Bug 346942 - Finalize anti-phishing UI, part 1. This changes UI to reflect the final anti-phishing UI as displayed directly in the preference window; changing the UI shown when switching from using a list to using on-load checking of URLs (currently a butt-ugly dialog) will be part 2. r=mconnor, r=markp on the a11y aspects of the patch

browser/components/preferences/security.js

@@ -132,41 +132,16 @@ var gSecurityPane = {
     var remoteLookup = document.getElementById("browser.safebrowsing.remoteLookups").value;
 
     var checkPhish = document.getElementById("checkPhishChoice");
-    var cacheList = document.getElementById("cacheProvider");
     var loadList = document.getElementById("onloadProvider");
     var onloadAfter = document.getElementById("onloadAfter");
 
     checkPhish.disabled = onloadAfter.disabled = !phishEnabled;
     loadList.disabled = !phishEnabled || !remoteLookup;
-    cacheList.disabled = !phishEnabled || remoteLookup;
 
     // don't override pref value
     return undefined;
   },
 
-  /**
-   * Displays a EULA for phishing detection if phishing detection is being
-   * enabled, allowing privacy wonks to not enable it if they want; otherwise,
-   * disables phishing protection.
-   */
-  writeCheckPhish: function ()
-  {
-    var checkbox = document.getElementById("checkMaybePhish");
-
-    // if the user's trying to enable phishing, we need to display a phishing
-    // EULA so he can choose not to enable it
-    if (checkbox.checked) {
-      var userAgreed = this._userAgreedToPhishingEULA();
-      // XXX I think this shouldn't be necessary and should be happening automatically, but it isn't
-      if (!userAgreed)
-        checkbox.checked = false;
-      return userAgreed;
-    }
-
-    // user disabling -- nothing to display, no preference value to override
-    return undefined;
-  },
-
   /**
    * Displays the currently-used phishing provider's EULA and offers the user
    * the choice of cancelling the enabling of phishing.
@@ -211,63 +186,30 @@ var gSecurityPane = {
     var phishPref = document.getElementById("browser.safebrowsing.enabled");
     var phishChoice = document.getElementById("browser.safebrowsing.remoteLookups");
 
-    var cachedList = document.getElementById("cacheProvider");
     var onloadList = document.getElementById("onloadProvider");
-
-    if (phishPref.value) {
-      cachedList.disabled = phishChoice.value;
+    if (phishPref.value)
       onloadList.disabled = !phishChoice.value;
-    }
 
     // don't override pref value
     return undefined;
   },
 
   /**
-   * Populates the menulist of providers of cached phishing lists if the
-   * menulist isn't already populated.
+   * Displays a privacy policy if the user enables onload anti-phishing
+   * checking. The policy must be accepted if onload checking is to be enabled,
+   * and if it isn't we revert to downloaded list-based checking.
    */
-  readCachedPhishProvider: function ()
+  writePhishChoice: function ()
   {
-    const Cc = Components.classes, Ci = Components.interfaces;
-    const cachePopupId = "cachePhishPopup";
-    var popup = document.getElementById(cachePopupId);
+    var radio = document.getElementById("checkPhishChoice");
 
-    if (!popup) {
-      var providers = Cc["@mozilla.org/preferences-service;1"]
-                        .getService(Ci.nsIPrefService)
-                        .getBranch("browser.safebrowsing.provider.");
-
-      // fill in onload phishing list data
-      var kids = providers.getChildList("", {});
-      for (var i = 0; i < kids.length; i++) {
-        var curr = kids[i];
-        var matches = curr.match(/^(\d+)\.name$/);
-
-        // skip preferences not of form "##.name"
-        if (!matches)
-          continue;
-
-        if (!popup) {
-          popup = document.createElement("menupopup");
-          popup.id = cachePopupId;
-        }
-
-        var providerNum = matches[1];
-        var providerName = providers.getCharPref(curr);
-
-        var item = document.createElement("menuitem");
-        item.setAttribute("value", providerNum);
-        item.setAttribute("label", providerName);
-
-        popup.appendChild(item);
-      }
-
-      var onloadProviders = document.getElementById("cacheProvider");
-      onloadProviders.appendChild(popup);
+    // display a privacy policy if onload checking is being enabled
+    if (radio.value == "true" && !this._userAgreedToPhishingEULA()) {
+      radio.value = "false";
+      return false;
     }
 
-    // don't override the preference value in determining the right menuitem
+    // don't override pref value
     return undefined;
   },
 
@@ -326,22 +268,20 @@ var gSecurityPane = {
   onProviderChanged: function ()
   {
     if (!this._userAgreedToPhishingEULA()) {
-      this._disablePhishingProtection();
+      this._disableOnloadPhishChecks();
     }
   },
 
   /**
-   * Turns off phishing protection and updates UI accordingly.
+   * Turns off onload phishing protection and updates UI accordingly.
    */
-  _disablePhishingProtection: function ()
+  _disableOnloadPhishChecks: function ()
   {
-    // XXX there aren't privacy concerns if using a cached phishing list --
-    //     maybe just switch to using that if the user doesn't agree to the
-    //     phishing EULA?
-    var checkbox = document.getElementById("checkMaybePhish");
-    var phishEnabled = document.getElementById("browser.safebrowsing.enabled");
-    phishEnabled.value = false;
-    this._pane.userChangedValue(checkbox);
+    var remoteLookup = document.getElementById("browser.safebrowsing.remoteLookups");
+    remoteLookup.value = false;
+
+    var radio = document.getElementById("checkPhishChoice");
+    this._pane.userChangedValue(radio);
   },
 
   // PASSWORDS

browser/components/preferences/security.xul

@@ -79,7 +79,10 @@
     <stringbundle id="bundlePreferences" src="chrome://browser/locale/preferences/preferences.properties"/>
 
     <!-- addons, forgery (phishing) UI -->
-    <groupbox id="addonsPhishingGroup">
+    <groupbox id="addonsPhishingGroup"
+              xmlns:xhtml2="http://www.w3.org/TR/xhtml2"
+              xmlns:wairole="http://www.w3.org/2005/01/wai-rdf/GUIRoleTaxonomy#"
+              xmlns:aaa="http://www.w3.org/2005/07/aaa">
       <hbox id="addonInstallBox">
         <checkbox id="warnAddonInstall" flex="1"
                   label="&warnAddonInstall.label;"
@@ -94,36 +97,33 @@
 
       <separator class="thin"/>
 
-      <checkbox id="checkMaybePhish"
-                label="&checkMaybePhish.label;"
-                accesskey="&checkMaybePhish.accesskey;"
+      <checkbox id="tellMaybeForgery"
+                label="&tellMaybeForgery.label;"
+                accesskey="&tellMaybeForgery.accesskey;"
                 preference="browser.safebrowsing.enabled"
-                onsyncfrompreference="return gSecurityPane.readCheckPhish();"
-                onsynctopreference="return gSecurityPane.writeCheckPhish();"/>
+                onsyncfrompreference="return gSecurityPane.readCheckPhish();"/>
       <radiogroup id="checkPhishChoice" class="indent"
                   preference="browser.safebrowsing.remoteLookups"
-                  onsyncfrompreference="return gSecurityPane.readPhishChoice();">
-        <hbox id="cachedBox" align="center">
-          <radio id="cachedRadio"
-                 label="&useCachedPhish.label;"
-                 accesskey="&useCachedPhish.accesskey;"
-                 value="false"/>
-          <menulist id="cacheProvider"
-                    preference="browser.safebrowsing.dataProvider"
-                    onsyncfrompreference="return gSecurityPane.readCachedPhishProvider();"/>
-          <label>&useCachedPhishAfter.label;</label>
-        </hbox>
-        <hbox id="onloadBox" align="center">
+                  onsyncfrompreference="return gSecurityPane.readPhishChoice();"
+                  onsynctopreference="return gSecurityPane.writePhishChoice();">
+        <radio id="cachedRadio"
+               label="&useDownloadedList.label;"
+               accesskey="&useDownloadedList.accesskey;"
+               value="false"/>
+        <hbox id="onloadBox" align="center" xhtml2:role="wairole:label">
           <radio id="onloadRadio"
-                 label="&checkPhishOnLoad.label;"
-                 accesskey="&checkPhishOnLoad.accesskey;"
+                 label="&askThirdParty.label;"
+                 accesskey="&askThirdParty.accesskey;"
                  value="true"/>
           <menulist id="onloadProvider"
                     preference="browser.safebrowsing.dataProvider"
-                    onsyncfrompreference="return gSecurityPane.readOnloadPhishProvider();"/>
-          <label id="onloadAfter">&checkPhishOnLoadAfter.label;</label>
+                    onsyncfrompreference="return gSecurityPane.readOnloadPhishProvider();"
+                    xhtml2:role="wairole:list"
+                    aaa:labelledby="onloadBox"/>
+          <label id="onloadAfter">&askThirdPartyAfter.label;</label>
         </hbox>
       </radiogroup>
+
     </groupbox>
 
     <!-- Passwords -->
@@ -165,7 +165,7 @@
       <caption label="&warnings.label;"/>
 
       <hbox id="chooseWarningsBox">
-        <description control="warningSettings" flex="1">&chooseWarnings.label;</description>
+        <label flex="1">&chooseWarnings.label;</label>
         <button id="warningSettings"
                 label="&warningSettings.label;"
                 accesskey="&warningSettings.accesskey;"

browser/locales/en-US/chrome/browser/preferences/security.dtd

@@ -1,37 +1,28 @@
 <!ENTITY  warnAddonInstall.label        "Warn me when sites try to install add-ons">
 <!ENTITY  warnAddonInstall.accesskey    "W">
 
-<!-- LOCALIZATION NOTE (checkMaybePhish.label):
+<!-- LOCALIZATION NOTE (tellMaybeForgery.label):
   The methods by which forged (phished) sites will be detected by phishing
   providers will vary from human review to machine-based heuristics to a
-  combination of both, so it's important that this string,
-  useCachedPhishAfter.label, and useCachedPhish.label convey the meaning
-  "suspected" (and not something like "known").
+  combination of both, so it's important that this string and
+  useDownloadedList.label convey the meaning "suspected" (and not something like
+  "known").
 -->
-<!ENTITY  checkMaybePhish.label     "Check to see if the site I'm loading is a suspected forgery">
-<!ENTITY  checkMaybePhish.accesskey "C">
+<!ENTITY  tellMaybeForgery.label     "Tell me if the site I'm visiting is a suspected forgery">
+<!ENTITY  tellMaybeForgery.accesskey "T">
 
+<!ENTITY  useDownloadedList.label     "Check using a downloaded list of suspected sites">
+<!ENTITY  useDownloadedList.accesskey "d">
 
-<!-- LOCALIZATION NOTE:
-  The entities useCachedPhish.label and useCachedPhishAfter.label
-  appear on a single line in preferences as follows:
+<!-- LOCALIZATION NOTE (askThirdParty.label):
+  The entities askThirdParty.label and askThirdPartyAfter.label appear on a
+  single line in preferences as follows:
 
-  &useCachedPhish.label  [ menulist of phishing list providers ]   &useCachedPhishAfter.label;
+  &askThirdParty.label  [ menulist of phishing list providers ]   &askThirdPartyAfter.label;
 -->
-
-<!ENTITY  useCachedPhish.label      "Use a list of suspected forgeries provided by">
-<!ENTITY  useCachedPhish.accesskey  "U">
-<!ENTITY  useCachedPhishAfter.label "">
-
-<!-- LOCALIZATION NOTE:
-  The entities checkPhishOnLoad.label and checkPhishOnLoadAfter.label appear on
-  a single line in preferences as follows:
-
-  &checkPhishOnLoad.label  [ menulist of phishing list providers ]   &checkPhishOnLoadAfter.label;
--->
-<!ENTITY  checkPhishOnLoad.label        "Ask">
-<!ENTITY  checkPhishOnLoad.accesskey    "A">
-<!ENTITY  checkPhishOnLoadAfter.label   "to check every site I visit">
+<!ENTITY  askThirdParty.label        "Check by asking">
+<!ENTITY  askThirdParty.accesskey    "a">
+<!ENTITY  askThirdPartyAfter.label   "about each site I visit">
 
 <!ENTITY  addonExceptions.label         "Exceptions...">
 <!ENTITY  addonExceptions.accesskey     "E">