Bug 340740 - Need provider EULA to display on enhanced mode. Note: this is a hack for b1 -- what's here is *not* what will be in future versions (thank God). ui=beltzner, r=tony

2006-07-06 18:37:55 +00:00 · 2006-07-06 18:37:55 +00:00 · 8e4d41645d
--- a/browser/components/preferences/security.js
+++ b/browser/components/preferences/security.js
@ -114,6 +114,12 @@ var gSecurityPane = {
   * browser.safebrowsing.remoteLookups
   * - true if every site is checked against a remote phishing provider for
   *   safety on load, false if a cached list should be used instead
+   * browser.safebrowsing.dataProvider
+   * - integer identifying the current anti-phishing provider in use
+   * browser.safebrowsing.provider.<number>.<property>
+   * - identifies each installed Safe Browsing provider; the provider's name is
+   *   stored in the "name" property, and the various URLs used in Safe Browsing
+   *   detection comprise the values of the rest of the properties
   */

  /**
@ -138,6 +144,63 @@ var gSecurityPane = {
    return undefined;
  },

+  /**
+   * Displays a EULA for phishing detection if phishing detection is being
+   * enabled, allowing privacy wonks to not enable it if they want; otherwise,
+   * disables phishing protection.
+   */
+  writeCheckPhish: function ()
+  {
+    var checkbox = document.getElementById("checkMaybePhish");
+
+    // if the user's trying to enable phishing, we need to display a phishing
+    // EULA so he can choose not to enable it
+    if (checkbox.checked) {
+      var userAgreed = this._userAgreedToPhishingEULA();
+      // XXX I think this shouldn't be necessary and should be happening automatically, but it isn't
+      if (!userAgreed)
+        checkbox.checked = false;
+      return userAgreed;
+    }
+
+    // user disabling -- nothing to display, no preference value to override
+    return undefined;
+  },
+
+  /**
+   * Displays the currently-used phishing provider's EULA and offers the user
+   * the choice of cancelling the enabling of phishing.
+   *
+   * @returns bool
+   *          true if the user still wants to enable phishing protection with
+   *          the current provider, false otherwise
+   */
+  _userAgreedToPhishingEULA: function ()
+  {
+    // XXX this is hackish, and there's no nice URL support -- window with
+    //     HTML file provided by anti-phishing provider later?
+
+    // XXX cache the EULAs to which the user has agreed so switching from
+    //     "foo"->"bar" shows the EULA, but then a "bar"->"foo" check
+    //     doesn't display the EULA again
+
+    const Cc = Components.classes, Ci = Components.interfaces;
+    const IPS = Ci.nsIPromptService;
+    var ips = Cc["@mozilla.org/embedcomp/prompt-service;1"]
+                .getService(IPS);
+    var bundle = document.getElementById("bundlePreferences");
+    var btnPressed = ips.confirmEx(window,
+                                   bundle.getString("phishEULATitle"),
+                                   bundle.getString("phishEULAText"),
+                                   IPS.BUTTON_POS_0 * IPS.BUTTON_TITLE_IS_STRING +
+                                     IPS.BUTTON_POS_1 * IPS.BUTTON_TITLE_IS_STRING,
+                                   bundle.getString("phishEULAOK"),
+                                   bundle.getString("phishEULACancel"),
+                                   "",
+                                   "", {});
+    return (btnPressed == 0);
+  },
+
  /**
   * Enables and disables UI as necessary based on which type of phishing
   * detection is currently selected (and whether phishing is even enabled,
@ -256,6 +319,31 @@ var gSecurityPane = {
    return undefined;
  },

+  /**
+   * Requires that the user agree to the new phishing provider's EULA when the
+   * provider is changed, disabling protection if the user doesn't agree.
+   */
+  onProviderChanged: function ()
+  {
+    if (!this._userAgreedToPhishingEULA()) {
+      this._disablePhishingProtection();
+    }
+  },
+
+  /**
+   * Turns off phishing protection and updates UI accordingly.
+   */
+  _disablePhishingProtection: function ()
+  {
+    // XXX there aren't privacy concerns if using a cached phishing list --
+    //     maybe just switch to using that if the user doesn't agree to the
+    //     phishing EULA?
+    var checkbox = document.getElementById("checkMaybePhish");
+    var phishEnabled = document.getElementById("browser.safebrowsing.enabled");
+    phishEnabled.value = false;
+    this._pane.userChangedValue(checkbox);
+  },
+
  // PASSWORDS

  /*
--- a/browser/components/preferences/security.xul
+++ b/browser/components/preferences/security.xul
@ -64,7 +64,10 @@
      <preference id="browser.safebrowsing.remoteLookups"
                  name="browser.safebrowsing.remoteLookups"
                  type="bool"/>
-      <preference id="browser.safebrowsing.dataProvider"  name="browser.safebrowsing.dataProvider" type="int"/>
+      <preference id="browser.safebrowsing.dataProvider"
+                  name="browser.safebrowsing.dataProvider"
+                  type="int"
+                  onchange="gSecurityPane.onProviderChanged();"/>

      <!-- Passwords -->
      <preference id="signon.rememberSignons" name="signon.rememberSignons" type="bool"/>
@ -92,7 +95,8 @@
                label="&checkMaybePhish.label;"
                accesskey="&checkMaybePhish.accesskey;"
                preference="browser.safebrowsing.enabled"
-                onsyncfrompreference="return gSecurityPane.readCheckPhish();"/>
+                onsyncfrompreference="return gSecurityPane.readCheckPhish();"
+                onsynctopreference="return gSecurityPane.writeCheckPhish();"/>
      <radiogroup id="checkPhishChoice" class="indent"
                  preference="browser.safebrowsing.remoteLookups"
                  onsyncfrompreference="return gSecurityPane.readPhishChoice();">
--- a/browser/locales/en-US/chrome/browser/preferences/preferences.properties
+++ b/browser/locales/en-US/chrome/browser/preferences/preferences.properties
@ -12,6 +12,15 @@ choosefile=Choose a file

 #### Security

+# LOCALIZATION NOTE:
+#   the next strings (phishEULATitle and phishEULAText) are here for b1 only;
+#   don't bother localizing them unless you've localized everything else,
+#   because they're going away because this is clearly a gross hack
+phishEULATitle=Anti-Phishing Privacy Policy
+phishEULAText=If you choose Google as your provider for Safe Browsing in Enhanced Protection mode, Google will receive the URLs of pages you visit for evaluation.  When you click to accept, reject, or close the warning message that Safe Browsing gives you about a suspicious page, Google will log your action and the URL of the page.  Google will receive standard log information <http://www.google.com/privacy_faq.html#serverlogs>, including a cookie, as part of this process.  Google will not associate the information that Safe Browsing logs with other personal information about you. However, it is possible that a URL sent to Google may itself contain personal information.  Please see the Google Privacy Policy <http://www.google.com/privacypolicy.html> for more information.  Do you wish to use Google as your Safe Browsing provider?
+phishEULACancel=Disable Safe Browsing
+phishEULAOK=Use Google
+
 setMasterPassword=Set Master Password...
 setMasterPassword_accesskey=M
 changeMasterPassword=Change Master Password...