bug 338598: support multiple enhanced mode providers

r=provos@gmail.com a=bryner
2006-06-07 20:26:01 +00:00 · 2006-06-07 20:26:01 +00:00 · d476e6e598
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@ -475,16 +475,21 @@ pref("browser.contentHandlers.types.3.type", "application/vnd.mozilla.maybe.feed
 pref("browser.safebrowsing.enabled", true);
 pref("browser.safebrowsing.remoteLookups", false);
-// One of these must be set depending on if remoteLookups is true or false.
+// Non-enhanced mode (local url lists) URL list to check for updates
 pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?");
 pref("urlclassifier.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?");
 // XXXtony: Move to this pref location once we update url-classifier.
 //pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?");
 pref("browser.safebrowsing.dataProvider", 0);
 // Does the provider name need to be localizable?
 pref("browser.safebrowsing.provider.0.name", "Google");
 pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?");
 pref("browser.safebrowsing.provider.0.keyURL", "https://www.google.com/safebrowsing/getkey?");
-pref("browser.safebrowsing.provider.0.faqURL", "http://www.google.com/tools/service/npredir?r=ff_sb_faq#phishing");
+pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
-pref("browser.safebrowsing.provider.0.genericReportURL", "http://www.google.com/safebrowsing/report_general/?continue=http%3A%2F%2Fwww.google.com%2Ftools%2Ffirefox%2Fsafebrowsing%2Fsubmit_success.html");
+
-pref("browser.safebrowsing.provider.0.homeURL", "http://www.google.com/tools/service/npredir?r=ff_sb_home");
+// HTML report pages
 pref("browser.safebrowsing.provider.0.reportGenericURL", "http://www.google.com/safebrowsing/report_general/?continue=http%3A%2F%2Fwww.google.com%2Ftools%2Ffirefox%2Fsafebrowsing%2Fsubmit_success.html");
 pref("browser.safebrowsing.provider.0.reportErrorURL", "http://www.google.com/safebrowsing/report_error/?continue=http%3A%2F%2Fwww.google.com%2Ftools%2Ffirefox%2Fsafebrowsing%2Fsubmit_success.html");
 pref("browser.safebrowsing.provider.0.reportPhishURL", "http://www.google.com/safebrowsing/report_phish/?continue=http%3A%2F%2Fwww.google.com%2Ftools%2Ffirefox%2Fsafebrowsing%2Fsubmit_success.html");
 pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
 pref("browser.safebrowsing.provider.0.testURL", "http://www.google.com/tools/firefox/safebrowsing/phish-o-rama.html");
 #endif
--- a/browser/components/safebrowsing/content/application.js
+++ b/browser/components/safebrowsing/content/application.js
@ -34,6 +34,8 @@
 *
 * ***** END LICENSE BLOCK ***** */
 // We instantiate this variable when we create the application.
 var gDataProvider = null;
 // An instance of our application is a PROT_Application object. It
 // basically just populates a few globals and instantiates wardens and
@ -87,9 +89,11 @@ function PROT_Application() {
  // expose some classes
  this.G_TabbedBrowserWatcher = G_TabbedBrowserWatcher;
  this.PROT_Controller = PROT_Controller;
  this.PROT_GlobalStore = PROT_GlobalStore;
  this.PROT_PhishingWarden = PROT_PhishingWarden;
  // Load data provider pref values
  gDataProvider = new PROT_DataProvider();
  // expose the object
  this.wrappedJSObject = this;
 }
--- a/browser/components/safebrowsing/content/controller.js
+++ b/browser/components/safebrowsing/content/controller.js
@ -89,24 +89,6 @@ function PROT_Controller(win, tabWatcher, phishingWarden) {
      BindToObject(this.onUserAcceptWarning, this),
    "safebrowsing-decline-warning" :
      BindToObject(this.onUserDeclineWarning, this),
    "safebrowsing-submit-blacklist" :
      BindToObject(this.onUserSubmitToBlacklist, this),
    "safebrowsing-submit-generic-phishing" :
      BindToObject(this.onUserSubmitToGenericPhish, this),
    "safebrowsing-preferences" :
      BindToObject(this.onUserPreferences, this),
    "safebrowsing-test-link" :
      BindToObject(this.showURL_, this, PROT_GlobalStore.getTestURLs()[0]),
    "safebrowsing-preferences-home-link":
      BindToObject(this.showURL_, this, PROT_GlobalStore.getHomePageURL()),
    "safebrowsing-preferences-policy-link":
      BindToObject(this.showURL_, this, PROT_GlobalStore.getPolicyURL()),
    "safebrowsing-preferences-home-link-nochrome":
      BindToObject(this.showURL_, this, PROT_GlobalStore.getHomePageURL(), 
                   true /* chromeless */),
    "safebrowsing-preferences-policy-link-nochrome":
      BindToObject(this.showURL_, this, PROT_GlobalStore.getPolicyURL(), 
                   true /* chromeless */),
  };
  this.commandController_ = new PROT_CommandController(commandHandlers);
@ -173,98 +155,6 @@ PROT_Controller.prototype.onUserShowWarning = function() {
  this.browserView_.explicitShow(browser);
 }
 /**
 * Deal with a user wanting preferences
 */
 PROT_Controller.prototype.onUserPreferences = function() {
  G_Debug(this, "User wants preferences.");
  var instantApply = this.prefs_.getPref("browser.preferences.instantApply", 
                                         false);
  var features = "chrome,titlebar,toolbar,centerscreen" + 
                 (instantApply ? ",dialog=no" : ",modal");
  var target = this.windowWatcher_.openWindow(
      this.win_,
      "chrome://safe-browsing/content/safebrowsing-preferences.xul",
      "safebrowsingprefsdialog",
      features,
      null /* args */);
  return true;
 }
 /**
 * The user clicked on one of the links in the preferences text.
 * Display the corresponding page in a new window with all the chrome
 * enabled.
 *
 * @param url The URL to display in a new window
 * @param opt_chromeless Boolean indicating whether to open chromeless
 */
 PROT_Controller.prototype.showURL_ = function(url, opt_chromeless) {
  var features = opt_chromeless ? "status,scrollbars=yes,resizable=yes" : null;
  this.windowWatcher_.openWindow(this.win_,
                                 url,
                                 "_blank",
                                 features,
                                 null);
 }
 /**
 * User wants to report a phishing page.
 *
 * TODO: pass url as query param. This is ugly.
 */
 PROT_Controller.prototype.onUserSubmitToBlacklist = function() {
  var current_window = this.tabWatcher_.getCurrentWindow();
  G_Debug(this, "User wants to submit to blacklist: " +
          current_window.location.href);
  var target = this.windowWatcher_.openWindow(
      this.windowWatcher_.activeWindow /* parent */,
      PROT_GlobalStore.getSubmitUrl(),
      "_blank",
      "height=400em,width=800,scrollbars=yes,resizable=yes," +
      "menubar,toolbar,location,directories,personalbar,status",
      null /* args */);
  this.maybeFillInURL_(current_window, target);
  return true;
 }
 /**
 * User wants to report something phishy, but we don't know if it's a 
 * false positive or negative.
 *
 * TODO: pass url as query param. This is ugly.
 */
 PROT_Controller.prototype.onUserSubmitToGenericPhish = function() {
  var current_window = this.tabWatcher_.getCurrentWindow();
  G_Debug(this, "User wants to submit something about: " +
          current_window.location.href);
  var target = this.windowWatcher_.openWindow(
      this.windowWatcher_.activeWindow /* parent */,
      PROT_GlobalStore.getGenericPhishSubmitURL(),
      "_blank",
      "height=400em,width=800,scrollbars=yes,resizable=yes," +
      "menubar,toolbar,location,directories,personalbar,status",
      null /* args */);
  this.maybeFillInURL_(current_window, target);
  return true;
 }
 /**
 * A really lame method used by the submission report commands to fill
 * the current URL into the appropriate form field of submission page.
 *
 * TODO: this really needs an overhaul. 
 */
 PROT_Controller.prototype.maybeFillInURL_ = function(current_window, target) {
  // TODO: merge in patch from perforce
  return true;
 }
 /**
 * Deal with a user accepting our warning. 
 *
@ -316,16 +206,6 @@ PROT_Controller.prototype.onTabSwitch = function(e) {
    this.browserView_.problemBrowserSelected(e.toBrowser);
 }
 /**
 * Load a URI in the browser
 *
 * @param browser Browser in which to load the URI
 * @param url URL to load
 */
 PROT_Controller.prototype.loadURI = function(browser, url) {
  browser.loadURI(url, null, null);
 }
 /**
 * Check all browsers (tabs) to see if any of them are phishy.
 * This isn't that clean of a design because as new wardens get
--- a/browser/components/safebrowsing/content/globalstore.js
+++ b/browser/components/safebrowsing/content/globalstore.js
@ -35,120 +35,94 @@
 * ***** END LICENSE BLOCK ***** */
-// A class that encapsulates globals such as the names of things.  We
+// A class that encapsulates data provider specific values.  The
-// centralize everything here mainly so as to ease their modification,
+// root of the provider pref tree is browser.safebrowsing.provider.
-// but also in case we want to version.
+// followed by a number, followed by specific properties.  The properties
 // that a data provider can supply are:
 //
-// This class does _not_ embody semantics, defaults, or the like. If we
+// name: The name of the provider
-// need something that does, we'll add our own preference registry.
+// lookupURL: The URL to send requests to in enhanced mode
-//
+// keyURL: Before we send URLs in enhanced mode, we need to encrypt them
-// TODO: many of these values should just be moved directly into code.
+// reportURL: When shown a warning bubble, we send back the user decision
-// TODO: The code needs to fail more gracefully if these values aren't set
+//            (get me out of here/ignore warning) to this URL (strip cookies
-//       E.g., createInstance should fail for listmanager without these.
+//            first).  This is optional.
 // reportGenericURL: HTML page for general user feedback
 // reportPhishURL: HTML page for notifying the provider of a new phishing page
 // reportErrorURL: HTML page for notifying the provider of a false positive
 const kDataProviderIdPref = 'browser.safebrowsing.dataProvider';
 const kProviderBasePref = 'browser.safebrowsing.provider.';
 /**
- * A clearinghouse for globals. All interfaces are read-only.
+ * Information regarding the data provider.
 */
-function PROT_GlobalStore() {
+function PROT_DataProvider() {
  this.prefs_ = new G_Preferences();
  this.loadDataProviderPrefs_();
  // Watch for changes in the data provider and update accordingly.
  this.prefs_.addObserver(kDataProviderIdPref,
                          BindToObject(this.loadDataProviderPrefs_, this));
 }
 /**
- * Read a pref value
+ * Populate all the provider variables.  We also call this when whenever
 * the provider id changes.
 */
-PROT_GlobalStore.getPref_ = function(prefname) {
+PROT_DataProvider.prototype.loadDataProviderPrefs_ = function() {
-  var pref = new G_Preferences();
+  // Currently, there's no UI for changing local list provider so we
-  return pref.getPref(prefname);
+  // hard code the value for provider 0.
  this.updateURL_ = this.prefs_.getPref(
        'browser.safebrowsing.provider.0.updateURL', "");
  var id = this.prefs_.getPref(kDataProviderIdPref, null);
  // default to 0
  if (null == id)
    id = 0;
  var basePref = kProviderBasePref + id + '.';
  this.name_ = this.prefs_.getPref(basePref + "name", "");
  // Urls used to get data from a provider
  this.lookupURL_ = this.prefs_.getPref(basePref + "lookupURL", "");
  this.keyURL_ = this.prefs_.getPref(basePref + "keyURL", "");
  this.reportURL_ = this.prefs_.getPref(basePref + "reportURL", "");
  // Urls to HTML report pages
  this.reportGenericURL_ = this.prefs_.getPref(basePref + "reportGenericURL", "");
  this.reportErrorURL_ = this.prefs_.getPref(basePref + "reportErrorURL", "");
  this.reportPhishURL_ = this.prefs_.getPref(basePref + "reportPhishURL", "");
 }
-/**
+//////////////////////////////////////////////////////////////////////////////
- * TODO: maybe deprecate because antiphishing.org isn't localized
+// Getters for the remote provider pref values mentioned above.
- * @returns String containing the URL to nav to when the user clicks
+PROT_DataProvider.prototype.getName = function() {
- *          the link to antiphishing.org in the bubble.
+  return this.name_;
 */
 PROT_GlobalStore.getAntiPhishingURL = function() {
  return "http://antiphishing.org/"; 
 }
-/**
+PROT_DataProvider.prototype.getUpdateURL = function() {
- * @returns String containing the URL to nav to when the user clicks
+  return this.updateURL_;
 *          on the policy link in the preferences.
 */
 PROT_GlobalStore.getPolicyURL = function() {
  // XXX: Url to a mozilla page describing a safe browsing?  This used to
  // like to google toolbar's privacy page.
  return "TODO";
 }
-/**
+PROT_DataProvider.prototype.getLookupURL = function() {
- * @returns String containing the URL to nav to when the user wants to 
+  return this.lookupURL_;
- *          submit a generic phishing report (we're not sure if they 
+}
- *          want to report a false positive or negative).
+PROT_DataProvider.prototype.getKeyURL = function() {
- */
+  return this.keyURL_;
-PROT_GlobalStore.getGenericPhishSubmitURL = function() {
+}
-  return PROT_GlobalStore.getPref_("browser.safebrowsing.provider.0.genericReportURL");
+PROT_DataProvider.prototype.getReportURL = function() {
  return this.reportURL_;
 }
-/**
+PROT_DataProvider.prototype.getReportGenericURL = function() {
- * @returns String containing the URL to nav to when the user wants to 
+  return this.reportGenericURL_;
 *          report a false positive (i.e. a non-phishy page)
 */
 PROT_GlobalStore.getFalsePositiveURL = function() {
  return PROT_GlobalStore.getPref_("browser.safebrowsing.provider.0.reportErrorURL");
 }
-
+PROT_DataProvider.prototype.getReportErrorURL = function() {
-/**
+  return this.reportErrorURL_;
 * @returns String containing the URL to nav to when the user wants to 
 *          report a false negative (i.e. a phishy page)
 */
 PROT_GlobalStore.getSubmitUrl = function() {
  return PROT_GlobalStore.getPref_("browser.safebrowsing.provider.0.reportPhishURL");
 }
-
+PROT_DataProvider.prototype.getReportPhishURL = function() {
-/**
+  return this.reportPhishURL_;
 * TODO: maybe deprecated because no UI location for it?
 * @returns String containing the URL to nav to when the user clicks
 *          "more info" in the bubble or the product link in the preferences.
 */
 PROT_GlobalStore.getHomePageURL = function() {
  return PROT_GlobalStore.getPref_("browser.safebrowsing.provider.0.homeURL");
 }
 /**
 * TODO: maybe deprecated because no UI location for it?
 * @returns String containing the URL to nav to when the user clicks
 *          "phishing FAQ" in the bubble.
 */
 PROT_GlobalStore.getPhishingFaqURL = function() {
  return PROT_GlobalStore.getPref_("browser.safebrowsing.provider.0.faqURL");
 }
 /**
 * @returns String containing the URL to nav to when the user wants to 
 *          see the test page 
 */
 PROT_GlobalStore.getTestURLs = function() {
  // TODO: return all test urls
  return [PROT_GlobalStore.getPref_("browser.safebrowsing.provider.0.testURL")];
 }
 /**
 * @returns String giving url to use for lookups (used in advanced mode)
 */
 PROT_GlobalStore.getLookupserverURL = function() {
  return PROT_GlobalStore.getPref_("browser.safebrowsing.provider.0.lookupURL");
 }
 /**
 * TODO: maybe deprecate?
 * @returns String giving url to use to report actions (advanced mode only
 */
 PROT_GlobalStore.getActionReportURL = function() {
  return PROT_GlobalStore.getPref_("browser.safebrowsing.provider.0.reportURL");
 }
 /**
 * @returns String giving url to use for re-keying
 */
 PROT_GlobalStore.getGetKeyURL = function() {
  return PROT_GlobalStore.getPref_("browser.safebrowsing.provider.0.keyURL");
 }
--- a/browser/components/safebrowsing/content/phishing-afterload-displayer.js
+++ b/browser/components/safebrowsing/content/phishing-afterload-displayer.js
@ -115,14 +115,6 @@ function PROT_PhishMsgDisplayerBase(msgDesc, browser, doc, url) {
  this.commandHandlers_ = {
    "safebrowsing-palm-showmore":
      BindToObject(this.showMore_, this),
    "safebrowsing-palm-phishingorg":
      BindToObject(this.showURL_, this, PROT_GlobalStore.getAntiPhishingURL()),
    "safebrowsing-palm-phishingfaq":
      BindToObject(this.showURL_, this, PROT_GlobalStore.getPhishingFaqURL()),
    "safebrowsing-palm-fraudpage" :
      BindToObject(this.showURL_, this, PROT_GlobalStore.getHomePageURL()),
    "safebrowsing-palm-falsepositive":
      BindToObject(this.showURL_, this, PROT_GlobalStore.getFalsePositiveURL()),
  };
  this.windowWatcher_ = 
@ -483,6 +475,31 @@ PROT_PhishMsgDisplayerBase.prototype.showURL_ = function(url) {
                                 null);
 }
 /**
 * If the warning bubble came up in error, this url goes to a form
 * to notify the data provider.
 * @return url String
 */
 PROT_PhishMsgDisplayerBase.prototype.getReportErrorURL_ = function() {
  var badUrl = this.url_;
  var url = gDataProvider.getReportErrorURL();
  url += "&url=" + encodeURIComponent(badUrl);
  return url;
 }
 /**
 * URL for the user to report back to us.  This is to provide the user
 * with an action after being warned.
 */
 PROT_PhishMsgDisplayerBase.prototype.getReportGenericURL_ = function() {
  var badUrl = this.url_;
  var url = gDataProvider.getReportGenericURL();
  url += "&url=" + encodeURIComponent(badUrl);
  return url;
 }
 /**
 * A specific implementation of the dislpayer using a canvas. This
@ -526,7 +543,8 @@ PROT_PhishMsgDisplayerCanvas.prototype.showMessage_ = function() {
  // 4. unhide stack contents
  // 5. display to the canvas
  // 6. unhide the warning message
-  // 7. focus the warning message
+  // 7. update link targets in warning message
  // 8. focus the warning message
  // (1)
  // We add the canvas dynamically and remove it when we're done because
@ -587,6 +605,12 @@ PROT_PhishMsgDisplayerCanvas.prototype.showMessage_ = function() {
  this.adjustLocation_(message, tail, refElement);
  // (7)
  var link = this.doc_.getElementById('safebrowsing-palm-falsepositive-link');
  link.href = this.getReportErrorURL_();
  link = this.doc_.getElementById('safebrowsing-palm-report-link');
  link.href = this.getReportGenericURL_();
  // (8)
  this.doc_.getElementById(this.messageContentId_).focus();
 }
--- a/browser/components/safebrowsing/content/phishing-warden.js
+++ b/browser/components/safebrowsing/content/phishing-warden.js
@ -67,6 +67,14 @@
 const kPhishWardenEnabledPref = "browser.safebrowsing.enabled";
 const kPhishWardenRemoteLookups = "browser.safebrowsing.remoteLookups";
 // We have hardcoded URLs that we let people navigate to in order to 
 // check out the warning.
 const kTestUrls = {
  "http://www.google.com/tools/firefox/safebrowsing/phish-o-rama.html": true,
  "http://www.mozilla.org/projects/bonecho/anti-phishing/its-a-trap.html": true,
  "http://www.mozilla.com/firefox/its-a-trap.html": true,
 }
 /**
 * Abtracts the checking of user/browser actions for signs of
 * phishing. 
@ -110,10 +118,6 @@ function PROT_PhishingWarden() {
    BindToObject(this.onPhishWardenEnabledPrefChanged, this);
  this.prefs_.addObserver(kPhishWardenEnabledPref, phishWardenPrefObserver);
  // We have a hardcoded URLs we let people navigate to in order to 
  // check out the warning.
  this.testURLs_ = PROT_GlobalStore.getTestURLs();
  // hook up our browser listener
  this.progressListener_ = Cc["@mozilla.org/browser/safebrowsing/navstartlistener;1"]
      .getService(Ci.nsIDocNavStartProgressListener);
@ -432,12 +436,7 @@ PROT_PhishingWarden.prototype.maybeLocateProblem_ = function(request) {
 *         test URLs
 */
 PROT_PhishingWarden.prototype.isBlacklistTestURL = function(url) {
-  for (var i = 0, testURL = null; testURL = this.testURLs_[i]; ++i) {
+  return kTestUrls[url];
    if (testURL === url) {
      return true;
    }
  }
  return false;
 }
 /**
--- a/browser/components/safebrowsing/content/reporter.js
+++ b/browser/components/safebrowsing/content/reporter.js
@ -75,11 +75,10 @@ PROT_Reporter.prototype.report = function(subject, data) {
  if (!this.prefs_.getPref(kPhishWardenRemoteLookups, false))
    return;
  // Make sure a report url is defined
-  var url = null;
+  var url = gDataProvider.getReportURL();
-  try {
+
-   url = PROT_GlobalStore.getActionReportURL();
+  // Report url is optional, so we just ignore the request if a report
-  } catch (e) {
+  // url isn't provided.
  }
  if (!url)
    return;
--- a/browser/components/safebrowsing/content/sb-loader.js
+++ b/browser/components/safebrowsing/content/sb-loader.js
@ -42,7 +42,6 @@
 var safebrowsing = {
  controller: null,
  globalStore: null,
  phishWarden: null,
  startup: function() {
@ -56,7 +55,6 @@ var safebrowsing = {
    var Cc = Components.classes;
    var appContext = Cc["@mozilla.org/safebrowsing/application;1"]
                     .getService().wrappedJSObject;
    safebrowsing.globalStore = appContext.PROT_GlobalStore;
    // Each new browser window needs its own controller. 
@ -107,50 +105,3 @@ var safebrowsing = {
 window.addEventListener("load", safebrowsing.startup, false);
 window.addEventListener("unload", safebrowsing.shutdown, false);
 // XXX Everything below here should be removed from the global namespace and
 // moved into the safebrowsing object.
 // Some utils for our UI.
 /**
 * Set status text for a particular link. We look the URLs up in our 
 * globalstore.
 *
 * @param link ID of a link for which we should show status text
 */
 function SB_setStatusFor(link) {
  var gs = safebrowsing.globalStore;
  var msg;
  if (link == "safebrowsing-palm-faq-link")
    msg = gs.getPhishingFaqURL(); 
  else if (link == "safebrowsing-palm-phishingorg-link")
    msg = gs.getAntiPhishingURL(); 
  else if (link == "safebrowsing-palm-fraudpage-link")
    msg = gs.getHomePageURL();
  else if (link == "safebrowsing-palm-falsepositive-link")
    msg = gs.getFalsePositiveURL();
  else if (link == "safebrowsing-palm-report-link")
    msg = gs.getSubmitUrl();
  else
    msg = "";
  SB_setStatus(msg);
 }
 /**
 * Actually display the status text
 *
 * @param msg String that we should show in the statusbar
 */
 function SB_setStatus(msg) {
  document.getElementById("statusbar-display").label = msg;
 }
 /**
 * Clear the status text
 */
 function SB_clearStatus() {
  document.getElementById("statusbar-display").label = "";
 }
--- a/browser/components/safebrowsing/content/tr-fetcher.js
+++ b/browser/components/safebrowsing/content/tr-fetcher.js
@ -51,7 +51,6 @@
 function PROT_TRFetcher(opt_noCrypto) {
  this.debugZone = "trfetcher";
  this.useCrypto_ = !opt_noCrypto;
  this.lookupserverURL_ = PROT_GlobalStore.getLookupserverURL();
  this.protocol4Parser_ = new G_Protocol4Parser();
  // We lazily instantiate the UrlCrypto object due to:
@ -87,7 +86,10 @@ PROT_TRFetcher.prototype.getRequestURL_ = function(url) {
  G_Debug(this, "Fetching for " + url);
-  var requestURL = this.lookupserverURL_;
+  var requestURL = gDataProvider.getLookupURL();
  if (!requestURL)
    return null;
  for (var param in this.extraQueryParams) 
    requestURL += param + "=" + this.extraQueryParams[param] + "&";
@ -116,6 +118,10 @@ PROT_TRFetcher.prototype.getRequestURL_ = function(url) {
 PROT_TRFetcher.prototype.get = function(forPage, callback) {
  var url = this.getRequestURL_(forPage);
  if (!url) {
    G_Debug(this, "No remote lookup url.");
    return;
  }
  var closure = BindToObject(this.onFetchComplete_, this, callback);
  (new PROT_XMLFetcher()).get(url, closure);
 };
--- a/browser/components/safebrowsing/content/warning-overlay.xul
+++ b/browser/components/safebrowsing/content/warning-overlay.xul
@ -66,8 +66,6 @@
          &safeb.palm.message.part1; 
          <label class="text-link plain"
            statustext="&safeb.palm.showmore.statustext;"
            onmouseover="SB_setStatus(this.getAttribute('statustext'))"
            onmouseout="SB_clearStatus()"
            id="safebrowsing-palm-showmore-link"
            onclick="goDoCommand('safebrowsing-palm-showmore')"
            value="&safeb.palm.message.link1.more;" />
@ -83,16 +81,12 @@
            &safeb.palm.message.part2;
            <label class="text-link plain"
              id="safebrowsing-palm-faq-link"
-              onmouseover="SB_setStatusFor(this.id)"
+              href="&safeb.palm.message.link2.href;"
              onmouseout="SB_clearStatus()"
              onclick="goDoCommand('safebrowsing-palm-phishingfaq')"
              value="&safeb.palm.message.link2.phishing.faq;" />
            &safeb.palm.message.part3;
            <label class="text-link plain"
              id="safebrowsing-palm-phishingorg-link"
-              onmouseover="SB_setStatusFor(this.id)"
+              href="&safeb.palm.message.link3.href;"
              onmouseout="SB_clearStatus()"
              onclick="goDoCommand('safebrowsing-palm-phishingorg')"
              value="&safeb.palm.message.link3.antiphishing.org;" />&safeb.palm.message.part3.dot;
          </description>
@ -100,9 +94,7 @@
            &safeb.palm.message.part4;
            <label class="text-link plain"
              id="safebrowsing-palm-fraudpage-link"
-              onmouseover="SB_setStatusFor(this.id)"
+              href="&safeb.palm.message.link4.href;"
              onmouseout="SB_clearStatus()"
              onclick="goDoCommand('safebrowsing-palm-fraudpage')"
              value="&safeb.palm.message.link4.gwghome;" />&safeb.palm.message.part4.dot;
          </description>
          <description class="safebrowsing-palm-paragraph">
@ -110,9 +102,6 @@
            <label
              class="text-link plain"
              id="safebrowsing-palm-falsepositive-link"
              onmouseover="SB_setStatusFor(this.id)"
              onmouseout="SB_clearStatus()"
              onclick="goDoCommand('safebrowsing-palm-falsepositive')"
              value="&safeb.palm.message.link5.report;" />&safeb.palm.message.part5.dot;
          </description>
        </vbox>
@ -125,8 +114,6 @@
           class="safebrowsing-palm-bigtext text-link plain"
           statustext="&safeb.palm.accept.statustext;"
           id="safebrowsing-palm-accept-link"
           onmouseover="SB_setStatus(this.getAttribute('statustext'))"
           onmouseout="SB_clearStatus()"
           onclick="goDoCommand('safebrowsing-accept-warning')"
           value="&safeb.palm.accept.label;" />
         <spacer flex="1"/>
@ -134,8 +121,6 @@
           class="safebrowsing-palm-bigtext text-link plain"
           statustext="&safeb.palm.decline.statustext;"
           id="safebrowsing-palm-decline-link"
           onmouseover="SB_setStatus(this.getAttribute('statustext'))"
           onmouseout="SB_clearStatus()"
           onclick="goDoCommand('safebrowsing-decline-warning')"
           value="&safeb.palm.decline.label;" />
        </hbox>
@ -152,10 +137,7 @@
          <description>
            [
            <label id="safebrowsing-palm-report-link"
              onmouseover="SB_setStatusFor(this.id)"
              onmouseout="SB_clearStatus()"
              class="safebrowsing-palm-smalltext text-link plain"
              onclick="goDoCommand('safebrowsing-submit-generic-phishing')"
              value="&safeb.palm.sendreport.label;" />
            ]
          </description>
--- a/browser/locales/en-US/chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd
+++ b/browser/locales/en-US/chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd
@ -3,14 +3,25 @@
 <!ENTITY safeb.palm.message.part1 "This page is very likely to have been designed to trick users into sharing personal or financial information. Entering any personal information on this page may result in identity theft or other fraud. &#160;">
 <!ENTITY safeb.palm.message.link1.more "more &#187;">
 <!ENTITY safeb.palm.showmore.statustext "Read more">
 <!-- XXX This should point to a mozilla.org page describing phishing in general -->
 <!ENTITY safeb.palm.message.part2 "Safe Browsing uses automated technology to warn you about web pages that we believe may be unsafe. This page appears to be a part of a scam known as a">
 <!ENTITY safeb.palm.message.link2.phishing.faq "phishing">
 <!ENTITY safeb.palm.message.link2.href "http://www.google.com/tools/service/npredir?r=ff_sb_faq#phishing">
 <!ENTITY safeb.palm.message.part3 "attack, in which criminals create fraudulent pages to mimic legitimate sources that you may trust. You can read more about phishing at">
 <!ENTITY safeb.palm.message.link3.antiphishing.org "antiphishing.org">
 <!ENTITY safeb.palm.message.link3.href "http://antiphishing.org/">
 <!ENTITY safeb.palm.message.part3.dot ".">
 <!-- XXX This should point to a mozilla.org page describing this
         implementation of anti-phishing (e.g., 2 modes, privacy implications,
         etc) -->
 <!ENTITY safeb.palm.message.part4 "You can also learn more about">
 <!ENTITY safeb.palm.message.link4.gwghome "Safe Browsing">
 <!ENTITY safeb.palm.message.link4.href "http://www.google.com/tools/service/npredir?r=ff_sb_home">
 <!ENTITY safeb.palm.message.part4.dot ".">
 <!ENTITY safeb.palm.message.part5 "Finally, if you believe this page has been falsely flagged as a forgery, you can ">
 <!ENTITY safeb.palm.message.link5.report "report it">
 <!ENTITY safeb.palm.message.part5.dot ".">