Bug 399233 - "Phishing UI hidden by content, inconsistent with malware" [p=johnath r=tony r=biesi ui-r=beltzner a=blocking-firefox3+ for M9]
This commit is contained in:
Родитель
78055c441c
Коммит
8850553178
|
@ -539,6 +539,10 @@ pref("browser.safebrowsing.provider.0.reportPhishURL", "http://{moz:locale}.phis
|
|||
|
||||
// FAQ URL
|
||||
pref("browser.safebrowsing.warning.infoURL", "http://%LOCALE%.www.mozilla.com/%LOCALE%/firefox/phishing-protection/");
|
||||
|
||||
// Name of the about: page contributed by safebrowsing to handle display of error
|
||||
// pages on phishing/malware hits. (bug 399233)
|
||||
pref("urlclassifier.alternate_error_page", "blocked");
|
||||
#endif
|
||||
|
||||
// defaults to true
|
||||
|
|
|
@ -38,8 +38,8 @@
|
|||
var gDataProvider = null;
|
||||
|
||||
// An instance of our application is a PROT_Application object. It
|
||||
// basically just populates a few globals and instantiates wardens and
|
||||
// the listmanager.
|
||||
// basically just populates a few globals and instantiates wardens,
|
||||
// the listmanager, and the about:blocked error page.
|
||||
|
||||
/**
|
||||
* An instance of our application. There should be exactly one of these.
|
||||
|
@ -100,3 +100,30 @@ function PROT_Application() {
|
|||
PROT_Application.prototype.getReportURL = function(name) {
|
||||
return gDataProvider["getReport" + name + "URL"]();
|
||||
}
|
||||
|
||||
/**
|
||||
* about:blocked implementation
|
||||
*/
|
||||
PROT_Application.prototype.newChannel = function(uri) {
|
||||
var ioService = Cc["@mozilla.org/network/io-service;1"]
|
||||
.getService(Ci.nsIIOService);
|
||||
var childURI = ioService.newURI("chrome://browser/content/safebrowsing/blockedSite.xhtml",
|
||||
null, null);
|
||||
var channel = ioService.newChannelFromURI(childURI);
|
||||
channel.originalURI = uri;
|
||||
|
||||
return channel;
|
||||
}
|
||||
|
||||
PROT_Application.prototype.getURIFlags = function(uri) {
|
||||
return Ci.nsIAboutModule.ALLOW_SCRIPT;
|
||||
}
|
||||
|
||||
PROT_Application.prototype.QueryInterface = function(iid) {
|
||||
if (iid.equals(Ci.nsISupports) ||
|
||||
iid.equals(Ci.nsIAboutModule))
|
||||
return this;
|
||||
|
||||
Components.returnCode = Components.results.NS_ERROR_NO_INTERFACE;
|
||||
return null;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,210 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<!DOCTYPE html [
|
||||
<!ENTITY % htmlDTD PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
|
||||
%htmlDTD;
|
||||
<!ENTITY % globalDTD SYSTEM "chrome://global/locale/global.dtd">
|
||||
%globalDTD;
|
||||
<!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd" >
|
||||
%brandDTD;
|
||||
<!ENTITY % blockedSiteDTD SYSTEM "chrome://browser/locale/safebrowsing/phishing-afterload-warning-message.dtd">
|
||||
%blockedSiteDTD;
|
||||
]>
|
||||
|
||||
<!-- ***** BEGIN LICENSE BLOCK *****
|
||||
- Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
-
|
||||
- The contents of this file are subject to the Mozilla Public License Version
|
||||
- 1.1 (the "License"); you may not use this file except in compliance with
|
||||
- the License. You may obtain a copy of the License at
|
||||
- http://www.mozilla.org/MPL/
|
||||
-
|
||||
- Software distributed under the License is distributed on an "AS IS" basis,
|
||||
- WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
- for the specific language governing rights and limitations under the
|
||||
- License.
|
||||
-
|
||||
- The Original Code is mozilla.org code.
|
||||
-
|
||||
- The Initial Developer of the Original Code is
|
||||
- Netscape Communications Corporation.
|
||||
- Portions created by the Initial Developer are Copyright (C) 1998
|
||||
- the Initial Developer. All Rights Reserved.
|
||||
-
|
||||
- Contributor(s):
|
||||
- Adam Lock <adamlock@netscape.com>
|
||||
- William R. Price <wrprice@alumni.rice.edu>
|
||||
- Henrik Skupin <mozilla@hskupin.info>
|
||||
- Jeff Walden <jwalden+code@mit.edu>
|
||||
- Johnathan Nightingale <johnath@mozilla.com>
|
||||
-
|
||||
- Alternatively, the contents of this file may be used under the terms of
|
||||
- either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
- the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
- in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
- of those above. If you wish to allow use of your version of this file only
|
||||
- under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
- use your version of this file under the terms of the MPL, indicate your
|
||||
- decision by deleting the provisions above and replace them with the notice
|
||||
- and other provisions required by the LGPL or the GPL. If you do not delete
|
||||
- the provisions above, a recipient may use your version of this file under
|
||||
- the terms of any one of the MPL, the GPL or the LGPL.
|
||||
-
|
||||
- ***** END LICENSE BLOCK ***** -->
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" class="blacklist">
|
||||
<head>
|
||||
<link rel="stylesheet" href="chrome://global/skin/netError.css" type="text/css" media="all" />
|
||||
<link rel="icon" type="image/png" id="favicon" href="chrome://global/skin/icons/blacklist_favicon.png"/>
|
||||
|
||||
<script type="application/javascript" src="chrome://global/content/strres.js"/>
|
||||
<script type="application/javascript"><![CDATA[
|
||||
// Error url MUST be formatted like this:
|
||||
// about:blocked?e=error_code&u=url
|
||||
|
||||
// Note that this file uses document.documentURI to get
|
||||
// the URL (with the format from above). This is because
|
||||
// document.location.href gets the current URI off the docshell,
|
||||
// which is the URL displayed in the location bar, i.e.
|
||||
// the URI that the user attempted to load.
|
||||
|
||||
function getErrorCode()
|
||||
{
|
||||
var url = document.documentURI;
|
||||
var error = url.search(/e\=/);
|
||||
var duffUrl = url.search(/\&u\=/);
|
||||
return decodeURIComponent(url.slice(error + 2, duffUrl));
|
||||
}
|
||||
|
||||
function getURL()
|
||||
{
|
||||
var url = document.documentURI;
|
||||
var index = url.search(/u\=/);
|
||||
|
||||
// index == -1 if not found; if so, return an empty string
|
||||
// instead of what would turn out to be portions of the URI
|
||||
if (index == -1)
|
||||
return "";
|
||||
|
||||
return decodeURIComponent(url.slice(index + 2));
|
||||
}
|
||||
|
||||
/**
|
||||
* Attempt to parse the result of getURL and extract a hostname. Fail back
|
||||
* to getURL so that we always return something meaningful.
|
||||
*/
|
||||
function getHostString()
|
||||
{
|
||||
var ios = Components.classes["@mozilla.org/network/io-service;1"]
|
||||
.getService(Components.interfaces.nsIIOService);
|
||||
var url = getURL();
|
||||
try {
|
||||
return ios.newURI(url, null, null).host;
|
||||
} catch (e) {
|
||||
return url;
|
||||
}
|
||||
}
|
||||
|
||||
// Elements that tend to need content set
|
||||
var errorTitleText, errorShortDescText, errorLongDesc, errorLongDescText;
|
||||
|
||||
// The string bundles managing strings for various blocked page scenarios
|
||||
var sb = srGetStrBundle("chrome://browser/locale/safebrowsing/blockedSite.properties");
|
||||
var brandBundle = srGetStrBundle("chrome://branding/locale/brand.properties");
|
||||
var brandShortName = brandBundle.GetStringFromName("brandShortName");
|
||||
|
||||
function initPage()
|
||||
{
|
||||
// Set up the cached elements
|
||||
errorTitleText = document.getElementById("errorTitleText");
|
||||
errorShortDescText = document.getElementById("errorShortDescText");
|
||||
errorLongDesc = document.getElementById("errorLongDesc");
|
||||
errorLongDescText = document.getElementById("errorLongDescText");
|
||||
|
||||
// Handoff to the appropriate initializer, based on error code
|
||||
switch(getErrorCode()) {
|
||||
case "malwareBlocked" :
|
||||
initPage_malware();
|
||||
break;
|
||||
case "phishingBlocked" :
|
||||
initPage_phishing();
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Initialize custom strings and functionality for blocked malware case
|
||||
*/
|
||||
function initPage_malware()
|
||||
{
|
||||
document.title = sb.GetStringFromName("malware.title");
|
||||
errorTitleText.textContent = document.title;
|
||||
errorShortDescText.textContent = sb.formatStringFromName("malware.shortDesc",
|
||||
[getHostString()], 1);
|
||||
errorLongDesc.innerHTML = sb.GetStringFromName("malware.longDesc");
|
||||
}
|
||||
|
||||
/**
|
||||
* Initialize custom strings and functionality for blocked phishing case
|
||||
*/
|
||||
function initPage_phishing()
|
||||
{
|
||||
document.title = sb.GetStringFromName("phishing.title");
|
||||
errorTitleText.textContent = document.title;
|
||||
errorShortDescText.textContent = sb.formatStringFromName("phishing.shortDesc",
|
||||
[getHostString()], 1);
|
||||
|
||||
var longDesc = sb.GetStringFromName("phishing.longDesc");
|
||||
|
||||
// If we have a more-info link for the phishing information, add it in,
|
||||
// otherwise just use the generic text
|
||||
var faqURL = Components.classes["@mozilla.org/toolkit/URLFormatterService;1"]
|
||||
.getService(Components.interfaces.nsIURLFormatter)
|
||||
.formatURLPref("browser.safebrowsing.warning.infoURL");
|
||||
if(faqURL && faqURL != "about:blank") {
|
||||
longDesc += sb.formatStringFromName("phishing.learnMoreLink",
|
||||
[brandShortName], 1);
|
||||
errorLongDesc.innerHTML = longDesc;
|
||||
document.getElementById("faqLink").setAttribute("href", faqURL);
|
||||
}
|
||||
else
|
||||
errorLongDesc.innerHTML = longDesc;
|
||||
}
|
||||
]]></script>
|
||||
</head>
|
||||
|
||||
<body dir="&locale.dir;">
|
||||
<div id="errorPageContainer">
|
||||
|
||||
<!-- Error Title -->
|
||||
<div id="errorTitle">
|
||||
<h1 id="errorTitleText" />
|
||||
</div>
|
||||
|
||||
<div id="errorLongContent">
|
||||
|
||||
<!-- Short Description -->
|
||||
<div id="errorShortDesc">
|
||||
<p id="errorShortDescText" />
|
||||
</div>
|
||||
|
||||
<!-- Long Description -->
|
||||
<div id="errorLongDesc">
|
||||
<p id="errorLongDescText" />
|
||||
</div>
|
||||
|
||||
<!-- Action buttons -->
|
||||
<div id="buttons">
|
||||
<xul:button xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
|
||||
id="getMeOutButton" label="&safeb.palm.accept.label;" oncommand="window.home();" />
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<!--
|
||||
- Note: It is important to run the script this way, instead of using
|
||||
- an onload handler. This is because error pages are loaded as
|
||||
- LOAD_BACKGROUND, which means that onload handlers will not be executed.
|
||||
-->
|
||||
<script type="application/javascript">initPage();</script>
|
||||
</body>
|
||||
</html>
|
|
@ -64,6 +64,13 @@ function PROT_MalwareWarden() {
|
|||
"a:1:" + testData.length + "\n" +
|
||||
testData +
|
||||
"\n";
|
||||
|
||||
testData = "mozilla.com/firefox/its-a-trap.html";
|
||||
testUpdate +=
|
||||
"n:1000\ni:test-phish-simple\nad:1\n" +
|
||||
"a:1:" + testData.length + "\n" +
|
||||
testData +
|
||||
"\n";
|
||||
|
||||
var dbService_ = Cc["@mozilla.org/url-classifier/dbservice;1"]
|
||||
.getService(Ci.nsIUrlClassifierDBService);
|
||||
|
|
|
@ -532,26 +532,7 @@ PROT_PhishMsgDisplayerCanvas.inherits(PROT_PhishMsgDisplayerBase);
|
|||
* Displays the warning message. First we make sure the overlay is loaded
|
||||
* then call showMessageAfterOverlay_.
|
||||
*/
|
||||
PROT_PhishMsgDisplayerCanvas.prototype.showMessage_ = function() {
|
||||
G_Debug(this, "Showing message.");
|
||||
|
||||
// Load the overlay if we haven't already.
|
||||
var dimmer = this.doc_.getElementById('safebrowsing-dim-area-canvas');
|
||||
if (!dimmer) {
|
||||
var onOverlayMerged = BindToObject(this.showMessageAfterOverlay_,
|
||||
this);
|
||||
var observer = new G_ObserverWrapper("xul-overlay-merged",
|
||||
onOverlayMerged);
|
||||
|
||||
this.doc_.loadOverlay(
|
||||
"chrome://browser/content/safebrowsing/warning-overlay.xul",
|
||||
observer);
|
||||
} else {
|
||||
// The overlay is already loaded so we go ahead and call
|
||||
// showMessageAfterOverlay_.
|
||||
this.showMessageAfterOverlay_();
|
||||
}
|
||||
}
|
||||
PROT_PhishMsgDisplayerCanvas.prototype.showMessage_ = function() { }
|
||||
|
||||
/**
|
||||
* This does the actual work of showing the warning message.
|
||||
|
@ -678,34 +659,7 @@ PROT_PhishMsgDisplayerCanvas.prototype.isVisibleElement_ = function(elt) {
|
|||
/**
|
||||
* Hide the warning message from the user.
|
||||
*/
|
||||
PROT_PhishMsgDisplayerCanvas.prototype.hideMessage_ = function() {
|
||||
G_Debug(this, "Hiding phishing warning.");
|
||||
G_Assert(this, this.messageShowing_, "Hide message called but not showing?");
|
||||
|
||||
this.messageShowing_ = false;
|
||||
this.repainter_.cancel();
|
||||
this.repainter_ = null;
|
||||
|
||||
// Hide the warning popup.
|
||||
var message = this.doc_.getElementById(this.messageId_);
|
||||
message.hidden = true;
|
||||
message.style.display = "none";
|
||||
var content = this.doc_.getElementById(this.messageContentId_);
|
||||
content.style.height = "";
|
||||
content.style.overflow = "";
|
||||
|
||||
var tail = this.doc_.getElementById(this.messageTailId_);
|
||||
tail.hidden = true;
|
||||
tail.style.display = "none";
|
||||
|
||||
// Remove the canvas element from the chrome document.
|
||||
var pageCanvas = this.doc_.getElementById(this.pageCanvasId_);
|
||||
pageCanvas.parentNode.removeChild(pageCanvas);
|
||||
|
||||
// Hide the dimmer.
|
||||
var dimarea = this.doc_.getElementById(this.dimAreaId_);
|
||||
dimarea.hidden = true;
|
||||
}
|
||||
PROT_PhishMsgDisplayerCanvas.prototype.hideMessage_ = function() { }
|
||||
|
||||
|
||||
/**
|
||||
|
|
|
@ -3,4 +3,5 @@ browser.jar:
|
|||
* content/browser/safebrowsing/sb-loader.js (content/sb-loader.js)
|
||||
+ content/browser/safebrowsing/warning-overlay.xul (content/warning-overlay.xul)
|
||||
+ content/browser/safebrowsing/report-phishing-overlay.xul (content/report-phishing-overlay.xul)
|
||||
+ content/browser/safebrowsing/blockedSite.xhtml (content/blockedSite.xhtml)
|
||||
% overlay chrome://browser/content/browser.xul chrome://browser/content/safebrowsing/report-phishing-overlay.xul
|
||||
|
|
|
@ -61,6 +61,13 @@ SafebrowsingApplicationMod.prototype.registerSelf = function(compMgr, fileSpec,
|
|||
fileSpec,
|
||||
loc,
|
||||
type);
|
||||
|
||||
compMgr.registerFactoryLocation(this.cid,
|
||||
"UrlClassifier Blocked Error Page",
|
||||
"@mozilla.org/network/protocol/about;1?what=blocked",
|
||||
fileSpec,
|
||||
loc,
|
||||
type);
|
||||
};
|
||||
|
||||
SafebrowsingApplicationMod.prototype.getClassObject = function(compMgr, cid, iid) {
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
malware.title=Suspected Attack Site!
|
||||
malware.shortDesc=The web site at %S has been reported as an attack site, and has been blocked based on your security preferences.
|
||||
malware.longDesc=<p>Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.</p>\n<p>Web site owners who believe their site has been reported as an attack site in error may <a href='http://www.stopbadware.org/home/reviewinfo' >request a review</a>.</p>
|
||||
|
||||
phishing.title=Suspected Web Forgery!
|
||||
phishing.shortDesc=The web site at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.
|
||||
phishing.longDesc=<p>Entering any personal information on this page may result in identity theft or other fraud.</p><p>These types of web forgeries are used in scams known as phishing attacks, in which fraudulent web pages and emails are used to imitate sources you may trust.</p>
|
||||
|
||||
# Localization note (phishing.learnMoreLink): please leave the <a id="faqLink" href=""> text
|
||||
# as-is. A localized href is pulled in from user preferences automatically.
|
||||
phishing.learnMoreLink=<p>You can find out more about <a id="faqLink" href="">how %S protects you</a> from phishing attacks.</p>
|
|
@ -60,3 +60,4 @@ externalProtocolUnknown=<Unknown>
|
|||
externalProtocolChkMsg=Remember my choice for all links of this type.
|
||||
externalProtocolLaunchBtn=Launch application
|
||||
malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences.
|
||||
phishingBlocked=The web site at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.
|
||||
|
|
|
@ -140,3 +140,9 @@
|
|||
<p>Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.</p>
|
||||
<p>Web site owners who believe their site has been reported as an attack site in error may <a href='http://www.stopbadware.org/home/reviewinfo' >request a review</a>.</p>
|
||||
">
|
||||
|
||||
<!ENTITY phishingBlocked.title "Suspected Web Forgery!">
|
||||
<!ENTITY phishingBlocked.longDesc "
|
||||
<p>Entering any personal information on this page may result in identity theft or other fraud.</p>
|
||||
<p>These types of web forgeries are used in scams known as phishing attacks, in which fraudulent web pages and emails are used to imitate sources you may trust.</p>
|
||||
">
|
||||
|
|
|
@ -37,6 +37,7 @@
|
|||
#ifdef MOZ_SAFE_BROWSING
|
||||
locale/browser/safebrowsing/phishing-afterload-warning-message.dtd (%chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd)
|
||||
locale/browser/safebrowsing/report-phishing.dtd (%chrome/browser/safebrowsing/report-phishing.dtd)
|
||||
locale/browser/safebrowsing/blockedSite.properties (%chrome/browser/safebrowsing/blockedSite.properties)
|
||||
#endif
|
||||
locale/browser/feeds/subscribe.dtd (%chrome/browser/feeds/subscribe.dtd)
|
||||
locale/browser/feeds/subscribe.properties (%chrome/browser/feeds/subscribe.properties)
|
||||
|
|
|
@ -2853,6 +2853,9 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI *aURI,
|
|||
nsresult rv = NS_OK;
|
||||
nsAutoString messageStr;
|
||||
nsCAutoString cssClass;
|
||||
nsCAutoString errorPage;
|
||||
|
||||
errorPage.AssignLiteral("neterror");
|
||||
|
||||
// Turn the error code into a human readable error message.
|
||||
if (NS_ERROR_UNKNOWN_PROTOCOL == aError) {
|
||||
|
@ -2947,6 +2950,25 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI *aURI,
|
|||
}
|
||||
if (!messageStr.IsEmpty())
|
||||
error.AssignLiteral("nssFailure2");
|
||||
} else if (NS_ERROR_PHISHING_URI == aError || NS_ERROR_MALWARE_URI == aError) {
|
||||
nsCAutoString host;
|
||||
aURI->GetHost(host);
|
||||
CopyUTF8toUTF16(host, formatStrs[0]);
|
||||
formatStrCount = 1;
|
||||
|
||||
// Malware and phishing detectors may want to use an alternate error
|
||||
// page, but if the pref's not set, we'll fall back on the standard page
|
||||
nsXPIDLCString alternateErrorPage;
|
||||
mPrefs->GetCharPref("urlclassifier.alternate_error_page",
|
||||
getter_Copies(alternateErrorPage));
|
||||
if (alternateErrorPage)
|
||||
errorPage.Assign(alternateErrorPage);
|
||||
|
||||
if (NS_ERROR_PHISHING_URI == aError)
|
||||
error.AssignLiteral("phishingBlocked");
|
||||
else
|
||||
error.AssignLiteral("malwareBlocked");
|
||||
cssClass.AssignLiteral("blacklist");
|
||||
}
|
||||
else {
|
||||
// Errors requiring simple formatting
|
||||
|
@ -2993,15 +3015,6 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI *aURI,
|
|||
// Bad Content Encoding.
|
||||
error.AssignLiteral("contentEncodingError");
|
||||
break;
|
||||
case NS_ERROR_MALWARE_URI:
|
||||
nsCAutoString host;
|
||||
aURI->GetHost(host);
|
||||
CopyUTF8toUTF16(host, formatStrs[0]);
|
||||
formatStrCount = 1;
|
||||
|
||||
error.AssignLiteral("malwareBlocked");
|
||||
cssClass.AssignLiteral("blacklist");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -3042,8 +3055,8 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI *aURI,
|
|||
// URI object. Missing URI objects are handled badly by session history.
|
||||
if (mUseErrorPages && aURI && aFailedChannel) {
|
||||
// Display an error page
|
||||
LoadErrorPage(aURI, aURL, error.get(), messageStr.get(),
|
||||
cssClass.get(), aFailedChannel);
|
||||
LoadErrorPage(aURI, aURL, errorPage.get(), error.get(),
|
||||
messageStr.get(), cssClass.get(), aFailedChannel);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -3066,6 +3079,7 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI *aURI,
|
|||
|
||||
NS_IMETHODIMP
|
||||
nsDocShell::LoadErrorPage(nsIURI *aURI, const PRUnichar *aURL,
|
||||
const char *aErrorPage,
|
||||
const PRUnichar *aErrorType,
|
||||
const PRUnichar *aDescription,
|
||||
const char *aCSSClass,
|
||||
|
@ -3135,7 +3149,9 @@ nsDocShell::LoadErrorPage(nsIURI *aURI, const PRUnichar *aURL,
|
|||
char *escapedDescription = nsEscape(NS_ConvertUTF16toUTF8(aDescription).get(), url_Path);
|
||||
char *escapedCSSClass = nsEscape(aCSSClass, url_Path);
|
||||
|
||||
nsCString errorPageUrl("about:neterror?e=");
|
||||
nsCString errorPageUrl("about:");
|
||||
errorPageUrl.AppendASCII(aErrorPage);
|
||||
errorPageUrl.AppendLiteral("?e=");
|
||||
|
||||
errorPageUrl.AppendASCII(escapedError);
|
||||
errorPageUrl.AppendLiteral("&u=");
|
||||
|
|
|
@ -404,7 +404,8 @@ protected:
|
|||
const PRUnichar *aURL,
|
||||
nsIChannel* aFailedChannel = nsnull);
|
||||
NS_IMETHOD LoadErrorPage(nsIURI *aURI, const PRUnichar *aURL,
|
||||
const PRUnichar *aPage,
|
||||
const char *aErrorPage,
|
||||
const PRUnichar *aErrorType,
|
||||
const PRUnichar *aDescription,
|
||||
const char *aCSSClass,
|
||||
nsIChannel* aFailedChannel);
|
||||
|
|
|
@ -1195,6 +1195,7 @@ nsresult nsWebShell::EndPageLoad(nsIWebProgress *aProgress,
|
|||
aStatus == NS_ERROR_NET_INTERRUPT ||
|
||||
aStatus == NS_ERROR_NET_RESET ||
|
||||
aStatus == NS_ERROR_MALWARE_URI ||
|
||||
aStatus == NS_ERROR_PHISHING_URI ||
|
||||
NS_ERROR_GET_MODULE(aStatus) == NS_ERROR_MODULE_SECURITY) {
|
||||
DisplayLoadError(aStatus, url, nsnull, channel);
|
||||
}
|
||||
|
|
|
@ -60,3 +60,4 @@ externalProtocolUnknown=<Unknown>
|
|||
externalProtocolChkMsg=Remember my choice for all links of this type.
|
||||
externalProtocolLaunchBtn=Launch application
|
||||
malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences.
|
||||
phishingBlocked=The web site at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.
|
||||
|
|
|
@ -59,3 +59,9 @@
|
|||
<p>Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.</p>
|
||||
<p>Web site owners who believe their site has been reported as an attack site in error may <a href='http://www.stopbadware.org/home/reviewinfo' >request a review</a>.</p>
|
||||
">
|
||||
|
||||
<!ENTITY phishingBlocked.title "Suspected Web Forgery!">
|
||||
<!ENTITY phishingBlocked.longDesc "
|
||||
<p>Entering any personal information on this page may result in identity theft or other fraud.</p>
|
||||
<p>These types of web forgeries are used in scams known as phishing attacks, in which fraudulent web pages and emails are used to imitate sources you may trust.</p>
|
||||
">
|
||||
|
|
|
@ -2107,6 +2107,13 @@ nsUrlClassifierClassifyCallback::HandleEvent(const nsACString& tables)
|
|||
tables.EndReading(end);
|
||||
if (FindInReadable(NS_LITERAL_CSTRING("-malware-"), begin, end)) {
|
||||
response = NS_ERROR_MALWARE_URI;
|
||||
} else {
|
||||
// Reset begin before checking phishing table
|
||||
tables.BeginReading(begin);
|
||||
|
||||
if (FindInReadable(NS_LITERAL_CSTRING("-phish-"), begin, end)) {
|
||||
response = NS_ERROR_PHISHING_URI;
|
||||
}
|
||||
}
|
||||
|
||||
mCallback->OnClassifyComplete(response);
|
||||
|
|
|
@ -93,9 +93,10 @@ protected:
|
|||
};
|
||||
|
||||
/**
|
||||
* The load has been cancelled because it was found on a malware blacklist.
|
||||
* The load has been cancelled because it was found on a malware or phishing blacklist.
|
||||
* XXX: this belongs in an nsDocShellErrors.h file of some sort.
|
||||
*/
|
||||
#define NS_ERROR_MALWARE_URI NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_URILOADER, 30)
|
||||
#define NS_ERROR_PHISHING_URI NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_URILOADER, 31)
|
||||
|
||||
#endif /* nsURILoader_h__ */
|
||||
|
|
Загрузка…
Ссылка в новой задаче