bug 350422: move google anti-phishing privacy policy out of source

patch: use remote privacy policy, fallback on local

browser/app/profile/firefox.js

@@ -506,8 +506,10 @@ pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrow
 pref("browser.safebrowsing.provider.0.keyURL", "https://www.google.com/safebrowsing/getkey?client={moz:client}&");
 pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
 
-// privacy policy -- must be chrome URL
-pref("browser.safebrowsing.provider.0.privacy.url", "chrome://browser/content/preferences/phishEULA.xhtml");
+// privacy policy -- Both url and fallbackurl must exist, although they may
+// point to the same file.  fallbackurl must be a chrome url
+pref("browser.safebrowsing.provider.0.privacy.url", "http://www.google.com/tools/firefox/firefox_privacy.html?hl=%LOCALE%");
+pref("browser.safebrowsing.provider.0.privacy.fallbackurl", "chrome://browser/content/preferences/phishEULA.xhtml");
 
 // HTML report pages
 pref("browser.safebrowsing.provider.0.reportGenericURL", "http://{moz:locale}.phish-generic.mozilla.com/?hl={moz:locale}");

browser/components/preferences/phishEULA.js

@@ -78,7 +78,17 @@ var gPhishDialog = {
 
     // guaranteed to be present, because only providers with privacy policies
     // are displayed in the prefwindow
-    var privacyURL = prefb.getComplexValue(providerNum + ".privacy.url", Ci.nsISupportsString).data;
+    var formatter = Cc["@mozilla.org/browser/URLFormatterService;1"].
+                    getService(Ci.nsIURLFormatter);
+    var privacyURL = formatter.formatURLPref("browser.safebrowsing.provider." +
+                                             providerNum +
+                                             ".privacy.url",
+                                             null);
+    var fallbackURL = formatter.formatURLPref("browser.safebrowsing.provider." +
+                                              providerNum +
+                                              ".privacy.fallbackurl",
+                                              null);
+    this._progressListener._providerFallbackURL = fallbackURL;
 
     // add progress listener to enable OK, radios when page loads
     var frame = document.getElementById("phishPolicyFrame");
@@ -102,9 +112,19 @@ var gPhishDialog = {
   _progressListener:
   {
     /**
-     * True if we tried loading the first URL and encountered a failure.
+     * First we try to load the provider url (possibly remote). If that fails
+     * to load, we try to load the provider fallback url (must be chrome://).
+     * If that also fails, we display an error message.
      */
-    _loadFailed: false,
+    _providerLoadFailed: false,
+    _providerFallbackLoadFailed: false,
+    
+    _tryLoad: function(url) {
+      const Ci = Components.interfaces;
+      const loadFlags = Ci.nsIWebNavigation.LOAD_FLAGS_NONE;
+      var frame = document.getElementById("phishPolicyFrame");
+      frame.webNavigation.loadURI(url, loadFlags, null, null, null);
+    },
 
     onStateChange: function (aWebProgress, aRequest, aStateFlags, aStatus)
     {
@@ -112,23 +132,38 @@ var gPhishDialog = {
       const Ci = Components.interfaces, Cr = Components.results;
       if ((aStateFlags & Ci.nsIWebProgressListener.STATE_STOP) &&
           (aStateFlags & Ci.nsIWebProgressListener.STATE_IS_WINDOW)) {
-        // check for failure
-        if (aRequest.status & 0x80000000) {
-          if (!this._loadFailed) {
-            this._loadFailed = true;
-
-            // fire off a load of the fallback policy
-            const loadFlags = Ci.nsIWebNavigation.LOAD_FLAGS_NONE;
-            const fallbackURL = "chrome://browser/content/preferences/fallbackEULA.xhtml";
-            var frame = document.getElementById("phishPolicyFrame");
-            frame.webNavigation.loadURI(fallbackURL, loadFlags, null, null, null);
-
-            // disable radios
-            document.getElementById("acceptOrDecline").disabled = true;
-          }
-          else {
-            throw "Fallback policy failed to load -- what the hay!?!";
+        
+        if (Components.isSuccessCode(aRequest.status)) {
+          try {
+            aRequest.QueryInterface(Ci.nsIHttpChannel);
+          } catch (e) {
+            // Not an http request url (might be, e.g., chrome:) that loaded
+            // successfully, so we can exit.
+            return;
           }
+
+          // Any response other than 200 OK is an error.
+          if (200 == aRequest.responseStatus)
+            return;
+        }
+
+        // Something failed
+        if (!this._providerLoadFailed) {
+          this._provderLoadFailed = true;
+          // Remote EULA failed to load; try loading provider fallback
+          this._tryLoad(this._providerFallbackURL);
+        } else if (!this._providerFallbackLoadFailed) {
+          // Provider fallback failed to load; try loading fallback EULA
+          this._providerFallbackLoadFailed = true;
+
+          // fire off a load of the fallback policy
+          const fallbackURL = "chrome://browser/content/preferences/fallbackEULA.xhtml";
+          this._tryLoad(fallbackURL);
+
+          // disable radios
+          document.getElementById("acceptOrDecline").disabled = true;
+        } else {
+          throw "Fallback policy failed to load -- what the hay!?!";
         }
       }
     },

browser/components/preferences/phishEULA.xhtml

@@ -5,12 +5,26 @@
     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
     "DTD/xhtml1-strict.dtd">
   %htmlDTD;
-  <!ENTITY % phisheulaDTD
-    SYSTEM "chrome://browser/locale/safebrowsing/eula.dtd">
-  %phisheulaDTD;
 ]>
 
 <html id="phish-eula"
       xmlns="http://www.w3.org/1999/xhtml">
-  <body>&phish.eulatext;</body>
+  <body><p>
+If you choose to check with Google about each site you visit,
+Google will receive the URLs of pages you visit for evaluation.  When you
+click to accept, reject, or close the warning message that Phishing
+Protection gives you about a suspicious page, Google will log your action
+and the URL of the page.  Google will receive standard
+<a href='http://www.google.com/privacy_faq.html#serverlogs'
+   onclick='window.open(this.href);return false;'>log information</a>,
+including a cookie, as part of this process.  Google will not associate the
+information that Phishing Protection logs with other personal information
+about you. However, it is possible that a
+<a href='http://www.google.com/privacy_faq.html#urls'
+   onclick='window.open(this.href);return false;'>URL</a> sent to Google may
+itself contain personal information.  Please see the
+<a href='http://www.google.com/privacypolicy.html'
+   onclick='window.open(this.href);return false;'>Google Privacy Policy</a>
+for more information.
+  </p></body>
 </html>

browser/components/preferences/security.js

@@ -268,11 +268,13 @@ var gSecurityPane = {
         try {
           var providerNum = providers[i];
           var url = providerBranch.getCharPref(providerNum + ".privacy.url");
+          var fallbackurl = providerBranch.getCharPref(providerNum +
+                                                       ".privacy.fallbackurl");
           var scheme = Cc["@mozilla.org/network/io-service;1"].
                        getService(Ci.nsIIOService).
-                       extractScheme(url);
+                       extractScheme(fallbackurl);
           if (scheme != "chrome")
-            throw "scheme must be chrome";
+            throw "fallbackurl scheme must be chrome";
         }
         catch (e) {
           // don't add this provider

browser/locales/jar.mn

@@ -42,7 +42,6 @@
 #ifdef MOZ_SAFE_BROWSING
     locale/browser/safebrowsing/phishing-afterload-warning-message.dtd (%chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd)
     locale/browser/safebrowsing/report-phishing.dtd                    (%chrome/browser/safebrowsing/report-phishing.dtd)
-    locale/browser/safebrowsing/eula.dtd                               (%chrome/browser/safebrowsing/eula.dtd)
 #endif
 #ifdef MOZ_FEEDS
     locale/browser/feeds/subscribe.dtd              (%chrome/browser/feeds/subscribe.dtd)