diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
index 0edbf931bde..5d5227bad2f 100644
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -603,6 +603,10 @@ pref("urlclassifier.alternate_error_page", "blocked");
// The number of random entries to send with a gethash request.
pref("urlclassifier.gethashnoise", 4);
+
+// URL for checking the reason for a malware warning.
+pref("browser.safebrowsing.malware.reportURL", "http://www.stopbadware.org/reports/container?source=@APP_UA_NAME@&version=@APP_VERSION@&reportname=");
+
#endif
// defaults to true
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index 82a59db83f6..1b77325b407 100644
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -2237,12 +2237,12 @@ function BrowserOnCommand(event) {
if (!event.isTrusted)
return;
+ var ot = event.originalTarget;
+ var errorDoc = ot.ownerDocument;
+
// If the event came from an ssl error page, it is probably either the "Add
// Exception…" or "Get me out of here!" button
- if (/^about:neterror\?e=nssBadCert/.test(event.originalTarget.ownerDocument.documentURI)) {
- var ot = event.originalTarget;
- var errorDoc = ot.ownerDocument;
-
+ if (/^about:neterror\?e=nssBadCert/.test(errorDoc.documentURI)) {
if (ot == errorDoc.getElementById('exceptionDialogButton')) {
var params = { exceptionAdded : false };
@@ -2265,23 +2265,66 @@ function BrowserOnCommand(event) {
errorDoc.location.reload();
}
else if (ot == errorDoc.getElementById('getMeOutOfHereButton')) {
- // Redirect them to a known-functioning page, default start page
- var prefs = Cc["@mozilla.org/preferences-service;1"]
- .getService(Ci.nsIPrefService).getDefaultBranch(null);
- var url = "about:blank";
- try {
- url = prefs.getComplexValue("browser.startup.homepage",
- Ci.nsIPrefLocalizedString).data;
- // If url is a pipe-delimited set of pages, just take the first one.
- if (url.indexOf("|") != -1)
- url = url.split("|")[0];
- } catch(e) {
- Components.utils.reportError("Couldn't get homepage pref: " + e);
- }
- content.location = url;
+ getMeOutOfHere();
}
}
+ else if (/^about:blocked/.test(errorDoc.documentURI)) {
+ // The event came from a button on a malware/phishing block page
+
+ if (ot == errorDoc.getElementById('getMeOutButton')) {
+ getMeOutOfHere();
+ }
+ else if (ot == errorDoc.getElementById('reportButton')) {
+ // This is the "Why is this site blocked" button. For malware,
+ // we can fetch a site-specific report, for phishing, we redirect
+ // to the generic page describing phishing protection.
+ if (/e=malwareBlocked/.test(errorDoc.documentURI)) {
+ // Get the stop badware "why is this blocked" report url,
+ // append the current url, and go there.
+ try {
+ var reportURL = gPrefService.getCharPref("browser.safebrowsing.malware.reportURL");
+ reportURL += content.location.href;
+ content.location = reportURL;
+ } catch (e) {
+ Components.utils.reportError("Couldn't get malware report URL: " + e);
+ }
+ }
+ else if (/e=phishingBlocked/.test(errorDoc.documentURI)) {
+ try {
+ content.location = Cc["@mozilla.org/toolkit/URLFormatterService;1"]
+ .getService(Components.interfaces.nsIURLFormatter)
+ .formatURLPref("browser.safebrowsing.warning.infoURL");
+ } catch (e) {
+ Components.utils.reportError("Couldn't get phishing info URL: " + e);
+ }
+ }
+ }
+ }
+}
+
+/**
+ * Re-direct the browser to a known-safe page. This function is
+ * used when, for example, the user browses to a known malware page
+ * and is presented with about:blocked. The "Get me out of here!"
+ * button should take the user to the default start page so that even
+ * when their own homepage is infected, we can get them somewhere safe.
+ */
+function getMeOutOfHere() {
+ // Get the start page from the *default* pref branch, not the user's
+ var prefs = Cc["@mozilla.org/preferences-service;1"]
+ .getService(Ci.nsIPrefService).getDefaultBranch(null);
+ var url = "about:blank";
+ try {
+ url = prefs.getComplexValue("browser.startup.homepage",
+ Ci.nsIPrefLocalizedString).data;
+ // If url is a pipe-delimited set of pages, just take the first one.
+ if (url.indexOf("|") != -1)
+ url = url.split("|")[0];
+ } catch(e) {
+ Components.utils.reportError("Couldn't get homepage pref: " + e);
}
+ content.location = url;
+}
function BrowserFullScreen()
{
diff --git a/browser/components/safebrowsing/content/blockedSite.xhtml b/browser/components/safebrowsing/content/blockedSite.xhtml
index 63a145e14c8..09785baf6a5 100644
--- a/browser/components/safebrowsing/content/blockedSite.xhtml
+++ b/browser/components/safebrowsing/content/blockedSite.xhtml
@@ -137,11 +137,11 @@
*/
function initPage_malware()
{
- document.title = sb.GetStringFromName("malware.title");
+ document.title = sb.GetStringFromName("malware.title2");
errorTitleText.textContent = document.title;
errorShortDescText.textContent = sb.formatStringFromName("malware.shortDesc",
[getHostString()], 1);
- errorLongDesc.innerHTML = sb.GetStringFromName("malware.longDesc");
+ errorLongDesc.innerHTML = sb.GetStringFromName("malware.longDesc2");
}
/**
@@ -149,26 +149,11 @@
*/
function initPage_phishing()
{
- document.title = sb.GetStringFromName("phishing.title");
+ document.title = sb.GetStringFromName("phishing.title2");
errorTitleText.textContent = document.title;
- errorShortDescText.textContent = sb.formatStringFromName("phishing.shortDesc",
+ errorShortDescText.textContent = sb.formatStringFromName("phishing.shortDesc2",
[getHostString()], 1);
-
- var longDesc = sb.GetStringFromName("phishing.longDesc");
-
- // If we have a more-info link for the phishing information, add it in,
- // otherwise just use the generic text
- var faqURL = Components.classes["@mozilla.org/toolkit/URLFormatterService;1"]
- .getService(Components.interfaces.nsIURLFormatter)
- .formatURLPref("browser.safebrowsing.warning.infoURL");
- if(faqURL && faqURL != "about:blank") {
- longDesc += sb.formatStringFromName("phishing.learnMoreLink",
- [brandShortName], 1);
- errorLongDesc.innerHTML = longDesc;
- document.getElementById("faqLink").setAttribute("href", faqURL);
- }
- else
- errorLongDesc.innerHTML = longDesc;
+ errorLongDesc.innerHTML = sb.GetStringFromName("phishing.longDesc2");
}
]]>
@@ -195,8 +180,11 @@
+
+ id="getMeOutButton" label="&safeb.palm.accept.label;"/>
+
diff --git a/browser/locales/en-US/chrome/browser/safebrowsing/blockedSite.properties b/browser/locales/en-US/chrome/browser/safebrowsing/blockedSite.properties
index 01fa5c35bca..d86a1461a9c 100644
--- a/browser/locales/en-US/chrome/browser/safebrowsing/blockedSite.properties
+++ b/browser/locales/en-US/chrome/browser/safebrowsing/blockedSite.properties
@@ -1,12 +1,7 @@
-malware.title=Suspected Attack Site!
+malware.title2=Reported Attack Site!
malware.shortDesc=The web site at %S has been reported as an attack site and has been blocked based on your security preferences.
-malware.longDesc=Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.
\nWeb site owners who believe their site has been reported as an attack site in error may request a review.
+malware.longDesc2=Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.
\nSome attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
-phishing.title=Suspected Web Forgery!
-phishing.shortDesc=The web site at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.
-phishing.longDesc=Entering any personal information on this page may result in identity theft or other fraud.
These types of web forgeries are used in scams known as phishing attacks, in which fraudulent web pages and emails are used to imitate sources you may trust.
-
-# Localization note (phishing.learnMoreLink): please leave the HTML tags as-is.
-# A localized href is pulled in from user preferences automatically. The anchor
-# text, as well as the rest of the sentence, should be translated.
-phishing.learnMoreLink=You can find out more about how %S protects you from phishing attacks.
+phishing.title2=Reported Web Forgery!
+phishing.shortDesc2=The web site at %S has been reported as a web forgery and has been blocked based on your security preferences.
+phishing.longDesc2=Web forgeries are designed to trick you into revealing personal or financial information by imitating sources you may trust.
Entering any information on this web page may result in identity theft or other fraud.
diff --git a/browser/locales/en-US/chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd b/browser/locales/en-US/chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd
index 04f99a6b4ce..568a853512c 100644
--- a/browser/locales/en-US/chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd
+++ b/browser/locales/en-US/chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd
@@ -13,5 +13,6 @@
+