing notification bar to the message pane to alert the user to messages

which loook suspicious to Thunderbird.

sr=bienvenu

mail/base/content/mailWindowOverlay.js

@@ -65,6 +65,7 @@ const kAllowRemoteContent = 2;
 const kMsgNotificationNoStatus = 0;
 const kMsgNotificationJunkBar = 1;
 const kMsgNotificationRemoteImages = 2;
+const kMsgNotificationPhishingBar = 3;
 
 var gMessengerBundle;
 var gPromptService;
@@ -2195,6 +2196,15 @@ var gMessageNotificationBar =
                                   kMsgNotificationRemoteImages : kMsgNotificationNoStatus);
   },
 
+  // aUrl is the nsIURI for the message currently loaded in the message pane
+  setPhishingMsg: function(aUrl)
+  {
+    // The Junk message takes precedence over the phishing message...so skip this step
+    // if the message is already marked as junk
+    if (this.mMsgNotificationBar.selectedIndex != kMsgNotificationJunkBar && isMsgEmailScam(aUrl))
+      this.updateMsgNotificationBar(kMsgNotificationPhishingBar);
+  },
+
   clearMsgNotifications: function()
   {
     this.updateMsgNotificationBar(kMsgNotificationNoStatus);
@@ -2252,6 +2262,8 @@ function OnMsgParsed(aUrl)
 {
   if ("onQuickSearchNewMsgLoaded" in this)
     onQuickSearchNewMsgLoaded();
+  
+  gMessageNotificationBar.setPhishingMsg(aUrl);
 }
 
 function OnMsgLoaded(aUrl)

mail/base/content/mailWindowOverlay.xul

@@ -1950,10 +1950,15 @@
 
   <hbox id="remoteContentBar" class="msgNotificationBar" align="center">
     <image id="remoteContentImage"/>
-    <description flex="1" class="msgNotificationBarText">&remoteContenMessage.label;</description>
+    <description flex="1" class="msgNotificationBarText">&remoteContentMessage.label;</description>
     <spacer flex="1"/>
     <button label="&loadRemoteContentButton.label;" oncommand="LoadMsgWithRemoteContent()"/>
   </hbox>
+
+  <hbox id="phishingBar" class="msgNotificationBar" align="center">
+    <image id="phishingBarImage"/>
+    <description flex="1" class="msgNotificationBarText">&phishingBarMessage.label;</description>
+  </hbox>
 </deck>
 
 <statusbar class="chromeclass-status" id="status-bar">

mail/base/content/messenger.xul

@@ -389,7 +389,7 @@
           <hbox id="msgHeaderView"/>
           <browser id="messagepane" context="messagePaneContext" autofind="false"
                    minheight="1" flex="1" name="messagepane"
-                  disablehistory="true" type="content-primary" src="about:blank"
+                   disablehistory="true" type="content-primary" src="about:blank"
                    disablesecurity="true" onclick="return contentAreaClick(event);"/>
           <hbox id="attachmentView"/>
         </vbox>  

mail/base/content/phishingDetector.js

@@ -44,6 +44,35 @@ const kPhishingNotSuspicious = 0;
 const kPhishingWithIPAddress = 1;
 const kPhishingWithMismatchedHosts = 2;
 
+//////////////////////////////////////////////////////////////////////////////
+// isEmailScam --> examines the message currently loaded in the message pane
+//                 and returns true if we think that message is an e-mail scam. 
+//                 Assumes the message has been completely loaded in the message pane (i.e. OnMsgParsed has fired)
+// aUrl: nsIURI object for the msg we want to examine...
+//////////////////////////////////////////////////////////////////////////////
+function isMsgEmailScam(aUrl)
+{
+  var isEmailScam = false; 
+  if (!aUrl)
+    return isEmailScam;
+ 
+  // Ignore nntp and RSS messages
+  var folder = aUrl.folder;
+  if (folder.server.type == 'nntp' || folder.server.type == 'rss')
+    return isEmailScam;
+
+  // loop through all of the link nodes in the message's DOM, looking for phishing URLs...
+  var msgDocument = document.getElementById('messagepane').contentDocument;
+
+  // examine all anchor tags...
+  var anchorNodes = msgDocument.getElementsByTagName("a");
+  for (var index = 0; index < anchorNodes.length && !isEmailScam; index++)
+    isEmailScam = isPhishingURL(anchorNodes[index], true);
+
+  // we'll add more checks here as our detector matures....
+  return isEmailScam;
+}
+
 //////////////////////////////////////////////////////////////////////////////
 // isPhishingURL --> examines the passed in linkNode and returns true if we think
 //                   the URL is an email scam.

mail/base/skin/mac/primaryToolbar.css

@@ -473,3 +473,18 @@ toolbar[iconsize="small"] #button-next[disabled] {
   margin: 6px 6px 0px 6px;
   color: black;
 }
+
+#phishingBarImage {
+/* for now, temporarily copy the remote image icon until we can get a new one */
+  list-style-image: url("chrome://global/skin/console/console-toolbar.png");
+  -moz-image-region: rect(0px, 32px, 32px, 0px);
+}
+
+#phishingBar {
+  border: 1px solid #bfc790;
+  -moz-border-radius: 7px;
+  background-color: #EFF3D4;
+  padding: 3px 6px 4px 6px;
+  margin: 6px 6px 0px 6px;
+  color: black;
+}

mail/base/skin/primaryToolbar.css

@@ -464,3 +464,9 @@ toolbar[iconsize="small"] #button-mark[disabled] {
   list-style-image: url("chrome://messenger/skin/icons/remote-blocked.png"); 
   padding: 3px;
 }
+
+#phishingBarImage {
+/* for now, temporarily copy the remote image icon until we can get a new one */
+  list-style-image: url("chrome://messenger/skin/icons/remote-blocked.png"); 
+  padding: 3px;
+}

mail/locales/en-US/chrome/messenger/messenger.dtd

@@ -593,14 +593,17 @@
 <!ENTITY contextAddAllToAddressBook.accesskey "A">
 
 <!-- Junk Bar -->
-<!ENTITY junkBarMessage.label "&brandShortName; thinks this message is junk mail">
+<!ENTITY junkBarMessage.label "&brandShortName; thinks this message is junk.">
 <!ENTITY notJunkButton.label "This is Not Junk">
 <!ENTITY junkInfoButton.label "?">
 
 <!-- Remote Content Bar -->
-<!ENTITY remoteContenMessage.label "To protect your privacy, &brandShortName; has blocked remote images in this message." >
+<!ENTITY remoteContentMessage.label "To protect your privacy, &brandShortName; has blocked remote images in this message." >
 <!ENTITY loadRemoteContentButton.label "Show Images">
 
+<!-- Phshing bar Bar -->
+<!ENTITY phishingBarMessage.label "&brandShortName; thinks this message might be an email scam." >
+
 <!-- Search Bar -->
 <!ENTITY quickSearchCmd.key "k">