Bug 1250600 - Fix Seamonkey to take into account recent Firefox changes for Safebrowsing. r=Ratty

Follow up to Bug 920951 which took care of the preference changes.

suite/browser/browser-prefs.js

@@ -448,6 +448,7 @@ pref("browser.safebrowsing.reportMalwareMistakeURL", "https://%LOCALE%.malware-e
 pref("browser.safebrowsing.id", "navclient-auto-ffox");
 
 pref("browser.safebrowsing.warning.infoURL", "https://www.mozilla.org/%LOCALE%/firefox/phishing-protection/");
+pref("browser.safebrowsing.controlledAccess.infoURL", "https://support.mozilla.org/kb/controlledaccess/");
 
 // Name of the about: page contributed by safebrowsing to handle display of error
 // pages on phishing/malware hits.  (bug 399233)

suite/browser/safeBrowsingOverlay.js

@@ -5,14 +5,34 @@
 
 var gSafeBrowsing = {
   initMenuItems: function initMenuItems() {
-    // A phishing page will have a specific about:blocked content documentURI.
+    // A blocked page will have a specific about:blocked content documentURI.
     var docURI = content.document.documentURI;
-    var isPhishingPage = docURI.startsWith("about:blocked?e=phishingBlocked");
-    var isMalwarePage = docURI.startsWith("about:blocked?e=malwareBlocked");
+
+    // "reason" isn't currently used but it's here to make porting
+    // from Firefox easier and may also be useful in the future
+    // for further testing and setting menu items.
+    let reason;
 
     // Show/hide the appropriate menu item.
-    document.getElementById("reportPhishing").hidden = isPhishingPage || isMalwarePage;
-    document.getElementById("reportPhishingError").hidden = !isPhishingPage;
+    // Initially allow report url and disallow reporting phishing error.
+    document.getElementById("reportPhishing").hidden = false;
+    document.getElementById("reportPhishingError").hidden = true;
+
+    if (docURI.startsWith("about:blocked")) {
+      // It's blocked so don't allow reporting again.
+      document.getElementById("reportPhishing").hidden = true;
+      // Test for blocked page.
+      if (/e=malwareBlocked/.test(docURI)) {
+        reason = "malware";
+      } else if (/e=unwantedBlocked/.test(docURI)) {
+        reason = "unwanted";
+      } else if (/e=deceptiveBlocked/.test(docURI)) {
+        reason = "phishing";
+        document.getElementById("reportPhishingError").hidden = false;
+      } else if (/e=forbiddenBlocked/.test(docURI)) {
+        reason = "forbidden";
+      }
+    }
 
     var broadcaster = document.getElementById("safeBrowsingBroadcaster");
     var uri = getBrowser().currentURI;

suite/browser/safeBrowsingOverlay.xul

@@ -17,17 +17,17 @@
 
   <menupopup id="helpPopup">
     <menuitem id="reportPhishing"
-              label="&reportPhishSite.label;"
-              accesskey="&reportPhishSite.accesskey;"
+              label="&reportDeceptiveSite.label;"
+              accesskey="&reportDeceptiveSite.accesskey;"
               insertbefore="menu_HelpAboutSeparator"
               observes="safeBrowsingBroadcaster"
               oncommand="openUILink(gSafeBrowsing.getReportURL('Phish'), event);"
               onclick="checkForMiddleClick(this, event);"/>
     <menuitem id="reportPhishingError"
-              label="&notAForgery.label;"
-              accesskey="&notAForgery.accesskey;"
+              label="&notADeceptiveSite.label;"
+              accesskey="&notADeceptiveSite.accesskey;"
               insertbefore="menu_HelpAboutSeparator"
               observes="safeBrowsingBroadcaster"
-              oncommand="openUILinkIn(gSafeBrowsing.getReportURL('Error'), 'tabfocused');"/>
+              oncommand="openUILinkIn(gSafeBrowsing.getReportURL('PhishMistake'), 'tabfocused');"/>
   </menupopup>
 </overlay>

suite/common/bindings/notification.xml

@@ -1922,13 +1922,12 @@
       </method>
 
       <method name="ignoreSafeBrowsingWarning">
-        <parameter name="aIsMalware"/>
+        <parameter name="aReason"/>
         <body>
           <![CDATA[
             var uri = this.activeBrowser.currentURI;
-            var asciiSpec = uri.asciiSpec;
             var flag = Components.interfaces.nsIWebNavigation.LOAD_FLAGS_BYPASS_CLASSIFIER;
-            this.activeBrowser.loadURIWithFlags(asciiSpec, flag,
+            this.activeBrowser.loadURIWithFlags(uri.asciiSpec, flag,
                                                 null, null, null);
 
             const nsIPermissionManager = Components.interfaces.nsIPermissionManager;
@@ -1937,35 +1936,49 @@
             pm.add(uri, "safe-browsing", nsIPermissionManager.ALLOW_ACTION,
                                          nsIPermissionManager.EXPIRE_SESSION);
 
-            var title, label, accessKey, reportName;
-            if (aIsMalware) {
-              title = "safebrowsing.reportedAttackSite";
-              label = "safebrowsing.notAnAttackButton.label";
-              accessKey = "safebrowsing.notAnAttackButton.accessKey";
-              reportName = "MalwareError";
-            }
-            else {
-              title = "safebrowsing.reportedWebForgery";
-              label = "safebrowsing.notAForgeryButton.label";
-              accessKey = "safebrowsing.notAForgeryButton.accessKey";
-              reportName = "Error";
-            }
+            var title, label, accessKey, reportName, buttons;
+
+            switch (aReason) {
+             case "phishing":
+               title = "safebrowsing.deceptiveSite";
+               label = "safebrowsing.notADeceptiveSiteButton.label";
+               accessKey = "safebrowsing.notADeceptiveSiteButton.accessKey";
+               reportName = "PhishMistake";
+               break;
+             case "malware":
+               title = "safebrowsing.reportedAttackSite";
+               label = "safebrowsing.notAnAttackButton.label";
+               accessKey = "safebrowsing.notAnAttackButton.accessKey";
+               reportName = "MalwareMistake";
+               break;
+             case "unwanted":
+               title = "safebrowsing.reportedUnwantedSite";
+               break;
+             // No notifications for forbidden sites
+             // or unknown reasons.
+             default:
+               return;
+           }
+
             title = this._stringBundle.GetStringFromName(title);
 
-            var tmp = {};
-            Components.utils.import("resource://gre/modules/SafeBrowsing.jsm", tmp);
-            var reportUrl = tmp.SafeBrowsing.getReportURL(reportName);
-            reportUrl += "&url=" + encodeURIComponent(asciiSpec);
+            buttons = [{
+                label: this._stringBundle.GetStringFromName("safebrowsing.getMeOutOfHereButton.label"),
+                accessKey: this._stringBundle.GetStringFromName("safebrowsing.getMeOutOfHereButton.accessKey"),
+                callback: getMeOutOfHere
+             }]
 
-            var buttons = [{
-              label: this._stringBundle.GetStringFromName("safebrowsing.getMeOutOfHereButton.label"),
-              accessKey: this._stringBundle.GetStringFromName("safebrowsing.getMeOutOfHereButton.accessKey"),
-              callback: getMeOutOfHere
-            }, {
-              label: this._stringBundle.GetStringFromName(label),
-              accessKey: this._stringBundle.GetStringFromName(accessKey),
-              callback: function () { openUILinkIn(reportUrl, "tabfocused"); }
-            }];
+            if (reportName) {
+              var tmp = {};
+              Components.utils.import("resource://gre/modules/SafeBrowsing.jsm", tmp);
+              var reportUrl = tmp.SafeBrowsing.getReportURL(reportName, uri);
+
+              buttons.push({
+                label: this._stringBundle.GetStringFromName(label),
+                accessKey: this._stringBundle.GetStringFromName(accessKey),
+                callback() { openUILinkIn(reportUrl, "tabfocused"); }
+              });
+            }
 
             var type = "blocked-badware-page";
             var notification = this.getNotificationWithValue(type);
@@ -1979,11 +1992,9 @@
             // Persist the notification until the user removes so it
             // doesn't get removed on redirects.
             box.persistence = -1;
-
           ]]>
         </body>
       </method>
-
       <constructor>
         <![CDATA[
           var os = Components.classes["@mozilla.org/observer-service;1"]

suite/common/blockedSite.js

@@ -41,8 +41,18 @@ function getURL()
   return url;
 }
 
+ /**
+  * Check whether this warning page should be overridable or whether
+  * the "ignore warning" button should be hidden.
+  */
+ function getOverride()
+ {
+   var url = document.documentURI;
+   return /&o=1&/.test(url);
+ }
+
 /**
- * Attempt to get the hostname via document.location.  Fail back
+ * Attempt to get the hostname via document.location. Fail back
  * to getURL so that we always return something meaningful.
  */
 function getHostString()
@@ -54,47 +64,70 @@ function getHostString()
   }
 }
 
+function deleteElement(element) {
+  var el = document.getElementById(element);
+  if (el)
+    el.remove();
+}
+
 function initPage()
 {
   // Handoff to the appropriate initializer, based on error code
+  var error = "";
   switch (getErrorCode()) {
     case "malwareBlocked":
-      initPage_malware();
+      error = "malware";
       break;
-    case "phishingBlocked":
-      initPage_phishing();
+    case "deceptiveBlocked":
+      error = "phishing";
       break;
+    case "unwantedBlocked":
+      error = "unwanted";
+      break;
+    case "forbiddenBlocked":
+      error = "forbidden";
+      break;
+    default:
+      return;
   }
-}
 
-/**
- * Initialize custom strings and functionality for blocked malware case
- */
-function initPage_malware()
-{
-  // Remove phishing strings
-  document.getElementById("errorTitleText_phishing").remove();
-  document.getElementById("errorShortDescText_phishing").remove();
-  document.getElementById("errorLongDescText_phishing").remove();
+  if (error != "malware") {
+    deleteElement("errorTitleText_malware");
+    deleteElement("errorShortDescText_malware");
+    deleteElement("errorLongDescText_malware");
+  }
+
+  if (error != "phishing") {
+    deleteElement("errorTitleText_phishing");
+    deleteElement("errorShortDescText_phishing");
+    deleteElement("errorLongDescText_phishing");
+  }
+
+  if (error != "unwanted") {
+    deleteElement("errorTitleText_unwanted");
+    deleteElement("errorShortDescText_unwanted");
+    deleteElement("errorLongDescText_unwanted");
+  }
+
+  if (error != "forbidden") {
+    deleteElement("errorTitleText_forbidden");
+    deleteElement("errorShortDescText_forbidden");
+    deleteElement("whyForbiddenButton");
+  } else {
+    deleteElement("ignoreWarningButton");
+    deleteElement("reportButton");
+
+    // Remove red style: A "forbidden site" does not warrant the same level
+    // of anxiety as a security concern.
+    document.documentElement.className = "";
+  }
 
   // Set sitename
-  document.getElementById("malware_sitename").textContent = getHostString();
-  document.title = document.getElementById("errorTitleText_malware")
-                           .textContent;
+  document.getElementById(error + "_sitename").textContent = getHostString();
+  document.title = document.getElementById("errorTitleText_" + error)
+                           .innerHTML;
+
+  if (!getOverride())
+    deleteElement("ignoreWarningButton");
 }
 
-/**
- * Initialize custom strings and functionality for blocked phishing case
- */
-function initPage_phishing()
-{
-  // Remove malware strings
-  document.getElementById("errorTitleText_malware").remove();
-  document.getElementById("errorShortDescText_malware").remove();
-  document.getElementById("errorLongDescText_malware").remove();
-
-  // Set sitename
-  document.getElementById("phishing_sitename").textContent = getHostString();
-  document.title = document.getElementById("errorTitleText_phishing")
-                           .textContent;
-}

suite/common/blockedSite.xhtml

@@ -28,22 +28,27 @@
 
       <!-- Error Title -->
       <div id="errorTitle">
-        <h1 id="errorTitleText_phishing">&safeb.blocked.phishingPage.title;</h1>
+        <h1 id="errorTitleText_phishing">&safeb.blocked.phishingPage.title2;</h1>
         <h1 id="errorTitleText_malware">&safeb.blocked.malwarePage.title;</h1>
+        <h1 id="errorTitleText_unwanted">&safeb.blocked.unwantedPage.title;</h1>
+        <h1 id="errorTitleText_forbidden">&safeb.blocked.forbiddenPage.title2;</h1>
       </div>
 
       <div id="errorLongContent">
 
         <!-- Short Description -->
         <div id="errorShortDesc">
-          <p id="errorShortDescText_phishing">&safeb.blocked.phishingPage.shortDesc;</p>
+          <p id="errorShortDescText_phishing">&safeb.blocked.phishingPage.shortDesc2;</p>
           <p id="errorShortDescText_malware">&safeb.blocked.malwarePage.shortDesc;</p>
+          <p id="errorShortDescText_unwanted">&safeb.blocked.unwantedPage.shortDesc;</p>
+          <p id="errorShortDescText_forbidden">&safeb.blocked.forbiddenPage.shortDesc2;</p>
         </div>
 
         <!-- Long Description -->
         <div id="errorLongDesc">
-          <p id="errorLongDescText_phishing">&safeb.blocked.phishingPage.longDesc;</p>
+          <p id="errorLongDescText_phishing">&safeb.blocked.phishingPage.longDesc2;</p>
           <p id="errorLongDescText_malware">&safeb.blocked.malwarePage.longDesc;</p>
+          <p id="errorLongDescText_unwanted">&safeb.blocked.unwantedPage.longDesc;</p>
         </div>
 
         <!-- Action buttons -->
@@ -55,6 +60,9 @@
           <span id="reportButton"
                 class="button"
                 label="&safeb.palm.reportPage.label;"/>
+          <span id="whyForbiddenButton"
+                class="button"
+                label="&safeb.palm.whyForbidden.label;"/>
           <span id="ignoreWarningButton"
                 class="button"
                 label="&safeb.palm.decline.label;"/>

suite/common/utilityOverlay.js

@@ -673,10 +673,10 @@ function openDictionaryList()
   }
 }
 
-// Prompt user to restart the browser in safe mode 
+// Prompt user to restart the browser in safe mode
 function safeModeRestart()
 {
-  // prompt the user to confirm 
+  // prompt the user to confirm
   var promptTitle = gUtilityBundle.getString("safeModeRestartPromptTitle");
   var promptMessage = gUtilityBundle.getString("safeModeRestartPromptMessage");
   var restartText = gUtilityBundle.getString("safeModeRestartButton");
@@ -769,7 +769,7 @@ function updateCheckUpdatesItem()
   else
     checkForUpdates.label = gUtilityBundle.getString("updatesItem_" + key + "Fallback");
 
-  checkForUpdates.accessKey = gUtilityBundle.getString("updatesItem_" + key + "AccessKey"); 
+  checkForUpdates.accessKey = gUtilityBundle.getString("updatesItem_" + key + "AccessKey");
 
   if (um.activeUpdate && updates.isDownloading)
     checkForUpdates.setAttribute("loading", "true");
@@ -945,7 +945,7 @@ function focusElement(aElement)
   if (isElementVisible(aElement))
     aElement.focus();
 }
- 
+
 function isElementVisible(aElement)
 {
   if (!aElement)
@@ -1156,9 +1156,21 @@ function BrowserOnCommand(event)
   }
   else if (docURI.startsWith("about:blocked")) {
     // The event came from a button on a malware/phishing block page
-    // First check whether it's malware or phishing, so that we can
+    // First check whether the reason, so that we can
     // use the right strings/links
-    let isMalware = /e=malwareBlocked/.test(docURI);
+    let reason = "phishing";
+
+    if (/e=malwareBlocked/.test(docURI)) {
+      reason = "malware";
+    } else if (/e=unwantedBlocked/.test(docURI)) {
+      reason = "unwanted";
+    // We do not have the parental control feature but testing for it in case
+    // it's implemented later should not break anything. This feature is currently
+    // only enabled if you set the pref browser.safebrowsing.forbiddenURIs.enabled
+    // to true.
+    } else if (/e=forbiddenBlocked/.test(docURI)) {
+      reason = "forbidden";
+    }
 
     switch (buttonID) {
       case "getMeOutOfHereButton":
@@ -1166,32 +1178,29 @@ function BrowserOnCommand(event)
         break;
 
       case "reportButton":
-        // This is the "Why is this site blocked" button.  For malware,
-        // we can fetch a site-specific report, for phishing, we redirect
-        // to the generic page describing phishing protection.
-
-        if (isMalware) {
-          // Get the stop badware "why is this blocked" report url,
-          // append the current url, and go there.
-          try {
-            let reportURL = Services.urlFormatter.formatURLPref("browser.safebrowsing.malware.reportURL");
-            reportURL += ownerDoc.location.href;
-            loadURI(reportURL);
-          } catch (e) {
-            Components.utils.reportError("Couldn't get malware report URL: " + e);
-          }
-        }
-        else { // It's a phishing site, not malware
-          try {
-            loadURI(Services.urlFormatter.formatURLPref("browser.safebrowsing.warning.infoURL"));
-          } catch (e) {
-            Components.utils.reportError("Couldn't get phishing info URL: " + e);
-          }
+        // This is the "Why is this site blocked" button. We redirect
+        // to the generic page describing phishing/malware protection.
+        try {
+          loadURI(Services.urlFormatter.formatURLPref("browser.safebrowsing.warning.infoURL"));
+        } catch (e) {
+          Components.utils.reportError("Couldn't get phishing info URL: " + e);
         }
         break;
 
       case "ignoreWarningButton":
-        getBrowser().getNotificationBox().ignoreSafeBrowsingWarning(isMalware);
+        if (Services.prefs.getBoolPref("browser.safebrowsing.allowOverride")) {
+          getBrowser().getNotificationBox().ignoreSafeBrowsingWarning(reason);
+        }
+        break;
+
+      case "whyForbiddenButton":
+        // This is the "Why is this site blocked" button for family friendly browsing
+        // for Fennec. There's no desktop focused support page yet.
+        try {
+          loadURI(Services.urlFormatter.formatURLPref("browser.safebrowsing.controlledAccess.infoURL"));
+         } catch (e) {
+          Components.utils.reportError("Couldn't get forbidden info URL: " + e);
+        }
         break;
     }
   }
@@ -1299,7 +1308,7 @@ function disablePopupBlockerNotifications()
  * @param  aIsFeed
  *         Whether this is already a known feed or not, if true only a security
  *         check will be performed.
- */ 
+ */
 function isValidFeed(aData, aPrincipal, aIsFeed)
 {
   if (!aData || !aPrincipal)

suite/locales/en-US/chrome/common/notification.properties

@@ -200,14 +200,13 @@ PostToInsecureFromInsecureShowAgain=Alert me whenever I submit information that'
 PostToInsecureContinue=Continue
 
 # Phishing/Malware Notification Bar.
-# LOCALIZATION NOTE (notAForgery, notAnAttack)
-# The two button strings will never be shown at the same time, so
-# it's okay for them to have the same access key.
+# LOCALIZATION NOTE (notADeceptiveSite, notAnAttack)
 safebrowsing.getMeOutOfHereButton.label=Get me out of here!
 safebrowsing.getMeOutOfHereButton.accessKey=G
-safebrowsing.reportedWebForgery=Reported Web Forgery!
-safebrowsing.notAForgeryButton.label=This isn't a web forgery…
-safebrowsing.notAForgeryButton.accessKey=s
+safebrowsing.deceptiveSite=Deceptive Site!
+safebrowsing.notADeceptiveSiteButton.label=This isn't a deceptive site…
+safebrowsing.notADeceptiveSiteButton.accessKey=d
 safebrowsing.reportedAttackSite=Reported Attack Site!
 safebrowsing.notAnAttackButton.label=This isn't an attack site…
 safebrowsing.notAnAttackButton.accessKey=a
+safebrowsing.reportedUnwantedSite=Reported Unwanted Software Site!

suite/locales/en-US/chrome/common/safeBrowsing.dtd

@@ -5,18 +5,29 @@
 <!ENTITY safeb.palm.accept.label "Get me out of here!">
 <!ENTITY safeb.palm.decline.label "Ignore this warning">
 <!ENTITY safeb.palm.reportPage.label "Why was this page blocked?">
+<!ENTITY safeb.palm.whyForbidden.label "Why was this page blocked?">
 
 <!ENTITY safeb.blocked.malwarePage.title "Reported Attack Page!">
-<!-- Localization note (safeb.blocked.malware.shortDesc) - Please don't translate the contents of the <span id="malware_sitename"/> tag.  It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->
+<!-- Localization note (safeb.blocked.malwarePage.shortDesc) - Please don't translate the contents of the <span id="malware_sitename"/> tag.  It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->
 <!ENTITY safeb.blocked.malwarePage.shortDesc "This web page at <span id='malware_sitename'/> has been reported as an attack page and has been blocked based on your security preferences.">
 <!ENTITY safeb.blocked.malwarePage.longDesc "<p>Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.</p><p>Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.</p>">
 
-<!ENTITY safeb.blocked.phishingPage.title "Reported Web Forgery!">
-<!-- Localization note (safeb.blocked.phishing.shortDesc) - Please don't translate the contents of the <span id="phishing_sitename"/> tag. It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->
-<!ENTITY safeb.blocked.phishingPage.shortDesc "This web page at <span id='phishing_sitename'/> has been reported as a web forgery and has been blocked based on your security preferences.">
-<!ENTITY safeb.blocked.phishingPage.longDesc "<p>Web forgeries are designed to trick you into revealing personal or financial information by imitating sources you may trust.</p><p>Entering any information on this web page may result in identity theft or other fraud.</p>">
+<!ENTITY safeb.blocked.unwantedPage.title "Reported Unwanted Software Page!">
+<!-- Localization note (safeb.blocked.unwantedPage.shortDesc) - Please don't translate the contents of the <span id="unwanted_sitename"/> tag.  It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->
+<!ENTITY safeb.blocked.unwantedPage.shortDesc "This web page at <span id='unwanted_sitename'/> has been reported to contain unwanted software and has been blocked based on your security preferences.">
+<!ENTITY safeb.blocked.unwantedPage.longDesc "<p>Unwanted software pages try to install software that can be deceptive and affect your system in unexpected ways.</p>">
+
+<!ENTITY safeb.blocked.phishingPage.title2 "Deceptive Site!">
+<!-- Localization note (safeb.blocked.phishingPage.shortDesc2) - Please don't translate the contents of the <span id="phishing_sitename"/> tag. It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->
+<!ENTITY safeb.blocked.phishingPage.shortDesc2 "This web page at <span id='phishing_sitename'/> has been reported as a deceptive site and has been blocked based on your security preferences.">
+<!ENTITY safeb.blocked.phishingPage.longDesc2 "<p>Deceptive sites are designed to trick you into doing something dangerous, like installing software, or revealing your personal information, like passwords, phone numbers or credit cards.</p><p>Entering any information on this web page may result in identity theft or other fraud.</p>">
+
+<!ENTITY safeb.blocked.forbiddenPage.title2 "Blocked Site">
+<!-- Localization note (safeb.blocked.forbiddenPage.shortDesc2) - Please don't translate the contents of the <span id="forbidden_sitename"/> tag.  It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->
+<!ENTITY safeb.blocked.forbiddenPage.shortDesc2 "The Web page at <span id='forbidden_sitename'/> has been blocked by your admin profile.">
+
+<!ENTITY reportDeceptiveSite.label "Report deceptive site…">
+<!ENTITY reportDeceptiveSite.accesskey "d">
+<!ENTITY notADeceptiveSite.label "This isn't a deceptive site…">
+<!ENTITY notADeceptiveSite.accesskey "d">
 
-<!ENTITY reportPhishSite.label         "Report Web Forgery…">
-<!ENTITY reportPhishSite.accesskey     "F">
-<!ENTITY notAForgery.label             "This isn't a web forgery…">
-<!ENTITY notAForgery.accesskey         "f">

suite/themes/classic/communicator/blockedSite.css

@@ -11,9 +11,11 @@
   font-size: smaller;
 }
 
-/* the following two ids refer to <span> elements defined in safeBrowsing.dtd */
+/* the following ids refer to <span> elements defined in safeBrowsing.dtd */
 
 #malware_sitename,
-#phishing_sitename {
+#phishing_sitename,
+#unwanted_sitename,
+#forbidden_sitename {
   word-wrap: break-word;
 }

suite/themes/modern/communicator/blockedSite.css

@@ -13,6 +13,8 @@
 /* the following two ids refer to <span> elements defined in safeBrowsing.dtd */
 
 #malware_sitename,
-#phishing_sitename {
+#phishing_sitename,
+#unwanted_sitename,
+#forbidden_sitename {
   word-wrap: break-word;
 }